Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proxy rename support #94

Merged
merged 1 commit into from
Mar 27, 2024
Merged

Proxy rename support #94

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions build.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ fn generate_protobuf_code() -> Result<()> {

prost_build.compile_protos(
&[
"k8s.io/api/batch/v1/generated.proto",
"k8s.io/api/core/v1/generated.proto",
"k8s.io/api/admissionregistration/v1/generated.proto",
"k8s.io/api/apps/v1/generated.proto",
Expand Down
101 changes: 101 additions & 0 deletions hack/dummy_config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
dry_run: false
etcd_endpoint: localhost:2379
crypto_dirs:
- backup/etc/kubernetes
- backup/var/lib/kubelet
- backup/etc/machine-config-daemon
crypto_files:
- backup/etc/mcs-machine-config-content.json
cluster_customization_dirs:
- backup/etc/kubernetes
- backup/var/lib/kubelet
- backup/etc/machine-config-daemon
- backup/etc/pki/ca-trust
cluster_customization_files:
- backup/etc/mcs-machine-config-content.json
- backup/etc/mco/proxy.env
cn_san_replace_rules:
- api-int.seed.redhat.com:api-int.new-name.foo.com
- api.seed.redhat.com:api.new-name.foo.com
- "*.apps.seed.redhat.com:*.apps.new-name.foo.com"
- 192.168.126.10:192.168.127.11
use_cert_rules:
- |
-----BEGIN CERTIFICATE-----
MIICyzCCAbMCFAoie5EUqnUAHimqxbJBHV0MGVbwMA0GCSqGSIb3DQEBCwUAMCIx
IDAeBgNVBAMMF2FkbWluLWt1YmVjb25maWctc2lnbmVyMB4XDTI0MDEwOTEzMTky
NVoXDTI0MDIwODEzMTkyNVowIjEgMB4GA1UEAwwXYWRtaW4ta3ViZWNvbmZpZy1z
aWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2fz96uc8fDoNV
RaBB9iQ+i5Y76IZf0XOdGID8WVaqPlqH+NgLUaFa39T+78FhZW3794Lbeyu/PnYT
ufMyKnJEulVO7W7gPHaqWyuN08/m6SH5ycTEgUAXK1q1yVR/vM6HnV/UPUCfbDaW
RFOrUgGNwNywhEjqyzyUxJFixxS6Rk7JmouROD2ciNhBn6wNFByVHN9j4nQUOhXC
A0JjuiPH7ybvcHjmg3mKDJusyVq4pl0faahOxn0doILfXaHHwRxyEnP3V3arpPer
FvwlHh2Cfat+ijFPSD9pN3KmoeAviOHZVLQ/jKzkQvzlvva3mhEpLE5Zje1lMpvq
fjDheW9bAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAC7oi/Ht0lidcx6XvOBz6W1m
LU02e2yHuDzw6E3WuNoqAdPpleFRV4mLDnv8mEavH5sje0L5veHtOq3Ny4pc06B+
ETB2aCW4GQ4mPvN9Jyi6sxLQQaVLpFrtPPB08NawNbbcYWUrAihO1uIXLhaCYZWw
H3aWlqRvGECazYZIPcFoV20jygrcwMhixSZjYyHhJN0LYO5sjiKcMnI8EkHuqE17
7CPogicZte+m49Mo+f7b8asmKBSafdTUSVAt9Q3Fc3PTJSMW5lxfx1vIR/og33WJ
BgIejfD1dYW2Fp02z5sF6Pw6vhobpfDYgsTAKNonh5P6NxMiD14eQxYrNJ6DAF0=
-----END CERTIFICATE-----
cluster_rename: new-name:foo.com:some-random-infra-id
hostname: test.hostname
ip: 192.168.126.99
proxy: http://registry.kni-qe-0.lab.eng.rdu2.redhat.com:3128|http://registry.kni-qe-0.lab.eng.rdu2.redhat.com:3130|.cluster.local,.kni-qe-2.lab.eng.rdu2.redhat.com,.svc,127.0.0.1,2620:52:0:11c::/64,2620:52:0:11c::1,2620:52:0:11c::10,2620:52:0:11c::11,2620:52:0:199::/64,api-int.kni-qe-2.lab.eng.rdu2.redhat.com,fd01::/48,fd02::/112,localhost|http://registry.kni-qe-0.lab.eng.rdu2.redhat.com:3128|http://registry.kni-qe-0.lab.eng.rdu2.redhat.com:3130|.cluster.local,.kni-qe-2.lab.eng.rdu2.redhat.com,.svc,127.0.0.1,2620:52:0:11c::/64,2620:52:0:11c::1,2620:52:0:11c::10,2620:52:0:11c::11,2620:52:0:199::/64,api-int.kni-qe-2.lab.eng.rdu2.redhat.com,fd01::/48,fd02::/112,localhost,moreproxy
install_config: dummy-install-config
kubeadmin_password_hash: "$2a$10$20Q4iRLy7cWZkjn/D07bF.RZQZonKwstyRGH0qiYbYRkx5Pe4Ztyi"
additional_trust_bundle: |
# Foo
-----BEGIN CERTIFICATE-----
MIIDZTCCAk2gAwIBAgIUP+AxIkXJXTEhNGLH2qjmE6Gp0fowDQYJKoZIhvcNAQEL
BQAwQjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UE
CgwTRGVmYXVsdCBDb21wYW55IEx0ZDAeFw0yNDAzMDExMDIyNTlaFw0yNTAzMDEx
MDIyNTlaMEIxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAa
BgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0wzg+7X2Amb5g60g0TstLgC0XnJRZq/YZUUsJMmm3qMb/+GYJ
AJzHxiycUfbRJtYvjx0SBmAX/kDRVCEQKcN5d/y3zeq709YO40kvouScfstsxM8l
PFLOmM8/Dqey1WblSJERBLbLherDnMwR7EMXkyZ/AfHUXmhVoIZE9ywsZpNcVW6Z
7x/+Izbj1s305vrxEkZDw6b3oMG5uooQgP5NZFXSamzJgviP0L/usvbRMtAWphoj
WhMeNuOdymLwRzm2l+2Qp/JDWktgHccmrbbi1c6pwhsIJBj4KOyb9zROTnYXyS/j
0b7GzVcffveV6E58rGa2ILyIsCv6gt8LgFnxAgMBAAGjUzBRMB0GA1UdDgQWBBQ5
nh0SeZxZ969ps+9ywPEoOVasxTAfBgNVHSMEGDAWgBQ5nh0SeZxZ969ps+9ywPEo
OVasxTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAWxsqfdm8h
AeNY8vPcRdtB9KYU5sZLs4NtlBFSdn+pHmeXZwwkjQDNhVcEMKdpZI4BpS11Ggwh
1d3BCCC/5M6yVqm+EMKJvA9VCeM8d1WJ1yVyXcgGuegf8kr3v+lr7Ll59qZGP5Ir
WwE8WRns7uFOCqYJCxo1VFXitZZuIugr3NUSimBPoJf1hDYdye3K3Q+grF2GyNII
5Yo+/VSR4ejIvJYAFp91Ycep7S0/+qhFpsjEG0Qw3Ly6WqQoCqdmIsyqFgWHsIlY
oJxV5wTX/c9DDZLR0VUD19aDV3B9kb7Cf+h7S4RsORWCyi7+58FKkkD6Ryc0I1K6
xw3RWhfd9o1d
-----END CERTIFICATE-----



# All
# the Bars
-----BEGIN CERTIFICATE-----
MIIDZTCCAk2gAwIBAgIULnisjJLte3Vvt4o1f+5vSQg542cwDQYJKoZIhvcNAQEL
BQAwQjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UE
CgwTRGVmYXVsdCBDb21wYW55IEx0ZDAeFw0yNDAzMDExMDI1MDFaFw0yNTAzMDEx
MDI1MDFaMEIxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAa
BgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2dhK7xTnoTB3wN1l3NsLTp5YR0KFfBTjMcDgSzUy/GN79c2cF
JzSuiYUi7SCmFjn3soNqpXHFzCox6KIs9R6PL4epaQM76EVG/Xy6mdDvFnZvqypi
wmK6J0AGajOxItYUGb2a3Zmt/2nliW6t8sW/vhovHRu7YROo4uJygIp2UUFct2Lk
8C7XkJX5RXW+sKTiNddIjhmDFD0vHfvNvQ6AIayJTmXy272+aqYNJWB2wS/2uD3Z
+WOpiINetCtkASoiE7nzBQw+WsTfeFJH2TnI5pnSaHdLRUQtzoLO0/FgQ5WBfJg5
aH03DLfQ9GEdzlsOkPOEgHXqDFMjTQCwcue3AgMBAAGjUzBRMB0GA1UdDgQWBBRd
0Zs+cm0gPHGKoQrerC18Pa3B3zAfBgNVHSMEGDAWgBRd0Zs+cm0gPHGKoQrerC18
Pa3B3zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAepPrWqB9h
JkqtgJrP8SkQVulTVKYj66J5JxM5vZR96Z4UnbA3WNxezev0jMCYuV0twHPN8avs
Jern+/n7vgQ3ziiLVdtrN8PqK1X1apSurVmaiIw4tRcv5TVL5OD95sTyJh5bUBpM
DGtCTraPZxLIDKm9byunobXtJVcutw4oHKtFy/LlFWePCnvFzvx6ZFswLAXgxhf9
EtjDf3v0cjDn9yRzjYFrwHiQ53A75YTwFyk21q7Gh1G0yspfBeq7cej2wK1PnfiC
42TI0UzcqRV4CWDoARMSV8yMLajZ0g1eEreUprwmFcOy17V7KCeV6E8lKb21OU8M
Ad9q3H0iXjct
-----END CERTIFICATE-----
summary_file: summary.yaml
summary_file_clean: summary_redacted.yaml
extend_expiration: true
force_expire: false
pull_secret: '{"auths":{"empty_registry":{"username":"empty","password":"empty","auth":"ZW1wdHk6ZW1wdHk=","email":""}}}'
threads: 1
104 changes: 4 additions & 100 deletions run_seed.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,106 +67,7 @@ sudo unshare --mount -- bash -c "mount --bind /dev/null .cargo/config.toml && su
if [[ -n "$WITH_CONFIG" ]]; then
echo "Using config"
# shellcheck disable=2016
RECERT_CONFIG=<(echo '
dry_run: false
etcd_endpoint: localhost:2379
crypto_dirs:
- backup/etc/kubernetes
- backup/var/lib/kubelet
- backup/etc/machine-config-daemon
crypto_files:
- backup/etc/mcs-machine-config-content.json
cluster_customization_dirs:
- backup/etc/kubernetes
- backup/var/lib/kubelet
- backup/etc/machine-config-daemon
- backup/etc/pki/ca-trust
cluster_customization_files:
- backup/etc/mcs-machine-config-content.json
cn_san_replace_rules:
- api-int.seed.redhat.com:api-int.new-name.foo.com
- api.seed.redhat.com:api.new-name.foo.com
- "*.apps.seed.redhat.com:*.apps.new-name.foo.com"
- 192.168.126.10:192.168.127.11
use_cert_rules:
- |
-----BEGIN CERTIFICATE-----
MIICyzCCAbMCFAoie5EUqnUAHimqxbJBHV0MGVbwMA0GCSqGSIb3DQEBCwUAMCIx
IDAeBgNVBAMMF2FkbWluLWt1YmVjb25maWctc2lnbmVyMB4XDTI0MDEwOTEzMTky
NVoXDTI0MDIwODEzMTkyNVowIjEgMB4GA1UEAwwXYWRtaW4ta3ViZWNvbmZpZy1z
aWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2fz96uc8fDoNV
RaBB9iQ+i5Y76IZf0XOdGID8WVaqPlqH+NgLUaFa39T+78FhZW3794Lbeyu/PnYT
ufMyKnJEulVO7W7gPHaqWyuN08/m6SH5ycTEgUAXK1q1yVR/vM6HnV/UPUCfbDaW
RFOrUgGNwNywhEjqyzyUxJFixxS6Rk7JmouROD2ciNhBn6wNFByVHN9j4nQUOhXC
A0JjuiPH7ybvcHjmg3mKDJusyVq4pl0faahOxn0doILfXaHHwRxyEnP3V3arpPer
FvwlHh2Cfat+ijFPSD9pN3KmoeAviOHZVLQ/jKzkQvzlvva3mhEpLE5Zje1lMpvq
fjDheW9bAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAC7oi/Ht0lidcx6XvOBz6W1m
LU02e2yHuDzw6E3WuNoqAdPpleFRV4mLDnv8mEavH5sje0L5veHtOq3Ny4pc06B+
ETB2aCW4GQ4mPvN9Jyi6sxLQQaVLpFrtPPB08NawNbbcYWUrAihO1uIXLhaCYZWw
H3aWlqRvGECazYZIPcFoV20jygrcwMhixSZjYyHhJN0LYO5sjiKcMnI8EkHuqE17
7CPogicZte+m49Mo+f7b8asmKBSafdTUSVAt9Q3Fc3PTJSMW5lxfx1vIR/og33WJ
BgIejfD1dYW2Fp02z5sF6Pw6vhobpfDYgsTAKNonh5P6NxMiD14eQxYrNJ6DAF0=
-----END CERTIFICATE-----
cluster_rename: new-name:foo.com:some-random-infra-id
hostname: test.hostname
ip: 192.168.126.99
kubeadmin_password_hash: "$2a$10$20Q4iRLy7cWZkjn/D07bF.RZQZonKwstyRGH0qiYbYRkx5Pe4Ztyi"
additional_trust_bundle: |
# Foo
-----BEGIN CERTIFICATE-----
MIIDZTCCAk2gAwIBAgIUP+AxIkXJXTEhNGLH2qjmE6Gp0fowDQYJKoZIhvcNAQEL
BQAwQjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UE
CgwTRGVmYXVsdCBDb21wYW55IEx0ZDAeFw0yNDAzMDExMDIyNTlaFw0yNTAzMDEx
MDIyNTlaMEIxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAa
BgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0wzg+7X2Amb5g60g0TstLgC0XnJRZq/YZUUsJMmm3qMb/+GYJ
AJzHxiycUfbRJtYvjx0SBmAX/kDRVCEQKcN5d/y3zeq709YO40kvouScfstsxM8l
PFLOmM8/Dqey1WblSJERBLbLherDnMwR7EMXkyZ/AfHUXmhVoIZE9ywsZpNcVW6Z
7x/+Izbj1s305vrxEkZDw6b3oMG5uooQgP5NZFXSamzJgviP0L/usvbRMtAWphoj
WhMeNuOdymLwRzm2l+2Qp/JDWktgHccmrbbi1c6pwhsIJBj4KOyb9zROTnYXyS/j
0b7GzVcffveV6E58rGa2ILyIsCv6gt8LgFnxAgMBAAGjUzBRMB0GA1UdDgQWBBQ5
nh0SeZxZ969ps+9ywPEoOVasxTAfBgNVHSMEGDAWgBQ5nh0SeZxZ969ps+9ywPEo
OVasxTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAWxsqfdm8h
AeNY8vPcRdtB9KYU5sZLs4NtlBFSdn+pHmeXZwwkjQDNhVcEMKdpZI4BpS11Ggwh
1d3BCCC/5M6yVqm+EMKJvA9VCeM8d1WJ1yVyXcgGuegf8kr3v+lr7Ll59qZGP5Ir
WwE8WRns7uFOCqYJCxo1VFXitZZuIugr3NUSimBPoJf1hDYdye3K3Q+grF2GyNII
5Yo+/VSR4ejIvJYAFp91Ycep7S0/+qhFpsjEG0Qw3Ly6WqQoCqdmIsyqFgWHsIlY
oJxV5wTX/c9DDZLR0VUD19aDV3B9kb7Cf+h7S4RsORWCyi7+58FKkkD6Ryc0I1K6
xw3RWhfd9o1d
-----END CERTIFICATE-----



# All
# the Bars
-----BEGIN CERTIFICATE-----
MIIDZTCCAk2gAwIBAgIULnisjJLte3Vvt4o1f+5vSQg542cwDQYJKoZIhvcNAQEL
BQAwQjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UE
CgwTRGVmYXVsdCBDb21wYW55IEx0ZDAeFw0yNDAzMDExMDI1MDFaFw0yNTAzMDEx
MDI1MDFaMEIxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAa
BgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2dhK7xTnoTB3wN1l3NsLTp5YR0KFfBTjMcDgSzUy/GN79c2cF
JzSuiYUi7SCmFjn3soNqpXHFzCox6KIs9R6PL4epaQM76EVG/Xy6mdDvFnZvqypi
wmK6J0AGajOxItYUGb2a3Zmt/2nliW6t8sW/vhovHRu7YROo4uJygIp2UUFct2Lk
8C7XkJX5RXW+sKTiNddIjhmDFD0vHfvNvQ6AIayJTmXy272+aqYNJWB2wS/2uD3Z
+WOpiINetCtkASoiE7nzBQw+WsTfeFJH2TnI5pnSaHdLRUQtzoLO0/FgQ5WBfJg5
aH03DLfQ9GEdzlsOkPOEgHXqDFMjTQCwcue3AgMBAAGjUzBRMB0GA1UdDgQWBBRd
0Zs+cm0gPHGKoQrerC18Pa3B3zAfBgNVHSMEGDAWgBRd0Zs+cm0gPHGKoQrerC18
Pa3B3zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAepPrWqB9h
JkqtgJrP8SkQVulTVKYj66J5JxM5vZR96Z4UnbA3WNxezev0jMCYuV0twHPN8avs
Jern+/n7vgQ3ziiLVdtrN8PqK1X1apSurVmaiIw4tRcv5TVL5OD95sTyJh5bUBpM
DGtCTraPZxLIDKm9byunobXtJVcutw4oHKtFy/LlFWePCnvFzvx6ZFswLAXgxhf9
EtjDf3v0cjDn9yRzjYFrwHiQ53A75YTwFyk21q7Gh1G0yspfBeq7cej2wK1PnfiC
42TI0UzcqRV4CWDoARMSV8yMLajZ0g1eEreUprwmFcOy17V7KCeV6E8lKb21OU8M
Ad9q3H0iXjct
-----END CERTIFICATE-----
summary_file: summary.yaml
summary_file_clean: summary_redacted.yaml
extend_expiration: true
force_expire: false
pull_secret: "{\"auths\":{\"empty_registry\":{\"username\":\"empty\",\"password\":\"empty\",\"auth\":\"ZW1wdHk6ZW1wdHk=\",\"email\":\"\"}}}"
threads: 1
') cargo run --release
RECERT_CONFIG="$SCRIPT_DIR/hack/dummy_config.yaml" cargo run --release
else
# shellcheck disable=2016
cargo run -- \
Expand All @@ -182,6 +83,7 @@ else
--cluster-customization-dir backup/etc/machine-config-daemon \
--cluster-customization-dir backup/etc/pki/ca-trust \
--cluster-customization-file backup/etc/mcs-machine-config-content.json \
--cluster-customization-file backup/etc/mco/proxy.env \
\
--cn-san-replace api-int.seed.redhat.com:api-int.new-name.foo.com \
--cn-san-replace api.seed.redhat.com:api.new-name.foo.com \
Expand All @@ -192,6 +94,8 @@ else
--cluster-rename new-name:foo.com:some-random-infra-id \
--hostname test.hostname \
--ip 192.168.126.99 \
--proxy 'http://registry.kni-qe-0.lab.eng.rdu2.redhat.com:3128|http://registry.kni-qe-0.lab.eng.rdu2.redhat.com:3130|.cluster.local,.kni-qe-2.lab.eng.rdu2.redhat.com,.svc,127.0.0.1,2620:52:0:11c::/64,2620:52:0:11c::1,2620:52:0:11c::10,2620:52:0:11c::11,2620:52:0:199::/64,api-int.kni-qe-2.lab.eng.rdu2.redhat.com,fd01::/48,fd02::/112,localhost|http://registry.kni-qe-0.lab.eng.rdu2.redhat.com:3128|http://registry.kni-qe-0.lab.eng.rdu2.redhat.com:3130|.cluster.local,.kni-qe-2.lab.eng.rdu2.redhat.com,.svc,127.0.0.1,2620:52:0:11c::/64,2620:52:0:11c::1,2620:52:0:11c::10,2620:52:0:11c::11,2620:52:0:199::/64,api-int.kni-qe-2.lab.eng.rdu2.redhat.com,fd01::/48,fd02::/112,localhost,moreproxy' \
--install-config 'dummy-install-config' \
--kubeadmin-password-hash '$2a$10$20Q4iRLy7cWZkjn/D07bF.RZQZonKwstyRGH0qiYbYRkx5Pe4Ztyi' \
--additional-trust-bundle ./hack/dummy_trust_bundle.pem \
--pull-secret '{"auths":{"empty_registry":{"username":"empty","password":"empty","auth":"ZW1wdHk6ZW1wdHk=","email":""}}}' \
Expand Down
1 change: 1 addition & 0 deletions src/cluster_crypto/locations.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -483,6 +483,7 @@ impl K8sResourceLocation {
Some(apiversion_first_component_value) => {
match apiversion_first_component_value {
"operator.openshift.io"
| "monitoring.coreos.com"
| "apiregistration.k8s.io"
| "machineconfiguration.openshift.io"
| "config.openshift.io"
Expand Down
20 changes: 19 additions & 1 deletion src/config.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ use self::{cli::Cli, path::ConfigPath};
use crate::{
cluster_crypto::REDACT_SECRETS,
cnsanreplace::{CnSanReplace, CnSanReplaceRules},
ocp_postprocess::cluster_domain_rename::params::ClusterNamesRename,
ocp_postprocess::{cluster_domain_rename::params::ClusterNamesRename, proxy_rename::args::Proxy},
use_cert::{UseCert, UseCertRules},
use_key::{UseKey, UseKeyRules},
};
Expand Down Expand Up @@ -38,6 +38,8 @@ pub(crate) struct ClusterCustomizations {
pub(crate) cluster_rename: Option<ClusterNamesRename>,
pub(crate) hostname: Option<String>,
pub(crate) ip: Option<String>,
pub(crate) proxy: Option<Proxy>,
pub(crate) install_config: Option<String>,
pub(crate) kubeadmin_password_hash: Option<String>,
#[serde(serialize_with = "redact")]
pub(crate) pull_secret: Option<String>,
Expand Down Expand Up @@ -138,6 +140,8 @@ impl RecertConfig {
kubeadmin_password_hash: None,
pull_secret: None,
additional_trust_bundle: None,
proxy: None,
install_config: None,
},
threads: None,
regenerate_server_ssh_keys: None,
Expand Down Expand Up @@ -196,6 +200,16 @@ impl RecertConfig {
Some(value) => Some(value.as_str().context("pull_secret must be a string")?.to_string()),
None => None,
};
let proxy = match value.remove("proxy") {
Some(value) => Some(
Proxy::parse(value.as_str().context("proxy must be a string")?).context(format!("proxy {}", value.as_str().unwrap()))?,
),
None => None,
};
let install_config = match value.remove("install_config") {
Some(value) => Some(value.as_str().context("install_config must be a string")?.to_string()),
None => None,
};
let set_kubeadmin_password_hash = match value.remove("kubeadmin_password_hash") {
Some(value) => Some(value.as_str().context("set_kubeadmin_password_hash must be a string")?.to_string()),
None => None,
Expand Down Expand Up @@ -257,6 +271,8 @@ impl RecertConfig {
kubeadmin_password_hash: set_kubeadmin_password_hash,
pull_secret,
additional_trust_bundle,
proxy,
install_config,
};

let recert_config = Self {
Expand Down Expand Up @@ -326,6 +342,8 @@ impl RecertConfig {
cluster_rename: cli.cluster_rename,
hostname: cli.hostname,
ip: cli.ip,
proxy: cli.proxy,
install_config: cli.install_config,
kubeadmin_password_hash: cli.kubeadmin_password_hash,
pull_secret: cli.pull_secret,
additional_trust_bundle: cli.additional_trust_bundle,
Expand Down
13 changes: 12 additions & 1 deletion src/config/cli.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
use crate::{
cnsanreplace::CnSanReplace, ocp_postprocess::cluster_domain_rename::params::ClusterNamesRename, use_cert::UseCert, use_key::UseKey,
cnsanreplace::CnSanReplace,
ocp_postprocess::{cluster_domain_rename::params::ClusterNamesRename, proxy_rename::args::Proxy},
use_cert::UseCert,
use_key::UseKey,
};
use clap::Parser;
use clio::ClioPath;
Expand Down Expand Up @@ -67,6 +70,14 @@ pub(crate) struct Cli {
#[clap(long)]
pub(crate) ip: Option<String>,

/// If given, the cluster's HTTP proxy configuration will be modified to use this one instead.
#[clap(long, value_parser = Proxy::parse)]
pub(crate) proxy: Option<Proxy>,

/// If given, the cluster's install-config configmaps be modified to have this value.
#[clap(long)]
pub(crate) install_config: Option<String>,

/// Modify the OCP kubeadmin password secret hash. If given but empty, the kubeadmin password
/// secret will be deleted (thus disabling password login). If given and non-empty, the secret
/// will be updated with the given password hash, unless no existing kubeadmin secret resource
Expand Down
15 changes: 14 additions & 1 deletion src/etcd_encoding.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,8 @@ use super::protobuf_gen::{
k8s::io::{
api::{
admissionregistration::v1::{MutatingWebhookConfiguration, ValidatingWebhookConfiguration},
apps::v1::{DaemonSet, Deployment},
apps::v1::{ControllerRevision, DaemonSet, Deployment, StatefulSet},
batch::v1::{CronJob, Job},
core::v1::{ConfigMap, Secret},
},
apimachinery::pkg::runtime::{TypeMeta, Unknown},
Expand Down Expand Up @@ -50,6 +51,10 @@ macro_rules! k8s_type {
k8s_type!(RouteWithMeta, Route);
k8s_type!(DaemonsSetWithMeta, DaemonSet);
k8s_type!(DeploymentWithMeta, Deployment);
k8s_type!(ControllerRevisionWithMeta, ControllerRevision);
k8s_type!(JobWithMeta, Job);
k8s_type!(CronJobWithMeta, CronJob);
k8s_type!(StatefulSetWithMeta, StatefulSet);
k8s_type!(ConfigMapWithMeta, ConfigMap);
k8s_type!(SecretWithMeta, Secret);
k8s_type!(ValidatingWebhookConfigurationWithMeta, ValidatingWebhookConfiguration);
Expand All @@ -67,6 +72,10 @@ pub(crate) async fn decode(data: &[u8]) -> Result<Vec<u8>> {
Ok(match kind {
"Route" => serde_json::to_vec(&RouteWithMeta::try_from(unknown)?)?,
"Deployment" => serde_json::to_vec(&DeploymentWithMeta::try_from(unknown)?)?,
"ControllerRevision" => serde_json::to_vec(&ControllerRevisionWithMeta::try_from(unknown)?)?,
"Job" => serde_json::to_vec(&JobWithMeta::try_from(unknown)?)?,
"CronJob" => serde_json::to_vec(&CronJobWithMeta::try_from(unknown)?)?,
"StatefulSet" => serde_json::to_vec(&StatefulSetWithMeta::try_from(unknown)?)?,
"DaemonSet" => serde_json::to_vec(&DaemonsSetWithMeta::try_from(unknown)?)?,
"ConfigMap" => serde_json::to_vec(&ConfigMapWithMeta::try_from(unknown)?)?,
"Secret" => serde_json::to_vec(&SecretWithMeta::try_from(unknown)?)?,
Expand All @@ -93,6 +102,10 @@ pub(crate) async fn encode(data: &[u8]) -> Result<Vec<u8>> {
"Route" => Unknown::from(serde_json::from_slice::<RouteWithMeta>(data)?),
"Secret" => Unknown::from(serde_json::from_slice::<SecretWithMeta>(data)?),
"Deployment" => Unknown::from(serde_json::from_slice::<DeploymentWithMeta>(data)?),
"ControllerRevision" => Unknown::from(serde_json::from_slice::<ControllerRevisionWithMeta>(data)?),
"Job" => Unknown::from(serde_json::from_slice::<JobWithMeta>(data)?),
"CronJob" => Unknown::from(serde_json::from_slice::<CronJobWithMeta>(data)?),
"StatefulSet" => Unknown::from(serde_json::from_slice::<StatefulSetWithMeta>(data)?),
"DaemonSet" => Unknown::from(serde_json::from_slice::<DaemonsSetWithMeta>(data)?),
"ValidatingWebhookConfiguration" => Unknown::from(serde_json::from_slice::<ValidatingWebhookConfigurationWithMeta>(data)?),
"MutatingWebhookConfiguration" => Unknown::from(serde_json::from_slice::<MutatingWebhookConfigurationWithMeta>(data)?),
Expand Down
Loading
Loading