From fc6a6c476b0ce03f01c05884300017d9a50d1b1c Mon Sep 17 00:00:00 2001 From: staebler Date: Wed, 23 Jan 2019 11:28:57 -0500 Subject: [PATCH 1/2] create: separate bootstrap and node ignition config assets into separate targets The Bootstrap Ignition asset is dependent upon the Master and Worker Ignition assets. It is problematic to have them all targeted by the same sub-command because it makes it difficult for a user to modify all of the ignition configs. These changes create a new sub-command that targets just the Master and Worker Ignition assets. The ignition-configs sub-command has been renamed to pre-cluster. This reflects that the sub-command targets more than just the Bootstrap Ignition asset, as it targets the kubeconfig and the metadata.json as well. The new sub-command has been named node-config. The ignitions-configs sub-command has been deprecated and will be rmeoved once it is no longer used. Fixes https://jira.coreos.com/browse/CORS-948 --- cmd/openshift-install/create.go | 26 ++++++++++++++++++++++++-- docs/user/overview.md | 3 ++- docs/user/versioning.md | 3 ++- pkg/asset/store/assetcreate_test.go | 8 ++++++++ pkg/asset/targets/targets.go | 15 ++++++++++++++- 5 files changed, 50 insertions(+), 5 deletions(-) diff --git a/cmd/openshift-install/create.go b/cmd/openshift-install/create.go index ce6c4f43c23..bd80c9917cd 100644 --- a/cmd/openshift-install/create.go +++ b/cmd/openshift-install/create.go @@ -79,13 +79,35 @@ var ( name: "Ignition Configs", command: &cobra.Command{ Use: "ignition-configs", - Short: "Generates the Ignition Config asset", + Short: "(deprecated) Generates the Ignition Config asset", // FIXME: add longer descriptions for our commands with examples for better UX. // Long: "", + PreRun: func(_ *cobra.Command, _ []string) { + logrus.Warning("The ignition-configs sub-command has been deprecated. Use the node-config or pre-cluster sub-commands instead.") + }, }, assets: targetassets.IgnitionConfigs, } + nodeConfigTarget = target{ + name: "Node Config", + command: &cobra.Command{ + Use: "node-config", + Short: "Generates the ignition configs for the master and worker nodes", + }, + assets: targetassets.NodeConfig, + } + + preClusterTarget = target{ + name: "Pre-Cluster", + command: &cobra.Command{ + Use: "pre-cluster", + Short: "Generates the final assets prior to the cluster", + Long: "Generates the bootstrap ignition config, the admin kubeconfig, and the metadata.json file.", + }, + assets: targetassets.PreCluster, + } + clusterTarget = target{ name: "Cluster", command: &cobra.Command{ @@ -131,7 +153,7 @@ var ( assets: targetassets.Cluster, } - targets = []target{installConfigTarget, manifestTemplatesTarget, manifestsTarget, ignitionConfigsTarget, clusterTarget} + targets = []target{installConfigTarget, manifestTemplatesTarget, nodeConfigTarget, manifestsTarget, ignitionConfigsTarget, preClusterTarget, clusterTarget} ) func newCreateCmd() *cobra.Command { diff --git a/docs/user/overview.md b/docs/user/overview.md index 4ff03e7d5cf..138b6f27381 100644 --- a/docs/user/overview.md +++ b/docs/user/overview.md @@ -38,9 +38,10 @@ The following targets can be created by the installer: - `install-config` - The install config contains the main parameters for the installation process. This configuration provides the user with more options than the interactive prompts and comes pre-populated with default values. - `manifest-templates` - These are the unrendered Kubernetes manifest templates that feed the `manifests` target. This target is [unstable](versioning.md). +- `node-config` - These are the Ignition Configs for the master and worker machines. - `manifests` - This target outputs all of the Kubernetes manifests that will be installed on the cluster. This target is [unstable](versioning.md). -- `ignition-configs` - These are the three Ignition Configs for the bootstrap, master, and worker machines. +- `pre-cluster` - These are all the finalized assets needed to create the cluster--the Ignition Config for the bootstrap, the kubeconfig, and the metadata for identifying the cluster resources. - `cluster` - This target provisions the cluster and its associated infrastructure. The following targets can be destroyed by the installer: diff --git a/docs/user/versioning.md b/docs/user/versioning.md index 368f008998b..3ec1cff0942 100644 --- a/docs/user/versioning.md +++ b/docs/user/versioning.md @@ -4,7 +4,8 @@ The installer uses [Semantic Versioning][semver] for its user-facing API. Covered by the versioning are: * `openshift-install [options] create install-config`, which will always create `install-config.yaml` in the asset directory, although the version of the generated install-config may change. -* `openshift-install [options] create ignition-configs`, which will always create `bootstrap.ign`, `master.ign`, and `worker.ign` in the asset directory, although the content of the generated files may change. +* `openshift-install [options] create node-config`, which will always create `master.ign` and `worker.ign` in the asset directory, although the content of the generated files may change. +* `openshift-install [options] create pre-cluster`, which will always create `bootstrap.ign`, `metadata.json`, and `auth/kubeconfig` in the asset directory, although the content of the generated files may change. * `openshift-install [options] create cluster`, which will always launch a new cluster. * `openshift-install [options] destroy bootstrap`, which will always destroy any bootstrap resources created for the cluster. * `openshift-install [options] destroy cluster`, which will always destroy the cluster resources. diff --git a/pkg/asset/store/assetcreate_test.go b/pkg/asset/store/assetcreate_test.go index acdbf6c0f0c..6a6467ff075 100644 --- a/pkg/asset/store/assetcreate_test.go +++ b/pkg/asset/store/assetcreate_test.go @@ -53,6 +53,14 @@ func TestCreatedAssetsAreNotDirty(t *testing.T) { name: "ignition configs", targets: targets.IgnitionConfigs, }, + { + name: "node configs", + targets: targets.NodeConfig, + }, + { + name: "pre-cluster", + targets: targets.PreCluster, + }, } for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { diff --git a/pkg/asset/targets/targets.go b/pkg/asset/targets/targets.go index bb153c322b4..802cfbaf453 100644 --- a/pkg/asset/targets/targets.go +++ b/pkg/asset/targets/targets.go @@ -46,7 +46,7 @@ var ( &openshift.RoleCloudCredsSecretReader{}, } - // IgnitionConfigs are the ignition-configs targeted assets. + // IgnitionConfigs are the (deprecated) ignition-configs targeted assets. IgnitionConfigs = []asset.WritableAsset{ &kubeconfig.Admin{}, &machine.Master{}, @@ -55,6 +55,19 @@ var ( &cluster.Metadata{}, } + // NodeConfig are the node-config targeted assets. + NodeConfig = []asset.WritableAsset{ + &machine.Master{}, + &machine.Worker{}, + } + + // PreCluster are the pre-cluster targeted assets. + PreCluster = []asset.WritableAsset{ + &kubeconfig.Admin{}, + &bootstrap.Bootstrap{}, + &cluster.Metadata{}, + } + // Cluster are the cluster targeted assets. Cluster = []asset.WritableAsset{ &cluster.TerraformVariables{}, From 69b980dbc96bb4aac16205b9ef5185a28e20365d Mon Sep 17 00:00:00 2001 From: staebler Date: Fri, 25 Jan 2019 21:33:19 -0500 Subject: [PATCH 2/2] docs: rebuild dependency graph The ignition-config was split into node-config and pre-cluster targets so the dependency graph needed to be updated. Generated with: $ openshift-install graph | dot -Tsvg >docs/design/resource_dep.svg using: $ dot -V dot - graphviz version 2.40.1 (20161225.0304) --- docs/design/resource_dep.svg | 2202 +++++++++++++++++++++------------- 1 file changed, 1392 insertions(+), 810 deletions(-) diff --git a/docs/design/resource_dep.svg b/docs/design/resource_dep.svg index b96324c0543..2bf1ec47c2f 100644 --- a/docs/design/resource_dep.svg +++ b/docs/design/resource_dep.svg @@ -1,1296 +1,1878 @@ - - - + + G - + cluster_Target - -Target + +Target cluster_bootkube - -bootkube + +bootkube cluster_bootstrap - -bootstrap + +bootstrap cluster_cluster - -cluster + +cluster cluster_installconfig - -installconfig + +installconfig cluster_kubeconfig - -kubeconfig + +kubeconfig cluster_machine - -machine + +machine cluster_machines - -machines + +machines cluster_manifests - -manifests + +manifests cluster_openshift - -openshift + +openshift cluster_password - -password + +password cluster_rhcos - -rhcos + +rhcos cluster_tls - -tls + +tls installconfig.InstallConfig - -installconfig.InstallConfig + +installconfig.InstallConfig Target Install Config - -Target Install Config + +Target Install Config installconfig.InstallConfig->Target Install Config - - + + - + +machine.Master + +machine.Master + + + +installconfig.InstallConfig->machine.Master + + + + + +machine.Worker + +machine.Worker + + + +installconfig.InstallConfig->machine.Worker + + + + + +machines.Master + +machines.Master + + + +installconfig.InstallConfig->machines.Master + + + + + +installconfig.ClusterID + +installconfig.ClusterID + + + +installconfig.InstallConfig->installconfig.ClusterID + + + + + +installconfig.PlatformCredsCheck + +installconfig.PlatformCredsCheck + + + +installconfig.InstallConfig->installconfig.PlatformCredsCheck + + + + + +rhcos.Image + +rhcos.Image + + + +installconfig.InstallConfig->rhcos.Image + + + + + manifests.Manifests - -manifests.Manifests + +manifests.Manifests - + installconfig.InstallConfig->manifests.Manifests - - + + - + manifests.Ingress - -manifests.Ingress + +manifests.Ingress - + installconfig.InstallConfig->manifests.Ingress - - + + - + manifests.DNS - -manifests.DNS + +manifests.DNS - + installconfig.InstallConfig->manifests.DNS - - + + - + manifests.Infrastructure - -manifests.Infrastructure + +manifests.Infrastructure - + installconfig.InstallConfig->manifests.Infrastructure - - + + - + manifests.Networking - -manifests.Networking + +manifests.Networking - + installconfig.InstallConfig->manifests.Networking - - - - - -tls.IngressCertKey - -tls.IngressCertKey - - - -installconfig.InstallConfig->tls.IngressCertKey - - + + - + tls.MCSCertKey - -tls.MCSCertKey + +tls.MCSCertKey - + installconfig.InstallConfig->tls.MCSCertKey - - + + - + manifests.Openshift - -manifests.Openshift + +manifests.Openshift - + installconfig.InstallConfig->manifests.Openshift - - - - - -manifests.ClusterK8sIO - -manifests.ClusterK8sIO - - - -installconfig.InstallConfig->manifests.ClusterK8sIO - - + + - + machines.Worker - -machines.Worker + +machines.Worker - -installconfig.InstallConfig->machines.Worker - - - - - -installconfig.PlatformCredsCheck - -installconfig.PlatformCredsCheck - - - -installconfig.InstallConfig->installconfig.PlatformCredsCheck - - - - - -rhcos.Image - -rhcos.Image - - - -installconfig.InstallConfig->rhcos.Image - - - - - -machine.Worker - -machine.Worker - - - -installconfig.InstallConfig->machine.Worker - - - - - -machines.Master - -machines.Master - - -installconfig.InstallConfig->machines.Master - - - - - -machine.Master - -machine.Master - - - -installconfig.InstallConfig->machine.Master - - +installconfig.InstallConfig->machines.Worker + + - + kubeconfig.Admin - -kubeconfig.Admin + +kubeconfig.Admin - + installconfig.InstallConfig->kubeconfig.Admin - - + + - + bootstrap.Bootstrap - -bootstrap.Bootstrap + +bootstrap.Bootstrap - + installconfig.InstallConfig->bootstrap.Bootstrap - - + + - - -tls.APIServerCertKey - -tls.APIServerCertKey + + +kubeconfig.AdminClient + +kubeconfig.AdminClient - - -installconfig.InstallConfig->tls.APIServerCertKey - - + + +installconfig.InstallConfig->kubeconfig.AdminClient + + kubeconfig.Kubelet - -kubeconfig.Kubelet + +kubeconfig.Kubelet - + installconfig.InstallConfig->kubeconfig.Kubelet - - + + + + + +kubeconfig.KubeletClient + +kubeconfig.KubeletClient + + + +installconfig.InstallConfig->kubeconfig.KubeletClient + + + + + +tls.APIServerCertKey + +tls.APIServerCertKey + + + +installconfig.InstallConfig->tls.APIServerCertKey + + + + + +tls.KubeAPIServerLBServerCertKey + +tls.KubeAPIServerLBServerCertKey + + + +installconfig.InstallConfig->tls.KubeAPIServerLBServerCertKey + + + + + +tls.KubeAPIServerServiceNetworkServerCertKey + +tls.KubeAPIServerServiceNetworkServerCertKey + + + +installconfig.InstallConfig->tls.KubeAPIServerServiceNetworkServerCertKey + + - + cluster.Metadata - -cluster.Metadata + +cluster.Metadata - + installconfig.InstallConfig->cluster.Metadata - - + + - + cluster.TerraformVariables - -cluster.TerraformVariables + +cluster.TerraformVariables - + installconfig.InstallConfig->cluster.TerraformVariables - - + + - + cluster.Cluster - -cluster.Cluster + +cluster.Cluster - + installconfig.InstallConfig->cluster.Cluster - - + + installconfig.sshPublicKey - -installconfig.sshPublicKey + +installconfig.sshPublicKey installconfig.sshPublicKey->installconfig.InstallConfig - - + + installconfig.baseDomain - -installconfig.baseDomain + +installconfig.baseDomain installconfig.baseDomain->installconfig.InstallConfig - - + + + + + +installconfig.clusterName + +installconfig.clusterName + + + +installconfig.baseDomain->installconfig.clusterName + + installconfig.platform - -installconfig.platform + +installconfig.platform - + installconfig.platform->installconfig.InstallConfig - - + + installconfig.platform->installconfig.baseDomain - - - - - -installconfig.clusterName - -installconfig.clusterName + + installconfig.clusterName->installconfig.InstallConfig - - + + installconfig.pullSecret - -installconfig.pullSecret + +installconfig.pullSecret - + installconfig.pullSecret->installconfig.InstallConfig - - + + bootkube.KubeCloudConfig - -bootkube.KubeCloudConfig + +bootkube.KubeCloudConfig Target Manifest templates - -Target Manifest templates + +Target Manifest templates - + bootkube.KubeCloudConfig->Target Manifest templates - - + + - + bootkube.KubeCloudConfig->manifests.Manifests - - + + bootkube.MachineConfigServerTLSSecret - -bootkube.MachineConfigServerTLSSecret + +bootkube.MachineConfigServerTLSSecret - + bootkube.MachineConfigServerTLSSecret->Target Manifest templates - - + + - + bootkube.MachineConfigServerTLSSecret->manifests.Manifests - - + + bootkube.Pull - -bootkube.Pull + +bootkube.Pull - + bootkube.Pull->Target Manifest templates - - + + - + bootkube.Pull->manifests.Manifests - - + + bootkube.CVOOverrides - -bootkube.CVOOverrides + +bootkube.CVOOverrides - + bootkube.CVOOverrides->Target Manifest templates - - + + - + bootkube.CVOOverrides->manifests.Manifests - - + + bootkube.HostEtcdServiceEndpointsKubeSystem - -bootkube.HostEtcdServiceEndpointsKubeSystem + +bootkube.HostEtcdServiceEndpointsKubeSystem - + bootkube.HostEtcdServiceEndpointsKubeSystem->Target Manifest templates - - + + - + bootkube.HostEtcdServiceEndpointsKubeSystem->manifests.Manifests - - + + bootkube.KubeSystemConfigmapEtcdServingCA - -bootkube.KubeSystemConfigmapEtcdServingCA + +bootkube.KubeSystemConfigmapEtcdServingCA - + bootkube.KubeSystemConfigmapEtcdServingCA->Target Manifest templates - - + + - + bootkube.KubeSystemConfigmapEtcdServingCA->manifests.Manifests - - + + bootkube.KubeSystemConfigmapRootCA - -bootkube.KubeSystemConfigmapRootCA + +bootkube.KubeSystemConfigmapRootCA - + bootkube.KubeSystemConfigmapRootCA->Target Manifest templates - - + + - + bootkube.KubeSystemConfigmapRootCA->manifests.Manifests - - + + bootkube.KubeSystemSecretEtcdClient - -bootkube.KubeSystemSecretEtcdClient + +bootkube.KubeSystemSecretEtcdClient - + bootkube.KubeSystemSecretEtcdClient->Target Manifest templates - - + + - + bootkube.KubeSystemSecretEtcdClient->manifests.Manifests - - + + bootkube.OpenshiftMachineConfigOperator - -bootkube.OpenshiftMachineConfigOperator + +bootkube.OpenshiftMachineConfigOperator - + bootkube.OpenshiftMachineConfigOperator->Target Manifest templates - - + + - + bootkube.OpenshiftMachineConfigOperator->manifests.Manifests - - + + bootkube.EtcdServiceKubeSystem - -bootkube.EtcdServiceKubeSystem + +bootkube.EtcdServiceKubeSystem - + bootkube.EtcdServiceKubeSystem->Target Manifest templates - - + + - + bootkube.EtcdServiceKubeSystem->manifests.Manifests - - + + bootkube.HostEtcdServiceKubeSystem - -bootkube.HostEtcdServiceKubeSystem + +bootkube.HostEtcdServiceKubeSystem - + bootkube.HostEtcdServiceKubeSystem->Target Manifest templates - - + + - + bootkube.HostEtcdServiceKubeSystem->manifests.Manifests - - + + openshift.BindingDiscovery - -openshift.BindingDiscovery + +openshift.BindingDiscovery - + openshift.BindingDiscovery->Target Manifest templates - - + + - + openshift.BindingDiscovery->manifests.Openshift - - + + openshift.CloudCredsSecret - -openshift.CloudCredsSecret + +openshift.CloudCredsSecret - + openshift.CloudCredsSecret->Target Manifest templates - - + + - + openshift.CloudCredsSecret->manifests.Openshift - - + + openshift.KubeadminPasswordSecret - -openshift.KubeadminPasswordSecret + +openshift.KubeadminPasswordSecret - + openshift.KubeadminPasswordSecret->Target Manifest templates - - + + - + openshift.KubeadminPasswordSecret->manifests.Openshift - - + + openshift.RoleCloudCredsSecretReader - -openshift.RoleCloudCredsSecretReader + +openshift.RoleCloudCredsSecretReader - + openshift.RoleCloudCredsSecretReader->Target Manifest templates - - + + - + openshift.RoleCloudCredsSecretReader->manifests.Openshift - - + + - + -Target Manifests - -Target Manifests +Target Node Config + +Target Node Config - - -manifests.Manifests->Target Manifests - - + + +machine.Master->Target Node Config + + - - -manifests.Manifests->bootstrap.Bootstrap - - + + +machine.Master->machines.Master + + - - -installconfig.ClusterID - -installconfig.ClusterID + + +Target Ignition Configs + +Target Ignition Configs - - -installconfig.ClusterID->manifests.Manifests - - - - - -installconfig.ClusterID->machines.Worker - - - - - -installconfig.ClusterID->machines.Master - - - - - -installconfig.ClusterID->cluster.Metadata - - + + +machine.Master->Target Ignition Configs + + - - -installconfig.ClusterID->cluster.TerraformVariables - - + + +machine.Master->cluster.TerraformVariables + + - - -installconfig.ClusterID->cluster.Cluster - - + + +tls.RootCA + +tls.RootCA - + -manifests.Ingress->manifests.Manifests - - - - - -manifests.DNS->manifests.Manifests - - - - - -manifests.Infrastructure->manifests.Manifests - - - - - -openshift.InfrastructureCRD - -openshift.InfrastructureCRD - - - -openshift.InfrastructureCRD->manifests.Infrastructure - - - - - -manifests.Networking->manifests.Manifests - - - - - -manifests.Networking->manifests.ClusterK8sIO - - - - - -openshift.NetworkCRDs - -openshift.NetworkCRDs - - - -openshift.NetworkCRDs->manifests.Networking - - +tls.RootCA->machine.Master + + - - -tls.RootCA - -tls.RootCA + + +tls.RootCA->machine.Worker + + - + tls.RootCA->manifests.Manifests - - + + - + tls.EtcdCA - -tls.EtcdCA + +tls.EtcdCA - + tls.RootCA->tls.EtcdCA - - - - - -tls.KubeCA - -tls.KubeCA - - - -tls.RootCA->tls.KubeCA - - + + - + tls.RootCA->tls.MCSCertKey - - - - - -tls.RootCA->machine.Worker - - - - - -tls.RootCA->machine.Master - - - - - -tls.RootCA->kubeconfig.Admin - - + + - + tls.RootCA->bootstrap.Bootstrap - - + + - + tls.AggregatorCA - -tls.AggregatorCA + +tls.AggregatorCA - + tls.RootCA->tls.AggregatorCA - - + + - + tls.JournalCertKey - -tls.JournalCertKey + +tls.JournalCertKey - + tls.RootCA->tls.JournalCertKey - - + + - - -tls.RootCA->kubeconfig.Kubelet - - + + +machine.Worker->Target Node Config + + - - -tls.EtcdCA->manifests.Manifests - - + + +machine.Worker->machines.Worker + + - - -tls.EtcdClientCertKey - -tls.EtcdClientCertKey + + +machine.Worker->Target Ignition Configs + + - - -tls.EtcdCA->tls.EtcdClientCertKey - - + + +Target Manifests + +Target Manifests - - -tls.EtcdCA->bootstrap.Bootstrap - - + + +machines.Master->Target Manifests + + - - -tls.IngressCertKey->manifests.Manifests - - + + +machines.Master->bootstrap.Bootstrap + + - - -tls.KubeCA->manifests.Manifests - - + + +machines.Master->cluster.TerraformVariables + + + + + +installconfig.ClusterID->machines.Master + + - + -tls.KubeCA->tls.IngressCertKey - - +installconfig.ClusterID->manifests.Manifests + + - - -tls.KubeletCertKey - -tls.KubeletCertKey + + +installconfig.ClusterID->manifests.DNS + + - + + +manifests.ClusterK8sIO + +manifests.ClusterK8sIO + + + +installconfig.ClusterID->manifests.ClusterK8sIO + + + + + +installconfig.ClusterID->machines.Worker + + + + + +installconfig.ClusterID->cluster.Metadata + + + + + +installconfig.ClusterID->cluster.TerraformVariables + + + + + +installconfig.ClusterID->cluster.Cluster + + + + + +installconfig.PlatformCredsCheck->machines.Master + + + + + +installconfig.PlatformCredsCheck->manifests.DNS + + + + + +installconfig.PlatformCredsCheck->machines.Worker + + + + + +installconfig.PlatformCredsCheck->cluster.Cluster + + + + + +rhcos.Image->machines.Master + + + + + +rhcos.Image->machines.Worker + + + + + +rhcos.Image->cluster.TerraformVariables + + + + + +manifests.Manifests->Target Manifests + + + + + +manifests.Manifests->bootstrap.Bootstrap + + + + + +manifests.Ingress->manifests.Manifests + + + + + +manifests.DNS->manifests.Manifests + + + + + +manifests.Infrastructure->manifests.Manifests + + + + -tls.KubeCA->tls.KubeletCertKey - - +manifests.Networking->manifests.Manifests + + - - -tls.AdminCertKey - -tls.AdminCertKey + + +manifests.Networking->manifests.ClusterK8sIO + + - - -tls.KubeCA->tls.AdminCertKey - - + + +openshift.NetworkCRDs + +openshift.NetworkCRDs - - -tls.KubeCA->bootstrap.Bootstrap - - + + +openshift.NetworkCRDs->manifests.Networking + + - - -tls.KubeCA->tls.APIServerCertKey - - + + +tls.EtcdCA->manifests.Manifests + + + + + +tls.EtcdClientCertKey + +tls.EtcdClientCertKey + + + +tls.EtcdCA->tls.EtcdClientCertKey + + + + + +tls.EtcdCA->bootstrap.Bootstrap + + - + tls.EtcdClientCertKey->manifests.Manifests - - + + - + tls.EtcdClientCertKey->bootstrap.Bootstrap - - + + - + tls.MCSCertKey->manifests.Manifests - - + + - + tls.MCSCertKey->bootstrap.Bootstrap - - - - - -tls.KubeletCertKey->manifests.Manifests - - - - - -tls.KubeletCertKey->bootstrap.Bootstrap - - - - - -tls.KubeletCertKey->kubeconfig.Kubelet - - + + - + manifests.Openshift->Target Manifests - - + + manifests.Openshift->bootstrap.Bootstrap - - + + - + manifests.ClusterK8sIO->manifests.Openshift - - + + - -machines.Worker->manifests.Openshift - - - - - -installconfig.PlatformCredsCheck->machines.Worker - - - - - -installconfig.PlatformCredsCheck->machines.Master - - - - - -installconfig.PlatformCredsCheck->cluster.Cluster - - - - - -rhcos.Image->machines.Worker - - - - - -rhcos.Image->machines.Master - - - - - -rhcos.Image->cluster.TerraformVariables - - - - - -machine.Worker->machines.Worker - - - - - -Target Ignition Configs - -Target Ignition Configs - - - -machine.Worker->Target Ignition Configs - - - - -machines.Master->manifests.Openshift - - - - - -machines.Master->cluster.TerraformVariables - - - - - -machine.Master->machines.Master - - - - - -machine.Master->Target Ignition Configs - - - - - -machine.Master->cluster.TerraformVariables - - +machines.Worker->manifests.Openshift + + - + password.KubeadminPassword - -password.KubeadminPassword + +password.KubeadminPassword - + password.KubeadminPassword->manifests.Openshift - - + + - + password.KubeadminPassword->cluster.Cluster - - + + - + kubeconfig.Admin->Target Ignition Configs - - + + - + kubeconfig.Admin->bootstrap.Bootstrap - - + + + + + +Target Pre-Cluster + +Target Pre-Cluster + + + +kubeconfig.Admin->Target Pre-Cluster + + - + Target Cluster - -Target Cluster + +Target Cluster - + kubeconfig.Admin->Target Cluster - - + + - - -tls.AdminCertKey->kubeconfig.Admin - - + + +tls.KubeCA + +tls.KubeCA + + + +tls.KubeCA->kubeconfig.Admin + + + + + +tls.AdminCertKey + +tls.AdminCertKey + + + +tls.KubeCA->tls.AdminCertKey + + + + + +tls.KubeCA->bootstrap.Bootstrap + + - + + +tls.KubeCA->kubeconfig.Kubelet + + + + + +tls.KubeletCertKey + +tls.KubeletCertKey + + -tls.AdminCertKey->bootstrap.Bootstrap - - +tls.KubeCA->tls.KubeletCertKey + + + + + +tls.KubeCA->tls.APIServerCertKey + + + + + +tls.AdminCertKey->kubeconfig.Admin + + - + bootstrap.Bootstrap->Target Ignition Configs - - + + + + + +bootstrap.Bootstrap->Target Pre-Cluster + + - + bootstrap.Bootstrap->cluster.TerraformVariables - - + + - + + +kubeconfig.AdminClient->bootstrap.Bootstrap + + + + + +tls.AdminKubeConfigClientCertKey + +tls.AdminKubeConfigClientCertKey + + + +tls.AdminKubeConfigClientCertKey->kubeconfig.AdminClient + + + + + +tls.AdminKubeConfigSignerCertKey + +tls.AdminKubeConfigSignerCertKey + + + +tls.AdminKubeConfigSignerCertKey->tls.AdminKubeConfigClientCertKey + + + + + +tls.AdminKubeConfigCABundle + +tls.AdminKubeConfigCABundle + + +tls.AdminKubeConfigSignerCertKey->tls.AdminKubeConfigCABundle + + + + + +tls.AdminKubeConfigCABundle->kubeconfig.AdminClient + + + + + +tls.KubeAPIServerLBSignerCertKey + +tls.KubeAPIServerLBSignerCertKey + + + +tls.KubeAPIServerLBSignerCertKey->bootstrap.Bootstrap + + + + + +tls.KubeAPIServerLBSignerCertKey->tls.AdminKubeConfigCABundle + + + + + +tls.KubeletClientCertKey + +tls.KubeletClientCertKey + + + +tls.KubeAPIServerLBSignerCertKey->tls.KubeletClientCertKey + + + + + +tls.KubeAPIServerLBCABundle + +tls.KubeAPIServerLBCABundle + + + +tls.KubeAPIServerLBSignerCertKey->tls.KubeAPIServerLBCABundle + + + + + +tls.KubeAPIServerLBSignerCertKey->tls.KubeAPIServerLBServerCertKey + + + + + +tls.KubeControlPlaneCABundle + +tls.KubeControlPlaneCABundle + + + +tls.KubeAPIServerLBSignerCertKey->tls.KubeControlPlaneCABundle + + + + + +tls.KubeAPIServerLocalhostSignerCertKey + +tls.KubeAPIServerLocalhostSignerCertKey + + + +tls.KubeAPIServerLocalhostSignerCertKey->bootstrap.Bootstrap + + + + + +tls.KubeAPIServerLocalhostSignerCertKey->tls.AdminKubeConfigCABundle + + + + + +tls.KubeAPIServerLocalhostSignerCertKey->tls.KubeletClientCertKey + + + + + +tls.KubeAPIServerLocalhostCABundle + +tls.KubeAPIServerLocalhostCABundle + + + +tls.KubeAPIServerLocalhostSignerCertKey->tls.KubeAPIServerLocalhostCABundle + + + + + +tls.KubeAPIServerLocalhostServerCertKey + +tls.KubeAPIServerLocalhostServerCertKey + + + +tls.KubeAPIServerLocalhostSignerCertKey->tls.KubeAPIServerLocalhostServerCertKey + + + + + +tls.KubeAPIServerLocalhostSignerCertKey->tls.KubeControlPlaneCABundle + + + + + +tls.KubeAPIServerServiceNetworkSignerCertKey + +tls.KubeAPIServerServiceNetworkSignerCertKey + + + +tls.KubeAPIServerServiceNetworkSignerCertKey->bootstrap.Bootstrap + + + + + +tls.KubeAPIServerServiceNetworkSignerCertKey->tls.AdminKubeConfigCABundle + + + + + +tls.KubeAPIServerServiceNetworkCABundle + +tls.KubeAPIServerServiceNetworkCABundle + + + +tls.KubeAPIServerServiceNetworkSignerCertKey->tls.KubeAPIServerServiceNetworkCABundle + + + + + +tls.KubeAPIServerServiceNetworkSignerCertKey->tls.KubeAPIServerServiceNetworkServerCertKey + + + + + +tls.KubeAPIServerServiceNetworkSignerCertKey->tls.KubeControlPlaneCABundle + + + + + +kubeconfig.Kubelet->bootstrap.Bootstrap + + + + + +tls.KubeletCertKey->bootstrap.Bootstrap + + + + + +tls.KubeletCertKey->kubeconfig.Kubelet + + + + + +kubeconfig.KubeletClient->bootstrap.Bootstrap + + + + + +tls.KubeletClientCABundle + +tls.KubeletClientCABundle + + + +tls.KubeletClientCABundle->bootstrap.Bootstrap + + + + + +tls.KubeletClientCABundle->kubeconfig.KubeletClient + + + + + +tls.KubeletCSRSignerCertKey + +tls.KubeletCSRSignerCertKey + + + +tls.KubeletCSRSignerCertKey->bootstrap.Bootstrap + + + + + +tls.KubeletCSRSignerCertKey->tls.KubeletClientCABundle + + + + + +tls.KubeletCSRSignerCertKey->tls.KubeletClientCertKey + + + + + +tls.KubeletServingCABundle + +tls.KubeletServingCABundle + + + +tls.KubeletCSRSignerCertKey->tls.KubeletServingCABundle + + + + + +tls.KubeletClientCertKey->bootstrap.Bootstrap + + + + + +tls.KubeletClientCertKey->kubeconfig.KubeletClient + + + + + tls.AggregatorCA->bootstrap.Bootstrap - - + + - + tls.APIServerProxyCertKey - -tls.APIServerProxyCertKey + +tls.APIServerProxyCertKey - + tls.AggregatorCA->tls.APIServerProxyCertKey - - + + + + + +tls.AggregatorCABundle + +tls.AggregatorCABundle + + + +tls.AggregatorCABundle->bootstrap.Bootstrap + + + + + +tls.AggregatorSignerCertKey + +tls.AggregatorSignerCertKey + + + +tls.AggregatorSignerCertKey->bootstrap.Bootstrap + + + + + +tls.AggregatorSignerCertKey->tls.AggregatorCABundle + + + + + +tls.AggregatorClientCertKey + +tls.AggregatorClientCertKey + + + +tls.AggregatorSignerCertKey->tls.AggregatorClientCertKey + + + + + +tls.AggregatorClientCertKey->bootstrap.Bootstrap + + - + tls.APIServerCertKey->bootstrap.Bootstrap - - + + - + tls.APIServerProxyCertKey->bootstrap.Bootstrap - - + + - - -tls.ServiceAccountKeyPair - -tls.ServiceAccountKeyPair + + +tls.EtcdCABundle + +tls.EtcdCABundle - - -tls.ServiceAccountKeyPair->bootstrap.Bootstrap - - + + +tls.EtcdCABundle->bootstrap.Bootstrap + + + + + +tls.EtcdSignerCertKey + +tls.EtcdSignerCertKey + + + +tls.EtcdSignerCertKey->bootstrap.Bootstrap + + + + + +tls.EtcdSignerCertKey->tls.EtcdCABundle + + + + + +tls.EtcdSignerClientCertKey + +tls.EtcdSignerClientCertKey + + + +tls.EtcdSignerCertKey->tls.EtcdSignerClientCertKey + + + + + +tls.EtcdSignerClientCertKey->bootstrap.Bootstrap + + - + tls.JournalCertKey->bootstrap.Bootstrap - - + + - + tls.JournalCertKey->Target Cluster - - + + + + + +tls.KubeAPIServerLBCABundle->bootstrap.Bootstrap + + + + + +tls.KubeAPIServerLBServerCertKey->bootstrap.Bootstrap + + + + + +tls.KubeAPIServerLocalhostCABundle->bootstrap.Bootstrap + + + + + +tls.KubeAPIServerLocalhostServerCertKey->bootstrap.Bootstrap + + + + + +tls.KubeAPIServerServiceNetworkCABundle->bootstrap.Bootstrap + + + + + +tls.KubeAPIServerServiceNetworkServerCertKey->bootstrap.Bootstrap + + + + + +tls.KubeAPIServerToKubeletCABundle + +tls.KubeAPIServerToKubeletCABundle + + + +tls.KubeAPIServerToKubeletCABundle->bootstrap.Bootstrap + + + + + +tls.KubeAPIServerToKubeletSignerCertKey + +tls.KubeAPIServerToKubeletSignerCertKey + + + +tls.KubeAPIServerToKubeletSignerCertKey->bootstrap.Bootstrap + + + + + +tls.KubeAPIServerToKubeletSignerCertKey->tls.KubeAPIServerToKubeletCABundle + + + + + +tls.KubeAPIServerToKubeletClientCertKey + +tls.KubeAPIServerToKubeletClientCertKey + + + +tls.KubeAPIServerToKubeletSignerCertKey->tls.KubeAPIServerToKubeletClientCertKey + + + + + +tls.KubeAPIServerToKubeletClientCertKey->bootstrap.Bootstrap + + + + + +tls.KubeControlPlaneCABundle->bootstrap.Bootstrap + + + + + +tls.KubeControlPlaneSignerCertKey + +tls.KubeControlPlaneSignerCertKey + + + +tls.KubeControlPlaneSignerCertKey->bootstrap.Bootstrap + + + + + +tls.KubeControlPlaneSignerCertKey->tls.KubeControlPlaneCABundle + + + + + +tls.KubeControlPlaneKubeControllerManagerClientCertKey + +tls.KubeControlPlaneKubeControllerManagerClientCertKey + + + +tls.KubeControlPlaneSignerCertKey->tls.KubeControlPlaneKubeControllerManagerClientCertKey + + + + + +tls.KubeControlPlaneKubeSchedulerClientCertKey + +tls.KubeControlPlaneKubeSchedulerClientCertKey + + + +tls.KubeControlPlaneSignerCertKey->tls.KubeControlPlaneKubeSchedulerClientCertKey + + + + + +tls.KubeControlPlaneKubeControllerManagerClientCertKey->bootstrap.Bootstrap + + + + + +tls.KubeControlPlaneKubeSchedulerClientCertKey->bootstrap.Bootstrap + + + + + +tls.KubeletServingCABundle->bootstrap.Bootstrap + + - - -kubeconfig.Kubelet->bootstrap.Bootstrap - - + + +tls.ServiceAccountKeyPair + +tls.ServiceAccountKeyPair + + + +tls.ServiceAccountKeyPair->bootstrap.Bootstrap + + - + cluster.Metadata->Target Ignition Configs - - + + + + + +cluster.Metadata->Target Pre-Cluster + + - + cluster.Metadata->Target Cluster - - + + - + cluster.TerraformVariables->Target Cluster - - + + - + cluster.TerraformVariables->cluster.Cluster - - + + - + cluster.Cluster->Target Cluster - - + +