Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add taint cluster-api #271

Merged
1 commit merged into from
Oct 10, 2023
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
351 changes: 351 additions & 0 deletions example/cluster-machine-template-simple-taint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,351 @@
apiVersion: cluster.x-k8s.io/v1beta1
kind: Cluster
metadata:
name: cluster-api
namespace: default
labels:
cni: "cluster-api-crs-cni"
ccm: "cluster-api-crs-ccm"
spec:
clusterNetwork:
pods:
cidrBlocks: ["10.42.0.0/16"]
infrastructureRef:
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: OscCluster
name: cluster-api
namespace: default
controlPlaneRef:
kind: KubeadmControlPlane
apiVersion: controlplane.cluster.x-k8s.io/v1beta1
name: "cluster-api-control-plane"
namespace: default
---
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: OscCluster
metadata:
name: cluster-api
namespace: default
spec:
network:
clusterName: cluster-api
subregionName: eu-west-2a
loadBalancer:
loadbalancername: osc-k8s
loadbalancertype: internet-facing
subnetname: cluster-api-subnet-public
securitygroupname: cluster-api-securitygroup-lb
clusterName: cluster-api
net:
name: cluster-api-net
clusterName: cluster-api
ipRange: "10.0.0.0/16"
subnets:
- name: cluster-api-subnet-kcp
ipSubnetRange: "10.0.4.0/24"
- name: cluster-api-subnet-kw
ipSubnetRange: "10.0.3.0/24"
- name: cluster-api-subnet-public
ipSubnetRange: "10.0.2.0/24"
publicIps:
- name: cluster-api-publicip-nat
internetService:
clusterName: cluster-api
name: cluster-api-internetservice
natService:
clusterName: cluster-api
name: cluster-api-natservice
publicipname: cluster-api-publicip-nat
subnetname: cluster-api-subnet-public
bastion:
clusterName: cluster-api
enable: false
routeTables:
- name: cluster-api-routetable-kw
subnets:
- cluster-api-subnet-kw
routes:
- name: cluster-api-routes-kw
targetName: cluster-api-natservice
targetType: nat
destination: "0.0.0.0/0"
- name: cluster-api-routetable-kcp
subnets:
- cluster-api-subnet-kcp
routes:
- name: cluster-api-routes-kcp
targetName: cluster-api-natservice
targetType: nat
destination: "0.0.0.0/0"
- name: cluster-api-routetable-public
subnets:
- cluster-api-subnet-public
routes:
- name: cluster-api-routes-public
targetName: cluster-api-internetservice
targetType: gateway
destination: "0.0.0.0/0"
securityGroups:
- name: cluster-api-securitygroups-kw
description: Security Group with cluster-api
securityGroupRules:
- name: cluster-api-securitygrouprule-api-kubelet-kw
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.3.0/24"
fromPortRange: 10250
toPortRange: 10250
- name: cluster-api-securitygrouprule-api-kubelet-kcp
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.4.0/24"
fromPortRange: 10250
toPortRange: 10250
- name: cluster-api-securitygrouprule-kcp-nodeip-kw
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.3.0/24"
fromPortRange: 30000
toPortRange: 32767
- name: cluster-api-securitygrouprule-kcp-nodeip-kcp
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.4.0/24"
fromPortRange: 30000
toPortRange: 32767
- name: cluster-api-securitygrouprule-kw-bgp
flow: Inbound
ipProtocol: tcp
ipRange: "10.0.0.0/16"
fromPortRange: 179
toPortRange: 179
- name: cluster-api-securitygroups-kcp
description: Security Group with cluster-api
securityGroupRules:
- name: cluster-api-securitygrouprule-api-kw
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.3.0/24"
fromPortRange: 6443
toPortRange: 6443
- name: cluster-api-securitygrouprule-api-kcp
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.4.0/24"
fromPortRange: 6443
toPortRange: 6443
- name: cluster-api-securitygrouprule-etcd
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.4.0/24"
fromPortRange: 2378
toPortRange: 2379
- name: cluster-api-securitygrouprule-kubelet-kcp
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.4.0/24"
fromPortRange: 10250
toPortRange: 10252
- name: cluster-api-securitygrouprule-kcp-bgp
flow: Inbound
ipProtocol: tcp
ipRange: "10.0.0.0/16"
fromPortRange: 179
toPortRange: 179
- name: cluster-api-securitygrouprule-kw-nodeip-kw
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.3.0/24"
fromPortRange: 30000
toPortRange: 32767
- name: cluster-api-securitygrouprule-kw-nodeip-kcp
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "10.0.4.0/24"
fromPortRange: 30000
toPortRange: 32767
- name: cluster-api-securitygroup-lb
description: Security Group lb with cluster-api
securityGroupRules:
- name: cluste-api-securitygrouprule-lb
flow: Inbound
ipProtocol: tcp
# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment.
ipRange: "0.0.0.0/0"
fromPortRange: 6443
toPortRange: 6443
- name: cluster-api-securitygroups-node
description: Security Group node with cluster-api
tag: OscK8sMainSG
---
apiVersion: cluster.x-k8s.io/v1beta1
kind: MachineDeployment
metadata:
name: "cluster-api-md-0"
namespace: default
spec:
clusterName: "cluster-api"
replicas: 1
selector:
matchLabels:
template:
spec:
clusterName: "cluster-api"
version: "1.22.11"
bootstrap:
configRef:
name: "cluster-api-md-0"
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
kind: KubeadmConfigTemplate
namespace: default
infrastructureRef:
name: "cluster-api-md-0"
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: OscMachineTemplate
namespace: default
---
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: OscMachineTemplate
metadata:
name: "cluster-api-md-0"
namespace: default
spec:
template:
spec:
node:
clusterName: cluster-api
image:
name: ubuntu-2004-2004-kubernetes-v1.22.11-2022-08-22
keypair:
name: cluster-api
deleteKeypair: false
vm:
clusterName: cluster-api
name: cluster-api-vm-kw
keypairName: cluster-api
deviceName: /dev/sda1
rootDisk:
rootDiskSize: 30
rootDiskIops: 1500
rootDiskType: gp2
subnetName: cluster-api-subnet-kw
subregionName: eu-west-2a
securityGroupNames:
- name: cluster-api-securitygroups-kw
- name: cluster-api-securitygroups-node
vmType: "tinav4.c2r4p2"
---
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: OscMachineTemplate
metadata:
name: "cluster-api-control-plane"
namespace: default
spec:
template:
spec:
node:
clusterName: cluster-api
image:
name: ubuntu-2004-2004-kubernetes-v1.22.11-2022-08-22
keypair:
name: cluster-api
deleteKeypair: false
vm:
clusterName: cluster-api
name: cluster-api-vm-kcp
keypairName: cluster-api
rootDisk:
rootDiskSize: 30
rootDiskIops: 1500
rootDiskType: gp2
deviceName: /dev/sda1
subregionName: eu-west-2a
subnetName: cluster-api-subnet-kcp
role: controlplane
loadBalancerName: osc-k8s
securityGroupNames:
- name: cluster-api-securitygroups-kcp
- name: cluster-api-securitygroups-node
vmType: "tinav5.c4r8p1"
---
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
kind: KubeadmConfigTemplate
metadata:
name: "cluster-api-md-0"
namespace: default
spec:
template:
spec:
files:
- content: |
#!/bin/sh

curl https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.amd64 -Lo /tmp/runc.amd64
chmod +x /tmp/runc.amd64
cp -f /tmp/runc.amd64 /usr/local/sbin/runc
owner: root:root
path: /tmp/set_runc.sh
permissions: "0744"
joinConfiguration:
nodeRegistration:
name: "{{ ds.meta_data.local_hostname }}"
kubeletExtraArgs:
cloud-provider: external
provider-id: aws://'{{ ds.meta_data.placement.availability_zone }}'/'{{ ds.meta_data.instance_id }}'
preKubeadmCommands:
- sh /tmp/set_runc.sh
---
kind: KubeadmControlPlane
apiVersion: controlplane.cluster.x-k8s.io/v1beta1
metadata:
name: "cluster-api-control-plane"
spec:
replicas: 1
machineTemplate:
infrastructureRef:
kind: OscMachineTemplate
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
name: "cluster-api-control-plane"
namespace: default
kubeadmConfigSpec:
initConfiguration:
nodeRegistration:
taints:
- key: "key1"
value: "value1"
effect: "NoSchedule"
kubeletExtraArgs:
cloud-provider: external
provider-id: aws://'{{ ds.meta_data.placement.availability_zone }}'/'{{ ds.meta_data.instance_id }}'
name: '{{ ds.meta_data.local_hostname }}'
files:
- content: |
#!/bin/sh
curl https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.amd64 -Lo /tmp/runc.amd64
chmod +x /tmp/runc.amd64
cp -f /tmp/runc.amd64 /usr/local/sbin/runc
owner: root:root
path: /tmp/set_runc.sh
permissions: "0744"
joinConfiguration:
nodeRegistration:
taints:
- key: "key1"
value: "value1"
effect: "NoSchedule"
kubeletExtraArgs:
cloud-provider: external
provider-id: aws://'{{ ds.meta_data.placement.availability_zone }}'/'{{ ds.meta_data.instance_id }}'
preKubeadmCommands:
- sh /tmp/set_runc.sh
version: "1.22.11"
Loading