From 0d48886e1fb5945ea789e971de4e62721fe2686c Mon Sep 17 00:00:00 2001 From: "vincent.baer" Date: Mon, 2 Oct 2023 12:17:05 +0000 Subject: [PATCH] Add taint cluster-api --- ...cluster-machine-template-simple-taint.yaml | 351 ++++++++++++++++++ 1 file changed, 351 insertions(+) create mode 100644 example/cluster-machine-template-simple-taint.yaml diff --git a/example/cluster-machine-template-simple-taint.yaml b/example/cluster-machine-template-simple-taint.yaml new file mode 100644 index 000000000..c38dea3d6 --- /dev/null +++ b/example/cluster-machine-template-simple-taint.yaml @@ -0,0 +1,351 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: cluster-api + namespace: default + labels: + cni: "cluster-api-crs-cni" + ccm: "cluster-api-crs-ccm" +spec: + clusterNetwork: + pods: + cidrBlocks: ["10.42.0.0/16"] + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OscCluster + name: cluster-api + namespace: default + controlPlaneRef: + kind: KubeadmControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + name: "cluster-api-control-plane" + namespace: default +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: OscCluster +metadata: + name: cluster-api + namespace: default +spec: + network: + clusterName: cluster-api + subregionName: eu-west-2a + loadBalancer: + loadbalancername: osc-k8s + loadbalancertype: internet-facing + subnetname: cluster-api-subnet-public + securitygroupname: cluster-api-securitygroup-lb + clusterName: cluster-api + net: + name: cluster-api-net + clusterName: cluster-api + ipRange: "10.0.0.0/16" + subnets: + - name: cluster-api-subnet-kcp + ipSubnetRange: "10.0.4.0/24" + - name: cluster-api-subnet-kw + ipSubnetRange: "10.0.3.0/24" + - name: cluster-api-subnet-public + ipSubnetRange: "10.0.2.0/24" + publicIps: + - name: cluster-api-publicip-nat + internetService: + clusterName: cluster-api + name: cluster-api-internetservice + natService: + clusterName: cluster-api + name: cluster-api-natservice + publicipname: cluster-api-publicip-nat + subnetname: cluster-api-subnet-public + bastion: + clusterName: cluster-api + enable: false + routeTables: + - name: cluster-api-routetable-kw + subnets: + - cluster-api-subnet-kw + routes: + - name: cluster-api-routes-kw + targetName: cluster-api-natservice + targetType: nat + destination: "0.0.0.0/0" + - name: cluster-api-routetable-kcp + subnets: + - cluster-api-subnet-kcp + routes: + - name: cluster-api-routes-kcp + targetName: cluster-api-natservice + targetType: nat + destination: "0.0.0.0/0" + - name: cluster-api-routetable-public + subnets: + - cluster-api-subnet-public + routes: + - name: cluster-api-routes-public + targetName: cluster-api-internetservice + targetType: gateway + destination: "0.0.0.0/0" + securityGroups: + - name: cluster-api-securitygroups-kw + description: Security Group with cluster-api + securityGroupRules: + - name: cluster-api-securitygrouprule-api-kubelet-kw + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.3.0/24" + fromPortRange: 10250 + toPortRange: 10250 + - name: cluster-api-securitygrouprule-api-kubelet-kcp + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.4.0/24" + fromPortRange: 10250 + toPortRange: 10250 + - name: cluster-api-securitygrouprule-kcp-nodeip-kw + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.3.0/24" + fromPortRange: 30000 + toPortRange: 32767 + - name: cluster-api-securitygrouprule-kcp-nodeip-kcp + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.4.0/24" + fromPortRange: 30000 + toPortRange: 32767 + - name: cluster-api-securitygrouprule-kw-bgp + flow: Inbound + ipProtocol: tcp + ipRange: "10.0.0.0/16" + fromPortRange: 179 + toPortRange: 179 + - name: cluster-api-securitygroups-kcp + description: Security Group with cluster-api + securityGroupRules: + - name: cluster-api-securitygrouprule-api-kw + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.3.0/24" + fromPortRange: 6443 + toPortRange: 6443 + - name: cluster-api-securitygrouprule-api-kcp + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.4.0/24" + fromPortRange: 6443 + toPortRange: 6443 + - name: cluster-api-securitygrouprule-etcd + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.4.0/24" + fromPortRange: 2378 + toPortRange: 2379 + - name: cluster-api-securitygrouprule-kubelet-kcp + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.4.0/24" + fromPortRange: 10250 + toPortRange: 10252 + - name: cluster-api-securitygrouprule-kcp-bgp + flow: Inbound + ipProtocol: tcp + ipRange: "10.0.0.0/16" + fromPortRange: 179 + toPortRange: 179 + - name: cluster-api-securitygrouprule-kw-nodeip-kw + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.3.0/24" + fromPortRange: 30000 + toPortRange: 32767 + - name: cluster-api-securitygrouprule-kw-nodeip-kcp + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.4.0/24" + fromPortRange: 30000 + toPortRange: 32767 + - name: cluster-api-securitygroup-lb + description: Security Group lb with cluster-api + securityGroupRules: + - name: cluste-api-securitygrouprule-lb + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "0.0.0.0/0" + fromPortRange: 6443 + toPortRange: 6443 + - name: cluster-api-securitygroups-node + description: Security Group node with cluster-api + tag: OscK8sMainSG +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: "cluster-api-md-0" + namespace: default +spec: + clusterName: "cluster-api" + replicas: 1 + selector: + matchLabels: + template: + spec: + clusterName: "cluster-api" + version: "1.22.11" + bootstrap: + configRef: + name: "cluster-api-md-0" + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + namespace: default + infrastructureRef: + name: "cluster-api-md-0" + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OscMachineTemplate + namespace: default +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: OscMachineTemplate +metadata: + name: "cluster-api-md-0" + namespace: default +spec: + template: + spec: + node: + clusterName: cluster-api + image: + name: ubuntu-2004-2004-kubernetes-v1.22.11-2022-08-22 + keypair: + name: cluster-api + deleteKeypair: false + vm: + clusterName: cluster-api + name: cluster-api-vm-kw + keypairName: cluster-api + deviceName: /dev/sda1 + rootDisk: + rootDiskSize: 30 + rootDiskIops: 1500 + rootDiskType: gp2 + subnetName: cluster-api-subnet-kw + subregionName: eu-west-2a + securityGroupNames: + - name: cluster-api-securitygroups-kw + - name: cluster-api-securitygroups-node + vmType: "tinav4.c2r4p2" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: OscMachineTemplate +metadata: + name: "cluster-api-control-plane" + namespace: default +spec: + template: + spec: + node: + clusterName: cluster-api + image: + name: ubuntu-2004-2004-kubernetes-v1.22.11-2022-08-22 + keypair: + name: cluster-api + deleteKeypair: false + vm: + clusterName: cluster-api + name: cluster-api-vm-kcp + keypairName: cluster-api + rootDisk: + rootDiskSize: 30 + rootDiskIops: 1500 + rootDiskType: gp2 + deviceName: /dev/sda1 + subregionName: eu-west-2a + subnetName: cluster-api-subnet-kcp + role: controlplane + loadBalancerName: osc-k8s + securityGroupNames: + - name: cluster-api-securitygroups-kcp + - name: cluster-api-securitygroups-node + vmType: "tinav5.c4r8p1" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: "cluster-api-md-0" + namespace: default +spec: + template: + spec: + files: + - content: | + #!/bin/sh + + curl https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.amd64 -Lo /tmp/runc.amd64 + chmod +x /tmp/runc.amd64 + cp -f /tmp/runc.amd64 /usr/local/sbin/runc + owner: root:root + path: /tmp/set_runc.sh + permissions: "0744" + joinConfiguration: + nodeRegistration: + name: "{{ ds.meta_data.local_hostname }}" + kubeletExtraArgs: + cloud-provider: external + provider-id: aws://'{{ ds.meta_data.placement.availability_zone }}'/'{{ ds.meta_data.instance_id }}' + preKubeadmCommands: + - sh /tmp/set_runc.sh +--- +kind: KubeadmControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +metadata: + name: "cluster-api-control-plane" +spec: + replicas: 1 + machineTemplate: + infrastructureRef: + kind: OscMachineTemplate + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + name: "cluster-api-control-plane" + namespace: default + kubeadmConfigSpec: + initConfiguration: + nodeRegistration: + taints: + - key: "key1" + value: "value1" + effect: "NoSchedule" + kubeletExtraArgs: + cloud-provider: external + provider-id: aws://'{{ ds.meta_data.placement.availability_zone }}'/'{{ ds.meta_data.instance_id }}' + name: '{{ ds.meta_data.local_hostname }}' + files: + - content: | + #!/bin/sh + curl https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.amd64 -Lo /tmp/runc.amd64 + chmod +x /tmp/runc.amd64 + cp -f /tmp/runc.amd64 /usr/local/sbin/runc + owner: root:root + path: /tmp/set_runc.sh + permissions: "0744" + joinConfiguration: + nodeRegistration: + taints: + - key: "key1" + value: "value1" + effect: "NoSchedule" + kubeletExtraArgs: + cloud-provider: external + provider-id: aws://'{{ ds.meta_data.placement.availability_zone }}'/'{{ ds.meta_data.instance_id }}' + preKubeadmCommands: + - sh /tmp/set_runc.sh + version: "1.22.11"