diff --git a/controllers/osccluster_natservice_controller.go b/controllers/osccluster_natservice_controller.go index 2c178f854..083aeea26 100644 --- a/controllers/osccluster_natservice_controller.go +++ b/controllers/osccluster_natservice_controller.go @@ -171,7 +171,6 @@ func reconcileNatService(ctx context.Context, clusterScope *scope.ClusterScope, clusterScope.V(4).Info("Create the desired natService", "natServiceName", natServiceName) networkSpec := clusterScope.GetNetwork() clusterName := networkSpec.ClusterName + "-" + clusterScope.GetUID() - clusterScope.V(2).Info("Create the desired natService", "natServiceName", natServiceName) natService, err := natServiceSvc.CreateNatService(publicIpId, subnetId, natServiceName, clusterName) if err != nil { return reconcile.Result{}, fmt.Errorf("%w Can not create natService for Osccluster %s/%s", err, clusterScope.GetNamespace(), clusterScope.GetName()) diff --git a/example/cluster-machine-template-multi-az.yaml b/example/cluster-machine-template-multi-az.yaml index f05b913ac..e06ea8f40 100644 --- a/example/cluster-machine-template-multi-az.yaml +++ b/example/cluster-machine-template-multi-az.yaml @@ -9,7 +9,9 @@ metadata: spec: clusterNetwork: pods: - cidrBlocks: ["10.42.0.0/16"] + cidrBlocks: ["10.233.64.0/18"] + services: + cidrBlocks: ["10.233.0.0/18"] infrastructureRef: apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: OscCluster @@ -18,7 +20,7 @@ spec: controlPlaneRef: kind: KubeadmControlPlane apiVersion: controlplane.cluster.x-k8s.io/v1beta1 - name: "cluster-api-multi-az-control-plane" + name: "cluster-api-multi-az-control-plane-2a" namespace: capo-test --- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 @@ -30,231 +32,154 @@ spec: network: clusterName: cluster-api-multi-az loadBalancer: - loadbalancername: capo-k8s + loadbalancername: cluster-api-multi-az-lb clusterName: cluster-api-multi-az + loadbalancertype: internet-facing + subnetname: cluster-api-multi-az-subnet-2a-private + securitygroupname: cluster-api-multi-az-securitygroup-lb net: + name: cluster-api-multi-az-net clusterName: cluster-api-multi-az + ipRange: "10.0.0.0/16" internetService: + name: cluster-api-multi-az-igw clusterName: cluster-api-multi-az - # TODO: use multiple nat services and set correct sg's - natServices: - - name: cluster-api-multi-az-eu-west-2a - clusterName: cluster-api-multi-az - - name: cluster-api-multi-az-eu-west-2b - clusterName: cluster-api-multi-az - bastion: - clusterName: cluster-api-multi-az - enable: false subnets: - - name: cluster-api-multi-az-eu-west-2a - ipSubnetRange: "10.42.0.0/24" + - name: cluster-api-multi-az-subnet-2a-private + ipSubnetRange: "10.0.0.0/24" + subregionName: eu-west-2a + - name: cluster-api-multi-az-subnet-2b-private + ipSubnetRange: "10.0.1.0/24" + subregionName: eu-west-2b + - name: cluster-api-multi-az-subnet-2a-public + ipSubnetRange: "10.0.2.0/24" subregionName: eu-west-2a - - name: cluster-api-multi-az-eu-west-2b - ipSubnetRange: "10.42.1.0/24" + - name: cluster-api-multi-az-subnet-2b-public + ipSubnetRange: "10.0.3.0/24" subregionName: eu-west-2b + natServices: + - name: cluster-api-multi-az-2a-nat + clusterName: cluster-api-multi-az + publicipname: cluster-api-multi-az-publicip-2a-nat + subnetname: cluster-api-multi-az-subnet-2a-public + - name: cluster-api-multi-az-2b-nat + clusterName: cluster-api-multi-az + publicipname: cluster-api-multi-az-publicip-2b-nat + subnetname: cluster-api-multi-az-subnet-2b-public + publicIps: + - name: cluster-api-multi-az-publicip-2a-nat + clusterName: cluster-api-multi-az + - name: cluster-api-multi-az-publicip-2b-nat + clusterName: cluster-api-multi-az routeTables: - - name: cluster-api-multi-az-eu-west-2a + - name: cluster-api-multi-az-rtb-2a-private + subnets: + - cluster-api-multi-az-subnet-2a-private + routes: + - name: cluster-api-multi-az-route-2a-nat + targetName: cluster-api-multi-az-2a-nat + targetType: nat + destination: "0.0.0.0/0" + - name: cluster-api-multi-az-rtb-2b-private subnets: - - cluster-api-multi-az-eu-west-2a + - cluster-api-multi-az-subnet-2b-private routes: - - name: local + - name: cluster-api-multi-az-route-2b-nat + targetName: cluster-api-multi-az-2b-nat + targetType: nat + destination: "0.0.0.0/0" + - name: cluster-api-multi-az-rtb-2a-public + subnets: + - cluster-api-multi-az-subnet-2a-public + routes: + - name: cluster-api-multi-az-route-2a-igw + targetName: cluster-api-multi-az-igw + targetType: gateway + destination: "0.0.0.0/0" + - name: cluster-api-multi-az-rtb-2b-public + subnets: + - cluster-api-multi-az-subnet-2b-public + routes: + - name: cluster-api-multi-az-route-2b-igw + targetName: cluster-api-multi-az-igw + targetType: gateway + destination: "0.0.0.0/0" securityGroups: - - name: cluster-api-multi-az-eu-west-2a -# --- -# apiVersion: cluster.x-k8s.io/v1beta1 -# kind: MachineDeployment -# metadata: -# name: "cluster-api-multi-az-md-0-eu-west-2a" -# namespace: capo-test -# spec: -# clusterName: "cluster-api-multi-az" -# replicas: 1 -# selector: -# matchLabels: -# template: -# spec: -# clusterName: "cluster-api-multi-az" -# version: "1.22.11" -# bootstrap: -# configRef: -# name: "cluster-api-multi-az-md-0" -# apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 -# kind: KubeadmConfigTemplate -# namespace: capo-test -# infrastructureRef: -# name: "cluster-api-multi-az-md-0-eu-west-2a" -# apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 -# kind: OscMachineTemplate -# namespace: capo-test -# --- -# apiVersion: cluster.x-k8s.io/v1beta1 -# kind: MachineDeployment -# metadata: -# name: "cluster-api-multi-az-md-0-eu-west-2b" -# namespace: capo-test -# spec: -# clusterName: "cluster-api-multi-az" -# replicas: 1 -# selector: -# matchLabels: -# template: -# spec: -# clusterName: "cluster-api-multi-az" -# version: "1.22.11" -# bootstrap: -# configRef: -# name: "cluster-api-multi-az-md-0" -# apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 -# kind: KubeadmConfigTemplate -# namespace: capo-test -# infrastructureRef: -# name: "cluster-api-multi-az-md-0-eu-west-2b" -# apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 -# kind: OscMachineTemplate -# namespace: capo-test -# --- -# apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 -# kind: OscMachineTemplate -# metadata: -# name: "cluster-api-multi-az-md-0-eu-west-2a" -# namespace: capo-test -# spec: -# template: -# spec: -# node: -# clusterName: cluster-api-multi-az -# image: -# name: ubuntu-2004-2004-kubernetes-v1.22.11-2022-08-22 -# keypair: -# name: cluster-api-test -# deleteKeypair: true -# vm: -# clusterName: cluster-api-multi-az -# rootDisk: -# rootDiskSize: 30 -# rootDiskIops: 1500 -# rootDiskType: "gp2" -# keypairName: cluster-api-test -# subnetName: cluster-api-multi-az-eu-west-2a -# vmType: "tinav6.c2r4p2" -# --- -# apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 -# kind: OscMachineTemplate -# metadata: -# name: "cluster-api-multi-az-md-0-eu-west-2b" -# namespace: capo-test -# spec: -# template: -# spec: -# node: -# clusterName: cluster-api-multi-az -# image: -# name: ubuntu-2004-2004-kubernetes-v1.22.11-2022-08-22 -# keypair: -# name: cluster-api-test -# deleteKeypair: true -# vm: -# clusterName: cluster-api-multi-az -# rootDisk: -# rootDiskSize: 30 -# rootDiskIops: 1500 -# rootDiskType: "gp2" -# keypairName: cluster-api-test -# subnetName: cluster-api-multi-az-eu-west-2b -# vmType: "tinav6.c2r4p2" -# --- -# apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 -# kind: OscMachineTemplate -# metadata: -# name: "cluster-api-multi-az-control-plane-eu-west-2a" -# namespace: capo-test -# spec: -# template: -# spec: -# node: -# clusterName: cluster-api-multi-az -# image: -# name: ubuntu-2004-2004-kubernetes-v1.22.11-2022-08-22 -# keypair: -# name: cluster-api-test -# deleteKeypair: true -# vm: -# clusterName: cluster-api-multi-az -# keypairName: cluster-api-test -# subnetName: cluster-api-multi-az-eu-west-2a -# rootDisk: -# rootDiskSize: 30 -# rootDiskIops: 1500 -# rootDiskType: "gp2" -# role: controlplane -# loadBalancerName: capo-k8s -# vmType: "tinav6.c4r8p1" -# --- -# apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 -# kind: OscMachineTemplate -# metadata: -# name: "cluster-api-multi-az-control-plane-eu-west-2b" -# namespace: capo-test -# spec: -# template: -# spec: -# node: -# clusterName: cluster-api-multi-az -# image: -# name: ubuntu-2004-2004-kubernetes-v1.22.11-2022-08-22 -# keypair: -# name: cluster-api-test -# deleteKeypair: true -# vm: -# clusterName: cluster-api-multi-az -# keypairName: cluster-api-test -# subnetName: cluster-api-multi-az-eu-west-2b -# rootDisk: -# rootDiskSize: 30 -# rootDiskIops: 1500 -# rootDiskType: "gp2" -# role: controlplane -# loadBalancerName: capo-k8s -# vmType: "tinav6.c4r8p1" -# --- -# apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 -# kind: KubeadmConfigTemplate -# metadata: -# name: "cluster-api-multi-az-md-0" -# namespace: capo-test -# spec: -# template: -# spec: -# files: -# - content: | -# #!/bin/bash - -# curl https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.amd64 -Lo /tmp/runc.amd64 -# chmod +x /tmp/runc.amd64 -# \cp -f /tmp/runc.amd64 /usr/local/sbin/runc -# owner: root:root -# path: /tmp/set_runc.sh -# permissions: "0744" -# joinConfiguration: -# nodeRegistration: -# name: "{{ ds.meta_data.local_hostname }}" -# kubeletExtraArgs: -# cloud-provider: external -# provider-id: aws:///'{{ ds.meta_data.placement.availability_zone }}'/'{{ ds.meta_data.instance_id }}' -# preKubeadmCommands: -# - sh /tmp/set_runc.sh + - name: cluster-api-multi-az-securitygroup-lb + description: Cluster-api Load Balancer Security Group + securityGroupRules: + - name: cluster-api-securitygrouprule-calico-vxlan + flow: Inbound + ipProtocol: tcp + ipRange: "0.0.0.0/0" + fromPortRange: 6443 + toPortRange: 6443 + - name: cluster-api-multi-az-securitygroup-control-plane + description: Cluster-api Control Plane Security Group + securityGroupRules: + - name: cluster-api-securitygrouprule-nodes + flow: Inbound + ipProtocol: "-1" + ipRange: "10.0.0.0/16" + fromPortRange: 1 + toPortRange: 65535 + - name: cluster-api-multi-az-securitygroup-worker + description: Cluster-api Worker Security Group + securityGroupRules: + - name: cluster-api-securitygrouprule-nodes + flow: Inbound + ipProtocol: "-1" + ipRange: "10.0.0.0/16" + fromPortRange: 1 + toPortRange: 65535 + bastion: + clusterName: cluster-api-multi-az + enable: false +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: OscMachineTemplate +metadata: + name: cluster-api-multi-az-control-plane-2a + namespace: capo-test +spec: + template: + spec: + node: + clusterName: cluster-api-multi-az + image: + name: ubuntu-2004-2004-kubernetes-v1.22.11-2022-08-22 + keypair: + name: cluster-api-test + deleteKeypair: false + vm: + clusterName: cluster-api-multi-az + name: cluster-api-multi-az-vm-control-plane-2a + keypairName: cluster-api-test + rootDisk: + rootDiskSize: 50 + rootDiskIops: 1500 + rootDiskType: gp2 + deviceName: /dev/sda1 + subregionName: eu-west-2a + subnetName: cluster-api-multi-az-subnet-2a-private + role: controlplane + loadBalancerName: cluster-api-multi-az-lb + securityGroupNames: + - name: cluster-api-multi-az-securitygroup-control-plane + vmType: "tinav6.c4r8p1" --- kind: KubeadmControlPlane apiVersion: controlplane.cluster.x-k8s.io/v1beta1 metadata: - name: "cluster-api-multi-az-control-plane-eu-west-2a" + name: cluster-api-multi-az-control-plane-2a + namespace: capo-test spec: replicas: 1 machineTemplate: infrastructureRef: kind: OscMachineTemplate apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 - name: "cluster-api-multi-az-control-plane-eu-west-2a" + name: cluster-api-multi-az-control-plane-2a namespace: capo-test kubeadmConfigSpec: initConfiguration: @@ -279,39 +204,150 @@ spec: preKubeadmCommands: - sh /tmp/set_runc.sh version: "1.22.11" -# --- -# kind: KubeadmControlPlane -# apiVersion: controlplane.cluster.x-k8s.io/v1beta1 -# metadata: -# name: "cluster-api-multi-az-control-plane-eu-west-2b" -# spec: -# replicas: 1 -# machineTemplate: -# infrastructureRef: -# kind: OscMachineTemplate -# apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 -# name: "cluster-api-multi-az-control-plane-eu-west-2b" -# namespace: capo-test -# kubeadmConfigSpec: -# initConfiguration: -# nodeRegistration: -# kubeletExtraArgs: -# cloud-provider: external -# provider-id: aws:///'{{ ds.meta_data.placement.availability_zone }}'/'{{ ds.meta_data.instance_id }}' -# name: '{{ ds.meta_data.local_hostname }}' -# files: -# - content: | -# #!/bin/bash -# curl https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.amd64 -Lo /tmp/runc.amd64 -# chmod +x /tmp/runc.amd64 -# \cp -f /tmp/runc.amd64 /usr/local/sbin/runc -# owner: root:root -# path: /tmp/set_runc.sh -# permissions: "0744" -# joinConfiguration: -# nodeRegistration: -# kubeletExtraArgs: -# cloud-provider: external -# preKubeadmCommands: -# - sh /tmp/set_runc.sh -# version: "1.22.11" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: OscMachineTemplate +metadata: + name: cluster-api-multi-az-worker-2a + namespace: capo-test +spec: + template: + spec: + node: + clusterName: cluster-api-multi-az + image: + name: ubuntu-2004-2004-kubernetes-v1.22.11-2022-08-22 + keypair: + name: cluster-api-test + deleteKeypair: false + vm: + clusterName: cluster-api-multi-az + name: cluster-api-multi-az-vm-worker-2a + keypairName: cluster-api-test + rootDisk: + rootDiskSize: 50 + rootDiskIops: 1500 + rootDiskType: gp2 + deviceName: /dev/sda1 + subregionName: eu-west-2a + subnetName: cluster-api-multi-az-subnet-2a-private + securityGroupNames: + - name: cluster-api-multi-az-securitygroup-worker + vmType: "tinav6.c4r8p2" +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: OscMachineTemplate +metadata: + name: cluster-api-multi-az-worker-2b + namespace: capo-test +spec: + template: + spec: + node: + clusterName: cluster-api-multi-az + image: + name: ubuntu-2004-2004-kubernetes-v1.22.11-2022-08-22 + keypair: + name: cluster-api-test + deleteKeypair: false + vm: + clusterName: cluster-api-multi-az + name: cluster-api-multi-az-vm-worker-2b + keypairName: cluster-api-test + rootDisk: + rootDiskSize: 50 + rootDiskIops: 1500 + rootDiskType: gp2 + deviceName: /dev/sda1 + subregionName: eu-west-2b + subnetName: cluster-api-multi-az-subnet-2b-private + securityGroupNames: + - name: cluster-api-multi-az-securitygroup-worker + vmType: "tinav6.c4r8p2" +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: "cluster-api-multi-az-worker-config" + namespace: capo-test +spec: + template: + spec: + files: + - content: | + #!/bin/sh + + curl https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.amd64 -Lo /tmp/runc.amd64 + chmod +x /tmp/runc.amd64 + cp -f /tmp/runc.amd64 /usr/local/sbin/runc + owner: root:root + path: /tmp/set_runc.sh + permissions: "0744" + joinConfiguration: + nodeRegistration: + name: "{{ ds.meta_data.local_hostname }}" + kubeletExtraArgs: + cloud-provider: external + provider-id: aws:///'{{ ds.meta_data.placement.availability_zone }}'/'{{ ds.meta_data.instance_id }}' + preKubeadmCommands: + - sh /tmp/set_runc.sh +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: cluster-api-multi-az-worker-2a-md + namespace: capo-test +spec: + clusterName: cluster-api-multi-az + replicas: 1 + selector: + matchLabels: + node-role: worker + template: + metadata: + labels: + node-role: worker + spec: + clusterName: cluster-api-multi-az + version: "1.22.11" + bootstrap: + configRef: + name: cluster-api-multi-az-worker-config + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + namespace: capo-test + infrastructureRef: + name: cluster-api-multi-az-worker-2a + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OscMachineTemplate + namespace: capo-test +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineDeployment +metadata: + name: cluster-api-multi-az-worker-2b-md + namespace: capo-test +spec: + clusterName: cluster-api-multi-az + replicas: 1 + selector: + matchLabels: + node-role: worker + template: + metadata: + labels: + node-role: worker + spec: + clusterName: cluster-api-multi-az + version: "1.22.11" + bootstrap: + configRef: + name: cluster-api-multi-az-worker-config + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + namespace: capo-test + infrastructureRef: + name: cluster-api-multi-az-worker-2b + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OscMachineTemplate + namespace: capo-test diff --git a/example/cluster-machine-template-simple2.yaml b/example/cluster-machine-template-simple2.yaml deleted file mode 100644 index c684eabef..000000000 --- a/example/cluster-machine-template-simple2.yaml +++ /dev/null @@ -1,463 +0,0 @@ -apiVersion: cluster.x-k8s.io/v1beta1 -kind: Cluster -metadata: - name: cluster-api - namespace: capo-test - labels: - cni: "calico-v3-19" - ccm: "cluster-api-crs-ccm" -spec: - clusterNetwork: - pods: - cidrBlocks: ["10.42.0.0/16"] - infrastructureRef: - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 - kind: OscCluster - name: cluster-api - namespace: capo-test - controlPlaneRef: - kind: KubeadmControlPlane - apiVersion: controlplane.cluster.x-k8s.io/v1beta1 - name: "cluster-api-control-plane" - namespace: capo-test ---- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 -kind: OscCluster -metadata: - name: cluster-api - namespace: capo-test -spec: - network: - clusterName: cluster-api - subregionName: eu-west-2a - loadBalancer: - loadbalancername: osc-k8s - loadbalancertype: internet-facing - subnetname: cluster-api-subnet-public - securitygroupname: cluster-api-securitygroup-lb - clusterName: cluster-api - net: - name: cluster-api-net - clusterName: cluster-api - ipRange: "10.0.0.0/16" - subnets: - - name: cluster-api-subnet-kcp-a - ipSubnetRange: "10.0.4.0/24" - subregionName: eu-west-2a - # - name: cluster-api-subnet-kcp-b - # ipSubnetRange: "10.0.5.0/24" - # subregionName: eu-west-2b - - name: cluster-api-subnet-kw-a - ipSubnetRange: "10.0.3.0/24" - subregionName: eu-west-2a - - name: cluster-api-subnet-kw-b - ipSubnetRange: "10.0.6.0/24" - subregionName: eu-west-2b - - name: cluster-api-subnet-public - ipSubnetRange: "10.0.2.0/24" - publicIps: - - name: cluster-api-publicip-nat - internetService: - clusterName: cluster-api - name: cluster-api-internetservice - natServices: - - clusterName: cluster-api - name: cluster-api-natservice - publicipname: cluster-api-publicip-nat - subnetname: cluster-api-subnet-public - bastion: - clusterName: cluster-api - enable: false - routeTables: - - name: cluster-api-routetable-kw - subnets: - - cluster-api-subnet-kw-a - - cluster-api-subnet-kw-b - routes: - - name: cluster-api-routes-kw - targetName: cluster-api-natservice - targetType: nat - destination: "0.0.0.0/0" - - name: cluster-api-routetable-kcp - subnets: - - cluster-api-subnet-kcp-a - # - cluster-api-subnet-kcp-b - routes: - - name: cluster-api-routes-kcp - targetName: cluster-api-natservice - targetType: nat - destination: "0.0.0.0/0" - - name: cluster-api-routetable-public - subnets: - - cluster-api-subnet-public - routes: - - name: cluster-api-routes-public - targetName: cluster-api-internetservice - targetType: gateway - destination: "0.0.0.0/0" - securityGroups: - # - name: cluster-api-securitygroups - # description: Security Group with cluster-api - # securityGroupRules: - # - name: - # flow: Inboud - # ipProtocol: tcp - # fromPortRange: 22 - # toPortRange: 22 - - name: cluster-api-securitygroups-kw - description: Security Group with cluster-api - securityGroupRules: - - name: cluster-api-securitygrouprule-api-kubelet-kw - flow: Inbound - ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. - ipRange: "10.0.3.0/24" - fromPortRange: 10250 - toPortRange: 10250 - - name: cluster-api-securitygrouprule-api-kubelet-kcp - flow: Inbound - ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. - ipRange: "10.0.4.0/24" - fromPortRange: 10250 - toPortRange: 10250 - - name: cluster-api-securitygrouprule-kcp-nodeip-kw - flow: Inbound - ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. - ipRange: "10.0.3.0/24" - fromPortRange: 30000 - toPortRange: 32767 - - name: cluster-api-securitygrouprule-kcp-nodeip-kcp - flow: Inbound - ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. - ipRange: "10.0.4.0/24" - fromPortRange: 30000 - toPortRange: 32767 - - name: cluster-api-securitygrouprule-kw-bgp - flow: Inbound - ipProtocol: tcp - ipRange: "10.0.0.0/16" - fromPortRange: 179 - toPortRange: 179 - - name: cluster-api-securitygroups-kcp - description: Security Group with cluster-api - securityGroupRules: - - name: cluster-api-securitygrouprule-api-kw - flow: Inbound - ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. - ipRange: "10.0.3.0/24" - fromPortRange: 6443 - toPortRange: 6443 - - name: cluster-api-securitygrouprule-api-kcp - flow: Inbound - ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. - ipRange: "10.0.4.0/24" - fromPortRange: 6443 - toPortRange: 6443 - - name: cluster-api-securitygrouprule-etcd - flow: Inbound - ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. - ipRange: "10.0.4.0/24" - fromPortRange: 2378 - toPortRange: 2379 - - name: cluster-api-securitygrouprule-kubelet-kcp - flow: Inbound - ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. - ipRange: "10.0.4.0/24" - fromPortRange: 10250 - toPortRange: 10252 - - name: cluster-api-securitygrouprule-kcp-bgp - flow: Inbound - ipProtocol: tcp - ipRange: "10.0.0.0/16" - fromPortRange: 179 - toPortRange: 179 - - name: cluster-api-securitygrouprule-kw-nodeip-kw - flow: Inbound - ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. - ipRange: "10.0.3.0/24" - fromPortRange: 30000 - toPortRange: 32767 - - name: cluster-api-securitygrouprule-kw-nodeip-kcp - flow: Inbound - ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. - ipRange: "10.0.4.0/24" - fromPortRange: 30000 - toPortRange: 32767 - - name: cluster-api-securitygroup-lb - description: Security Group lb with cluster-api - securityGroupRules: - - name: cluste-api-securitygrouprule-lb - flow: Inbound - ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. - ipRange: "0.0.0.0/0" - fromPortRange: 6443 - toPortRange: 6443 - - name: cluster-api-securitygroups-node - description: Security Group node with cluster-api - tag: OscK8sMainSG - securityGroupRules: - - name: cluster-api-securitygrouprule-calico-vxlan - flow: Inbound - ipProtocol: udp - ipRange: "10.0.0.0/16" - fromPortRange: 4789 - toPortRange: 4789 - - name: cluster-api-securitygrouprule-calico-typha - flow: Inbound - ipProtocol: udp - ipRange: "10.0.0.0/16" - fromPortRange: 5473 - toPortRange: 5473 - - name: cluster-api-securitygrouprule-calico-wireguard - flow: Inbound - ipProtocol: udp - ipRange: "10.0.0.0/16" - fromPortRange: 51820 - toPortRange: 51820 - - name: cluster-api-securitygrouprule-calico-wireguard-ipv6 - flow: Inbound - ipProtocol: udp - ipRange: "10.0.0.0/16" - fromPortRange: 51821 - toPortRange: 51821 - - name: cluster-api-securitygrouprule-flannel - flow: Inbound - ipProtocol: udp - ipRange: "10.0.0.0/16" - fromPortRange: 4789 - toPortRange: 4789 - - name: cluster-api-securitygrouperule-flannel-udp - flow: Inbound - ipProtocol: udp - ipRange: "10.0.0.0/16" - fromPortRange: 8285 - toPortRange: 8285 - - name: cluster-api-securitygroup-flannel-vxlan - flow: Inbound - ipProtocol: udp - ipRange: "10.0.0.0/16" - fromPortRange: 8472 - toPortRange: 8472 ---- -apiVersion: cluster.x-k8s.io/v1beta1 -kind: MachineDeployment -metadata: - name: "cluster-api-md-0" - namespace: capo-test -spec: - clusterName: "cluster-api" - replicas: 1 - selector: - matchLabels: - template: - spec: - clusterName: "cluster-api" - version: "1.22.11" - bootstrap: - configRef: - name: "cluster-api-md-0" - apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 - kind: KubeadmConfigTemplate - namespace: capo-test - infrastructureRef: - name: "cluster-api-md-0" - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 - kind: OscMachineTemplate - namespace: capo-test ---- -apiVersion: cluster.x-k8s.io/v1beta1 -kind: MachineDeployment -metadata: - name: "cluster-api-md-1" - namespace: capo-test -spec: - clusterName: "cluster-api" - replicas: 1 - selector: - matchLabels: - template: - spec: - clusterName: "cluster-api" - version: "1.22.11" - bootstrap: - configRef: - name: "cluster-api-md-0" - apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 - kind: KubeadmConfigTemplate - namespace: capo-test - infrastructureRef: - name: "cluster-api-md-1" - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 - kind: OscMachineTemplate - namespace: capo-test ---- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 -kind: OscMachineTemplate -metadata: - name: "cluster-api-md-0" - namespace: capo-test -spec: - template: - spec: - node: - clusterName: cluster-api - image: - name: ubuntu-2004-2004-kubernetes-v1.22.11-2022-08-22 - keypair: - name: cluster-api-test - deleteKeypair: false - vm: - clusterName: cluster-api - name: cluster-api-vm-kw - keypairName: cluster-api-test - deviceName: /dev/sda1 - rootDisk: - rootDiskSize: 30 - rootDiskIops: 1500 - rootDiskType: gp2 - subnetName: cluster-api-subnet-kw-a - subregionName: eu-west-2a - securityGroupNames: - - name: cluster-api-securitygroups-kw - - name: cluster-api-securitygroups-node - vmType: "tinav5.c2r8p2" ---- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 -kind: OscMachineTemplate -metadata: - name: "cluster-api-md-1" - namespace: capo-test -spec: - template: - spec: - node: - clusterName: cluster-api - image: - name: ubuntu-2004-2004-kubernetes-v1.22.11-2022-08-22 - keypair: - name: cluster-api-test - deleteKeypair: false - vm: - clusterName: cluster-api - name: cluster-api-vm-kw - keypairName: cluster-api-test - deviceName: /dev/sda1 - rootDisk: - rootDiskSize: 30 - rootDiskIops: 1500 - rootDiskType: gp2 - subnetName: cluster-api-subnet-kw-b - subregionName: eu-west-2b - securityGroupNames: - - name: cluster-api-securitygroups-kw - - name: cluster-api-securitygroups-node - vmType: "tinav5.c2r8p2" - ---- -apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 -kind: OscMachineTemplate -metadata: - name: "cluster-api-control-plane" - namespace: capo-test -spec: - template: - spec: - node: - clusterName: cluster-api - image: - name: ubuntu-2004-2004-kubernetes-v1.22.11-2022-08-22 - keypair: - name: cluster-api-test - deleteKeypair: false - vm: - clusterName: cluster-api - name: cluster-api-vm-kcp - keypairName: cluster-api-test - rootDisk: - rootDiskSize: 30 - rootDiskIops: 1500 - rootDiskType: gp2 - deviceName: /dev/sda1 - subregionName: eu-west-2a - subnetName: cluster-api-subnet-kcp-a - role: controlplane - loadBalancerName: osc-k8s - securityGroupNames: - - name: cluster-api-securitygroups-kcp - - name: cluster-api-securitygroups-node - vmType: "tinav5.c2r8p2" ---- -apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 -kind: KubeadmConfigTemplate -metadata: - name: "cluster-api-md-0" - namespace: capo-test -spec: - template: - spec: - files: - - content: | - #!/bin/sh - - curl https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.amd64 -Lo /tmp/runc.amd64 - chmod +x /tmp/runc.amd64 - cp -f /tmp/runc.amd64 /usr/local/sbin/runc - owner: root:root - path: /tmp/set_runc.sh - permissions: "0744" - joinConfiguration: - nodeRegistration: - name: "{{ ds.meta_data.local_hostname }}" - kubeletExtraArgs: - cloud-provider: external - provider-id: aws:///'{{ ds.meta_data.placement.availability_zone }}'/'{{ ds.meta_data.instance_id }}' - preKubeadmCommands: - - sh /tmp/set_runc.sh ---- -kind: KubeadmControlPlane -apiVersion: controlplane.cluster.x-k8s.io/v1beta1 -metadata: - name: "cluster-api-control-plane" - namespace: capo-test -spec: - replicas: 1 - machineTemplate: - infrastructureRef: - kind: OscMachineTemplate - apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 - name: "cluster-api-control-plane" - namespace: capo-test - kubeadmConfigSpec: - initConfiguration: - nodeRegistration: - kubeletExtraArgs: - cloud-provider: external - provider-id: aws:///'{{ ds.meta_data.placement.availability_zone }}'/'{{ ds.meta_data.instance_id }}' - name: '{{ ds.meta_data.local_hostname }}' - files: - - content: | - #!/bin/sh - curl https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.amd64 -Lo /tmp/runc.amd64 - chmod +x /tmp/runc.amd64 - cp -f /tmp/runc.amd64 /usr/local/sbin/runc - owner: root:root - path: /tmp/set_runc.sh - permissions: "0744" - joinConfiguration: - nodeRegistration: - kubeletExtraArgs: - cloud-provider: external - provider-id: aws:///'{{ ds.meta_data.placement.availability_zone }}'/'{{ ds.meta_data.instance_id }}' - preKubeadmCommands: - - sh /tmp/set_runc.sh - version: "1.22.11"