From bbe8b54e8eeae399868361e60799871d50339b89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GLON?= Date: Mon, 20 Nov 2023 15:09:10 +0100 Subject: [PATCH] Add test2 --- example/cluster-machine-template-simple2.yaml | 463 ++++++++++++++++++ 1 file changed, 463 insertions(+) create mode 100644 example/cluster-machine-template-simple2.yaml diff --git a/example/cluster-machine-template-simple2.yaml b/example/cluster-machine-template-simple2.yaml new file mode 100644 index 000000000..c684eabef --- /dev/null +++ b/example/cluster-machine-template-simple2.yaml @@ -0,0 +1,463 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: cluster-api + namespace: capo-test + labels: + cni: "calico-v3-19" + ccm: "cluster-api-crs-ccm" +spec: + clusterNetwork: + pods: + cidrBlocks: ["10.42.0.0/16"] + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OscCluster + name: cluster-api + namespace: capo-test + controlPlaneRef: + kind: KubeadmControlPlane + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + name: "cluster-api-control-plane" + namespace: capo-test +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: OscCluster +metadata: + name: cluster-api + namespace: capo-test +spec: + network: + clusterName: cluster-api + subregionName: eu-west-2a + loadBalancer: + loadbalancername: osc-k8s + loadbalancertype: internet-facing + subnetname: cluster-api-subnet-public + securitygroupname: cluster-api-securitygroup-lb + clusterName: cluster-api + net: + name: cluster-api-net + clusterName: cluster-api + ipRange: "10.0.0.0/16" + subnets: + - name: cluster-api-subnet-kcp-a + ipSubnetRange: "10.0.4.0/24" + subregionName: eu-west-2a + # - name: cluster-api-subnet-kcp-b + # ipSubnetRange: "10.0.5.0/24" + # subregionName: eu-west-2b + - name: cluster-api-subnet-kw-a + ipSubnetRange: "10.0.3.0/24" + subregionName: eu-west-2a + - name: cluster-api-subnet-kw-b + ipSubnetRange: "10.0.6.0/24" + subregionName: eu-west-2b + - name: cluster-api-subnet-public + ipSubnetRange: "10.0.2.0/24" + publicIps: + - name: cluster-api-publicip-nat + internetService: + clusterName: cluster-api + name: cluster-api-internetservice + natServices: + - clusterName: cluster-api + name: cluster-api-natservice + publicipname: cluster-api-publicip-nat + subnetname: cluster-api-subnet-public + bastion: + clusterName: cluster-api + enable: false + routeTables: + - name: cluster-api-routetable-kw + subnets: + - cluster-api-subnet-kw-a + - cluster-api-subnet-kw-b + routes: + - name: cluster-api-routes-kw + targetName: cluster-api-natservice + targetType: nat + destination: "0.0.0.0/0" + - name: cluster-api-routetable-kcp + subnets: + - cluster-api-subnet-kcp-a + # - cluster-api-subnet-kcp-b + routes: + - name: cluster-api-routes-kcp + targetName: cluster-api-natservice + targetType: nat + destination: "0.0.0.0/0" + - name: cluster-api-routetable-public + subnets: + - cluster-api-subnet-public + routes: + - name: cluster-api-routes-public + targetName: cluster-api-internetservice + targetType: gateway + destination: "0.0.0.0/0" + securityGroups: + # - name: cluster-api-securitygroups + # description: Security Group with cluster-api + # securityGroupRules: + # - name: + # flow: Inboud + # ipProtocol: tcp + # fromPortRange: 22 + # toPortRange: 22 + - name: cluster-api-securitygroups-kw + description: Security Group with cluster-api + securityGroupRules: + - name: cluster-api-securitygrouprule-api-kubelet-kw + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.3.0/24" + fromPortRange: 10250 + toPortRange: 10250 + - name: cluster-api-securitygrouprule-api-kubelet-kcp + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.4.0/24" + fromPortRange: 10250 + toPortRange: 10250 + - name: cluster-api-securitygrouprule-kcp-nodeip-kw + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.3.0/24" + fromPortRange: 30000 + toPortRange: 32767 + - name: cluster-api-securitygrouprule-kcp-nodeip-kcp + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.4.0/24" + fromPortRange: 30000 + toPortRange: 32767 + - name: cluster-api-securitygrouprule-kw-bgp + flow: Inbound + ipProtocol: tcp + ipRange: "10.0.0.0/16" + fromPortRange: 179 + toPortRange: 179 + - name: cluster-api-securitygroups-kcp + description: Security Group with cluster-api + securityGroupRules: + - name: cluster-api-securitygrouprule-api-kw + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.3.0/24" + fromPortRange: 6443 + toPortRange: 6443 + - name: cluster-api-securitygrouprule-api-kcp + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.4.0/24" + fromPortRange: 6443 + toPortRange: 6443 + - name: cluster-api-securitygrouprule-etcd + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.4.0/24" + fromPortRange: 2378 + toPortRange: 2379 + - name: cluster-api-securitygrouprule-kubelet-kcp + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.4.0/24" + fromPortRange: 10250 + toPortRange: 10252 + - name: cluster-api-securitygrouprule-kcp-bgp + flow: Inbound + ipProtocol: tcp + ipRange: "10.0.0.0/16" + fromPortRange: 179 + toPortRange: 179 + - name: cluster-api-securitygrouprule-kw-nodeip-kw + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.3.0/24" + fromPortRange: 30000 + toPortRange: 32767 + - name: cluster-api-securitygrouprule-kw-nodeip-kcp + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "10.0.4.0/24" + fromPortRange: 30000 + toPortRange: 32767 + - name: cluster-api-securitygroup-lb + description: Security Group lb with cluster-api + securityGroupRules: + - name: cluste-api-securitygrouprule-lb + flow: Inbound + ipProtocol: tcp +# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + ipRange: "0.0.0.0/0" + fromPortRange: 6443 + toPortRange: 6443 + - name: cluster-api-securitygroups-node + description: Security Group node with cluster-api + tag: OscK8sMainSG + securityGroupRules: + - name: cluster-api-securitygrouprule-calico-vxlan + flow: Inbound + ipProtocol: udp + ipRange: "10.0.0.0/16" + fromPortRange: 4789 + toPortRange: 4789 + - name: cluster-api-securitygrouprule-calico-typha + flow: Inbound + ipProtocol: udp + ipRange: "10.0.0.0/16" + fromPortRange: 5473 + toPortRange: 5473 + - name: cluster-api-securitygrouprule-calico-wireguard + flow: Inbound + ipProtocol: udp + ipRange: "10.0.0.0/16" + fromPortRange: 51820 + toPortRange: 51820 + - name: cluster-api-securitygrouprule-calico-wireguard-ipv6 + flow: Inbound + ipProtocol: udp + ipRange: "10.0.0.0/16" + fromPortRange: 51821 + toPortRange: 51821 + - name: cluster-api-securitygrouprule-flannel + flow: Inbound + ipProtocol: udp + ipRange: "10.0.0.0/16" + fromPortRange: 4789 + toPortRange: 4789 + - name: cluster-api-securitygrouperule-flannel-udp + flow: Inbound + ipProtocol: udp + ipRange: "10.0.0.0/16" + fromPortRange: 8285 + toPortRange: 8285 + - name: cluster-api-securitygroup-flannel-vxlan + flow: Inbound + ipProtocol: udp + ipRange: "10.0.0.0/16" + fromPortRange: 8472 + toPortRange: 8472 +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: "cluster-api-md-0" + namespace: capo-test +spec: + clusterName: "cluster-api" + replicas: 1 + selector: + matchLabels: + template: + spec: + clusterName: "cluster-api" + version: "1.22.11" + bootstrap: + configRef: + name: "cluster-api-md-0" + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + namespace: capo-test + infrastructureRef: + name: "cluster-api-md-0" + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OscMachineTemplate + namespace: capo-test +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: "cluster-api-md-1" + namespace: capo-test +spec: + clusterName: "cluster-api" + replicas: 1 + selector: + matchLabels: + template: + spec: + clusterName: "cluster-api" + version: "1.22.11" + bootstrap: + configRef: + name: "cluster-api-md-0" + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + namespace: capo-test + infrastructureRef: + name: "cluster-api-md-1" + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OscMachineTemplate + namespace: capo-test +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: OscMachineTemplate +metadata: + name: "cluster-api-md-0" + namespace: capo-test +spec: + template: + spec: + node: + clusterName: cluster-api + image: + name: ubuntu-2004-2004-kubernetes-v1.22.11-2022-08-22 + keypair: + name: cluster-api-test + deleteKeypair: false + vm: + clusterName: cluster-api + name: cluster-api-vm-kw + keypairName: cluster-api-test + deviceName: /dev/sda1 + rootDisk: + rootDiskSize: 30 + rootDiskIops: 1500 + rootDiskType: gp2 + subnetName: cluster-api-subnet-kw-a + subregionName: eu-west-2a + securityGroupNames: + - name: cluster-api-securitygroups-kw + - name: cluster-api-securitygroups-node + vmType: "tinav5.c2r8p2" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: OscMachineTemplate +metadata: + name: "cluster-api-md-1" + namespace: capo-test +spec: + template: + spec: + node: + clusterName: cluster-api + image: + name: ubuntu-2004-2004-kubernetes-v1.22.11-2022-08-22 + keypair: + name: cluster-api-test + deleteKeypair: false + vm: + clusterName: cluster-api + name: cluster-api-vm-kw + keypairName: cluster-api-test + deviceName: /dev/sda1 + rootDisk: + rootDiskSize: 30 + rootDiskIops: 1500 + rootDiskType: gp2 + subnetName: cluster-api-subnet-kw-b + subregionName: eu-west-2b + securityGroupNames: + - name: cluster-api-securitygroups-kw + - name: cluster-api-securitygroups-node + vmType: "tinav5.c2r8p2" + +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: OscMachineTemplate +metadata: + name: "cluster-api-control-plane" + namespace: capo-test +spec: + template: + spec: + node: + clusterName: cluster-api + image: + name: ubuntu-2004-2004-kubernetes-v1.22.11-2022-08-22 + keypair: + name: cluster-api-test + deleteKeypair: false + vm: + clusterName: cluster-api + name: cluster-api-vm-kcp + keypairName: cluster-api-test + rootDisk: + rootDiskSize: 30 + rootDiskIops: 1500 + rootDiskType: gp2 + deviceName: /dev/sda1 + subregionName: eu-west-2a + subnetName: cluster-api-subnet-kcp-a + role: controlplane + loadBalancerName: osc-k8s + securityGroupNames: + - name: cluster-api-securitygroups-kcp + - name: cluster-api-securitygroups-node + vmType: "tinav5.c2r8p2" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: "cluster-api-md-0" + namespace: capo-test +spec: + template: + spec: + files: + - content: | + #!/bin/sh + + curl https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.amd64 -Lo /tmp/runc.amd64 + chmod +x /tmp/runc.amd64 + cp -f /tmp/runc.amd64 /usr/local/sbin/runc + owner: root:root + path: /tmp/set_runc.sh + permissions: "0744" + joinConfiguration: + nodeRegistration: + name: "{{ ds.meta_data.local_hostname }}" + kubeletExtraArgs: + cloud-provider: external + provider-id: aws:///'{{ ds.meta_data.placement.availability_zone }}'/'{{ ds.meta_data.instance_id }}' + preKubeadmCommands: + - sh /tmp/set_runc.sh +--- +kind: KubeadmControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +metadata: + name: "cluster-api-control-plane" + namespace: capo-test +spec: + replicas: 1 + machineTemplate: + infrastructureRef: + kind: OscMachineTemplate + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + name: "cluster-api-control-plane" + namespace: capo-test + kubeadmConfigSpec: + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + provider-id: aws:///'{{ ds.meta_data.placement.availability_zone }}'/'{{ ds.meta_data.instance_id }}' + name: '{{ ds.meta_data.local_hostname }}' + files: + - content: | + #!/bin/sh + curl https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.amd64 -Lo /tmp/runc.amd64 + chmod +x /tmp/runc.amd64 + cp -f /tmp/runc.amd64 /usr/local/sbin/runc + owner: root:root + path: /tmp/set_runc.sh + permissions: "0744" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + provider-id: aws:///'{{ ds.meta_data.placement.availability_zone }}'/'{{ ds.meta_data.instance_id }}' + preKubeadmCommands: + - sh /tmp/set_runc.sh + version: "1.22.11"