Skip to content

Commit

Permalink
Add taint cluster-api
Browse files Browse the repository at this point in the history
  • Loading branch information
vincentBaer authored and Vincent Baer committed Oct 10, 2023
1 parent 4e82d52 commit 0d48886
Showing 1 changed file with 351 additions and 0 deletions.
351 changes: 351 additions & 0 deletions example/cluster-machine-template-simple-taint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,351 @@
apiVersion: cluster.x-k8s.io/v1beta1
kind: Cluster
metadata:
name: cluster-api
namespace: default
labels:
cni: "cluster-api-crs-cni"
ccm: "cluster-api-crs-ccm"
spec:
clusterNetwork:
pods:
cidrBlocks: ["10.42.0.0/16"]
infrastructureRef:
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: OscCluster
name: cluster-api
namespace: default
controlPlaneRef:
kind: KubeadmControlPlane
apiVersion: controlplane.cluster.x-k8s.io/v1beta1
name: "cluster-api-control-plane"
namespace: default
---
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: OscCluster
metadata:
name: cluster-api
namespace: default
spec:
network:
clusterName: cluster-api
subregionName: eu-west-2a
loadBalancer:
loadbalancername: osc-k8s
loadbalancertype: internet-facing
subnetname: cluster-api-subnet-public
securitygroupname: cluster-api-securitygroup-lb
clusterName: cluster-api
net:
name: cluster-api-net
clusterName: cluster-api
ipRange: "10.0.0.0/16"
subnets:
- name: cluster-api-subnet-kcp
ipSubnetRange: "10.0.4.0/24"
- name: cluster-api-subnet-kw
ipSubnetRange: "10.0.3.0/24"
- name: cluster-api-subnet-public
ipSubnetRange: "10.0.2.0/24"
publicIps:
- name: cluster-api-publicip-nat
internetService:
clusterName: cluster-api
name: cluster-api-internetservice
natService:
clusterName: cluster-api
name: cluster-api-natservice
publicipname: cluster-api-publicip-nat
subnetname: cluster-api-subnet-public
bastion:
clusterName: cluster-api
enable: false
routeTables:
- name: cluster-api-routetable-kw
subnets:
- cluster-api-subnet-kw
routes:
- name: cluster-api-routes-kw
targetName: cluster-api-natservice
targetType: nat
destination: "0.0.0.0/0"
- name: cluster-api-routetable-kcp
subnets:
- cluster-api-subnet-kcp
routes:
- name: cluster-api-routes-kcp
targetName: cluster-api-natservice
targetType: nat
destination: "0.0.0.0/0"
- name: cluster-api-routetable-public
subnets:
- cluster-api-subnet-public
routes:
- name: cluster-api-routes-public
targetName: cluster-api-internetservice
targetType: gateway
destination: "0.0.0.0/0"
securityGroups:
- name: cluster-api-securitygroups-kw
description: Security Group with cluster-api
securityGroupRules:
- name: cluster-api-securitygrouprule-api-kubelet-kw
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.3.0/24"
fromPortRange: 10250
toPortRange: 10250
- name: cluster-api-securitygrouprule-api-kubelet-kcp
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.4.0/24"
fromPortRange: 10250
toPortRange: 10250
- name: cluster-api-securitygrouprule-kcp-nodeip-kw
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.3.0/24"
fromPortRange: 30000
toPortRange: 32767
- name: cluster-api-securitygrouprule-kcp-nodeip-kcp
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.4.0/24"
fromPortRange: 30000
toPortRange: 32767
- name: cluster-api-securitygrouprule-kw-bgp
flow: Inbound
ipProtocol: tcp
ipRange: "10.0.0.0/16"
fromPortRange: 179
toPortRange: 179
- name: cluster-api-securitygroups-kcp
description: Security Group with cluster-api
securityGroupRules:
- name: cluster-api-securitygrouprule-api-kw
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.3.0/24"
fromPortRange: 6443
toPortRange: 6443
- name: cluster-api-securitygrouprule-api-kcp
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.4.0/24"
fromPortRange: 6443
toPortRange: 6443
- name: cluster-api-securitygrouprule-etcd
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.4.0/24"
fromPortRange: 2378
toPortRange: 2379
- name: cluster-api-securitygrouprule-kubelet-kcp
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.4.0/24"
fromPortRange: 10250
toPortRange: 10252
- name: cluster-api-securitygrouprule-kcp-bgp
flow: Inbound
ipProtocol: tcp
ipRange: "10.0.0.0/16"
fromPortRange: 179
toPortRange: 179
- name: cluster-api-securitygrouprule-kw-nodeip-kw
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.3.0/24"
fromPortRange: 30000
toPortRange: 32767
- name: cluster-api-securitygrouprule-kw-nodeip-kcp
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.4.0/24"
fromPortRange: 30000
toPortRange: 32767
- name: cluster-api-securitygroup-lb
description: Security Group lb with cluster-api
securityGroupRules:
- name: cluste-api-securitygrouprule-lb
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "0.0.0.0/0"
fromPortRange: 6443
toPortRange: 6443
- name: cluster-api-securitygroups-node
description: Security Group node with cluster-api
tag: OscK8sMainSG
---
apiVersion: cluster.x-k8s.io/v1beta1
kind: MachineDeployment
metadata:
name: "cluster-api-md-0"
namespace: default
spec:
clusterName: "cluster-api"
replicas: 1
selector:
matchLabels:
template:
spec:
clusterName: "cluster-api"
version: "1.22.11"
bootstrap:
configRef:
name: "cluster-api-md-0"
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
kind: KubeadmConfigTemplate
namespace: default
infrastructureRef:
name: "cluster-api-md-0"
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: OscMachineTemplate
namespace: default
---
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: OscMachineTemplate
metadata:
name: "cluster-api-md-0"
namespace: default
spec:
template:
spec:
node:
clusterName: cluster-api
image:
name: ubuntu-2004-2004-kubernetes-v1.22.11-2022-08-22
keypair:
name: cluster-api
deleteKeypair: false
vm:
clusterName: cluster-api
name: cluster-api-vm-kw
keypairName: cluster-api
deviceName: /dev/sda1
rootDisk:
rootDiskSize: 30
rootDiskIops: 1500
rootDiskType: gp2
subnetName: cluster-api-subnet-kw
subregionName: eu-west-2a
securityGroupNames:
- name: cluster-api-securitygroups-kw
- name: cluster-api-securitygroups-node
vmType: "tinav4.c2r4p2"
---
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: OscMachineTemplate
metadata:
name: "cluster-api-control-plane"
namespace: default
spec:
template:
spec:
node:
clusterName: cluster-api
image:
name: ubuntu-2004-2004-kubernetes-v1.22.11-2022-08-22
keypair:
name: cluster-api
deleteKeypair: false
vm:
clusterName: cluster-api
name: cluster-api-vm-kcp
keypairName: cluster-api
rootDisk:
rootDiskSize: 30
rootDiskIops: 1500
rootDiskType: gp2
deviceName: /dev/sda1
subregionName: eu-west-2a
subnetName: cluster-api-subnet-kcp
role: controlplane
loadBalancerName: osc-k8s
securityGroupNames:
- name: cluster-api-securitygroups-kcp
- name: cluster-api-securitygroups-node
vmType: "tinav5.c4r8p1"
---
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
kind: KubeadmConfigTemplate
metadata:
name: "cluster-api-md-0"
namespace: default
spec:
template:
spec:
files:
- content: |
#!/bin/sh
curl https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.amd64 -Lo /tmp/runc.amd64
chmod +x /tmp/runc.amd64
cp -f /tmp/runc.amd64 /usr/local/sbin/runc
owner: root:root
path: /tmp/set_runc.sh
permissions: "0744"
joinConfiguration:
nodeRegistration:
name: "{{ ds.meta_data.local_hostname }}"
kubeletExtraArgs:
cloud-provider: external
provider-id: aws://'{{ ds.meta_data.placement.availability_zone }}'/'{{ ds.meta_data.instance_id }}'
preKubeadmCommands:
- sh /tmp/set_runc.sh
---
kind: KubeadmControlPlane
apiVersion: controlplane.cluster.x-k8s.io/v1beta1
metadata:
name: "cluster-api-control-plane"
spec:
replicas: 1
machineTemplate:
infrastructureRef:
kind: OscMachineTemplate
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
name: "cluster-api-control-plane"
namespace: default
kubeadmConfigSpec:
initConfiguration:
nodeRegistration:
taints:
- key: "key1"
value: "value1"
effect: "NoSchedule"
kubeletExtraArgs:
cloud-provider: external
provider-id: aws://'{{ ds.meta_data.placement.availability_zone }}'/'{{ ds.meta_data.instance_id }}'
name: '{{ ds.meta_data.local_hostname }}'
files:
- content: |
#!/bin/sh
curl https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.amd64 -Lo /tmp/runc.amd64
chmod +x /tmp/runc.amd64
cp -f /tmp/runc.amd64 /usr/local/sbin/runc
owner: root:root
path: /tmp/set_runc.sh
permissions: "0744"
joinConfiguration:
nodeRegistration:
taints:
- key: "key1"
value: "value1"
effect: "NoSchedule"
kubeletExtraArgs:
cloud-provider: external
provider-id: aws://'{{ ds.meta_data.placement.availability_zone }}'/'{{ ds.meta_data.instance_id }}'
preKubeadmCommands:
- sh /tmp/set_runc.sh
version: "1.22.11"

0 comments on commit 0d48886

Please sign in to comment.