{{- $clustername := .Values.cluster.name -}} apiVersion: provisioning.cattle.io/v1 kind: Cluster metadata: {{- if .Values.cluster.labels }} labels: {{ toYaml .Values.cluster.labels | indent 4 }} {{- end }} {{- if .Values.cluster.annotations }} annotations: {{ toYaml .Values.cluster.annotations | indent 4 }} {{- end }} name: {{ .Values.cluster.name }} namespace: fleet-default spec: {{- if .Values.cluster.config.agentEnvVars }} agentEnvVars: {{ toYaml .Values.cluster.config.agentEnvVars | indent 4 }} {{- end }} {{- if .Values.cloudCredentialSecretName }} cloudCredentialSecretName: cattle-global-data:{{ .Values.cloudCredentialSecretName }} {{- end }} # clusterAPIConfig: # clusterAgentDeploymentCustomization: {{- if .Values.cluster.config.defaultClusterRoleForProjectMembers }} defaultClusterRoleForProjectMembers: {{ .Values.cluster.config.defaultClusterRoleForProjectMembers }} {{- end }} {{- if .Values.cluster.config.defaultPodSecurityAdmissionConfigurationTemplateName }} defaultPodSecurityAdmissionConfigurationTemplateName: {{ .Values.cluster.config.defaultPodSecurityAdmissionConfigurationTemplateName }} {{- end }} {{- if .Values.cluster.config.defaultPodSecurityPolicyTemplateName }} defaultPodSecurityPolicyTemplateName: {{ .Values.cluster.config.defaultPodSecurityPolicyTemplateName }} {{- end }} enableNetworkPolicy: {{ .Values.cluster.config.enableNetworkPolicy }} # fleetAgentDeploymentCustomization: {{- if .Values.cluster.config.kubernetesVersion }} kubernetesVersion: {{ .Values.cluster.config.kubernetesVersion }} {{- end }} {{- if eq .Values.cluster.config.localClusterAuthEndpoint.enabled true }} localClusterAuthEndpoint: enabled: {{ .Values.cluster.config.localClusterAuthEndpoint.enabled }} fqdn: {{ .Values.cluster.config.localClusterAuthEndpoint.fqdn }} caCerts: {{ .Values.cluster.config.localClusterAuthEndpoint.caCerts }} {{- else }} localClusterAuthEndpoint: enabled: false {{- end }} # redeploySystemAgentGeneration: rkeConfig: {{- with $.Values.cluster.config.chartValues }} chartValues: {{- toYaml . | nindent 6 }} {{- end }} {{- with $.Values.cluster.config.additionalManifests }} additionalManifest: {{- toYaml . | nindent 6 }} {{- end }} {{- if .Values.cluster.config.etcd }} etcd: disableSnapshots: {{ .Values.cluster.config.etcd.disableSnapshots }} snapshotRetention: {{ .Values.cluster.config.etcd.snapshotRetention }} snapshotScheduleCron: {{ .Values.cluster.config.etcd.snapshotScheduleCron }} {{- if .Values.cluster.config.etcd.s3 }} s3: bucket: {{ .Values.cluster.config.etcd.s3.bucket }} cloudCredentialName: cattle-global-data:{{ .Values.cluster.config.etcd.s3.cloudCredentialSecretName }} {{- if .Values.cluster.config.etcd.s3.folder }} folder: {{ .Values.cluster.config.etcd.s3.folder }} {{- end }} region: {{ .Values.cluster.config.etcd.s3.region }} skipSSLVerify: {{ .Values.cluster.config.etcd.s3.skipSSLVerify }} endpoint: {{ .Values.cluster.config.etcd.s3.endpoint }} {{- if .Values.cluster.config.etcd.s3.endpointCA }} endpointCA: |- {{ .Values.cluster.config.etcd.s3.endpointCA | indent 10 }} {{- end }} {{- end }} {{- end }} # etcdSnapshotCreate: # etcdSnapshotRestore: # infrastructureRef: {{- if .Values.cluster.config.globalConfig }} machineGlobalConfig: {{- if .Values.cluster.config.globalConfig.cni }} cni: {{ .Values.cluster.config.globalConfig.cni }} {{- end }} {{- if .Values.cluster.config.globalConfig.cluster_cidr }} cluster-cidr: {{ .Values.cluster.config.globalConfig.cluster_cidr }} {{- end }} {{- if .Values.cluster.config.globalConfig.service_cidr }} service-cidr: {{ .Values.cluster.config.globalConfig.service_cidr }} {{- end }} {{- if .Values.cluster.config.globalConfig.docker }} docker: {{ .Values.cluster.config.globalConfig.docker }} {{- end }} {{- if .Values.cluster.config.globalConfig.disable }} disable: {{ .Values.cluster.config.globalConfig.disable | toRawJson }} {{- end }} {{- if .Values.cluster.config.globalConfig.disable_scheduler }} disable-scheduler: {{ .Values.cluster.config.globalConfig.disable_scheduler }} {{- end }} {{- if .Values.cluster.config.globalConfig.disable_cloud_controller }} disable-cloud-controller: {{ .Values.cluster.config.globalConfig.disable_cloud_controller }} {{- end }} {{- if .Values.cluster.config.globalConfig.disable_kube_proxy }} disable-kube-proxy: {{ .Values.cluster.config.globalConfig.disable_kube_proxy }} {{- end }} {{- if .Values.cluster.config.globalConfig.etcd_expose_metrics }} etcd-expose-metrics: {{ .Values.cluster.config.globalConfig.etcd_expose_metrics }} {{- end }} {{- if .Values.cluster.config.globalConfig.profile }} profile: {{ .Values.cluster.config.globalConfig.profile }} {{- end }} {{- if .Values.cluster.config.globalConfig.selinux }} selinux: {{ .Values.cluster.config.globalConfig.selinux }} {{- end }} {{- if .Values.cluster.config.globalConfig.tls_san }} tls-san: {{ .Values.cluster.config.globalConfig.tls_san | toRawJson }} {{- end }} {{- if .Values.cluster.config.globalConfig.token }} token: {{ .Values.cluster.config.globalConfig.token }} {{- end }} {{- if .Values.cluster.config.globalConfig.systemDefaultRegistry }} system-default-registry: {{ .Values.cluster.config.globalConfig.systemDefaultRegistry }} {{- end }} {{- if .Values.cluster.config.globalConfig.secrets_encryption }} secrets-encryption: {{ .Values.cluster.config.globalConfig.secrets_encryption }} {{- end }} {{- if .Values.cluster.config.globalConfig.write_kubeconfig_mode }} write-kubeconfig-mode: {{ .Values.cluster.config.globalConfig.write_kubeconfig_mode }} {{- end }} {{- if .Values.cluster.config.globalConfig.use_service_account_credentials }} use-service-account-credentials: {{ .Values.cluster.config.globalConfig.use_service_account_credentials }} {{- end }} {{- if .Values.cluster.config.globalConfig.protect_kernel_defaults }} protect-kernel-defaults: {{ .Values.cluster.config.globalConfig.protect_kernel_defaults }} {{- end }} {{- if .Values.cluster.config.globalConfig.cloud_provider_name }} cloud-provider-name: {{ .Values.cluster.config.globalConfig.cloud_provider_name }} {{- end }} {{- if .Values.cluster.config.globalConfig.cloud_provider_config }} cloud-provider-config: {{ .Values.cluster.config.globalConfig.cloud_provider_config }} {{- end }} {{- if .Values.cluster.config.globalConfig.kube_controller_manager_arg }} kube-controller-manager-arg: {{ .Values.cluster.config.globalConfig.kube_controller_manager_arg | toRawJson }} {{- end }} {{- if .Values.cluster.config.globalConfig.kube_scheduler_arg }} kube-scheduler-arg: {{ .Values.cluster.config.globalConfig.kube_scheduler_arg | toRawJson }} {{- end }} {{- if .Values.cluster.config.globalConfig.kube_apiserver_arg }} kube-apiserver-arg: {{ .Values.cluster.config.globalConfig.kube_apiserver_arg | toRawJson }} {{- end }} {{- if .Values.cluster.config.globalConfig.kubelet_proxy_arg }} kubelet-proxy-arg: {{ .Values.cluster.config.globalConfig.kubelet_proxy_arg | toRawJson }} {{- end }} {{- if .Values.cluster.config.globalConfig.kubelet_arg }} kubelet-arg: {{ .Values.cluster.config.globalConfig.kubelet_arg | toRawJson }} {{- end }} {{- end }} # machinePoolDefaults: {{- if ne .Values.cloudprovider "custom" }} machinePools: {{- if .Values.nodepools }} {{ range $index, $nodepool := .Values.nodepools }} - name: {{ $nodepool.name }} quantity: {{ $nodepool.quantity }} controlPlaneRole: {{ $nodepool.controlplane }} etcdRole: {{ $nodepool.etcd }} workerRole: {{ $nodepool.worker }} {{- if $nodepool.labels }} labels: {{ toYaml $nodepool.labels | indent 8 }} {{- end }} {{- if $nodepool.taints }} taints: {{ toYaml $nodepool.taints | indent 8 }} {{- end }} machineConfigRef: {{- if eq $.Values.cloudprovider "amazonec2" }} kind: Amazonec2Config {{- else if eq $.Values.cloudprovider "vsphere" }} kind: VmwarevsphereConfig {{- else if eq $.Values.cloudprovider "harvester" }} kind: HarvesterConfig {{- else if eq $.Values.cloudprovider "digitalocean" }} kind: DigitaloceanConfig {{- else if eq $.Values.cloudprovider "azure" }} kind: AzureConfig {{- else if eq $.Values.cloudprovider "elemental" }} apiVersion: elemental.cattle.io/v1beta1 kind: MachineInventorySelectorTemplate {{- end}} name: {{ $clustername }}-{{ $nodepool.name }} displayName: {{ $nodepool.displayName | default $nodepool.name }} {{- if $nodepool.drainBeforeDelete }} drainBeforeDelete: {{ $nodepool.drainBeforeDelete }} {{- end }} {{- if $nodepool.drainBeforeDeleteTimeout }} drainBeforeDeleteTimeout: {{ $nodepool.drainBeforeDeleteTimeout }} {{- end }} {{- if $nodepool.machineDeploymentLabels }} machineDeploymentLabels: {{ toYaml $nodepool.machineDeploymentLabels | indent 8 }} {{- end }} {{- if $nodepool.machineDeploymentAnnotations }} machineDeploymentAnnotations: {{ toYaml $nodepool.machineDeploymentAnnotations | indent 8 }} {{- end }} paused: {{ $nodepool.paused }} {{- if $nodepool.rollingUpdate }} rollingUpdate: maxUnavailable: {{ $nodepool.rollingUpdate.maxUnavailable }} maxSurge: {{ $nodepool.rollingUpdate.maxSurge }} {{- end }} {{- if $nodepool.unhealthyNodeTimeout }} unhealthyNodeTimeout: {{ $nodepool.unhealthyNodeTimeout }} {{- end }} {{- end }} {{- end }} {{- if or .Values.cluster.config.controlPlaneConfig .Values.cluster.config.workerConfig}} machineSelectorConfig: {{- if .Values.cluster.config.controlPlaneConfig }} - config: {{- if .Values.cluster.config.controlPlaneConfig.cni }} cni: {{ .Values.cluster.config.controlPlaneConfig.cni }} {{- end }} {{- if .Values.cluster.config.controlPlaneConfig.docker }} docker: {{ .Values.cluster.config.controlPlaneConfig.docker }} {{- end }} {{- if .Values.cluster.config.globalConfig.disable }} disable: {{ .Values.cluster.config.globalConfig.disable | toRawJson }} {{- end }} {{- if .Values.cluster.config.globalConfig.disable_scheduler }} disable-scheduler: {{ .Values.cluster.config.globalConfig.disable_scheduler }} {{- end }} {{- if .Values.cluster.config.globalConfig.disable_cloud_controller }} disable-cloud-controller: {{ .Values.cluster.config.globalConfig.disable_cloud_controller }} {{- end }} {{- if .Values.cluster.config.controlPlaneConfig.disable_kube_proxy }} disable-kube-proxy: {{ .Values.cluster.config.controlPlaneConfig.disable_kube_proxy }} {{- end }} {{- if .Values.cluster.config.controlPlaneConfig.etcd_expose_metrics }} etcd-expose-metrics: {{ .Values.cluster.config.controlPlaneConfig.etcd_expose_metrics }} {{- end }} {{- if .Values.cluster.config.controlPlaneConfig.profile }} profile: {{ .Values.cluster.config.controlPlaneConfig.profile }} {{- end }} {{- if .Values.cluster.config.controlPlaneConfig.selinux }} selinux: {{ .Values.cluster.config.controlPlaneConfig.selinux }} {{- end }} {{- if .Values.cluster.config.controlPlaneConfig.tls_san }} tls-san: {{ .Values.cluster.config.controlPlaneConfig.tls_san | toRawJson }} {{- end }} {{- if .Values.cluster.config.controlPlaneConfig.token }} token: {{ .Values.cluster.config.controlPlaneConfig.token }} {{- end }} {{- if .Values.cluster.config.controlPlaneConfig.systemDefaultRegistry }} system-default-registry: {{ .Values.cluster.config.controlPlaneConfig.systemDefaultRegistry }} {{- end }} {{- if .Values.cluster.config.controlPlaneConfig.secrets_encryption }} secrets-encryption: {{ .Values.cluster.config.controlPlaneConfig.secrets_encryption }} {{- end }} {{- if .Values.cluster.config.controlPlaneConfig.write_kubeconfig_mode }} write-kubeconfig-mode: {{ .Values.cluster.config.controlPlaneConfig.write_kubeconfig_mode }} {{- end }} {{- if .Values.cluster.config.controlPlaneConfig.use_service_account_credentials }} use-service-account-credentials: {{ .Values.cluster.config.controlPlaneConfig.use_service_account_credentials }} {{- end }} {{- if .Values.cluster.config.controlPlaneConfig.protect_kernel_defaults }} protect-kernel-defaults: {{ .Values.cluster.config.controlPlaneConfig.protect_kernel_defaults }} {{- end }} {{- if .Values.cluster.config.controlPlaneConfig.cloud_provider_name }} cloud-provider-name: {{ .Values.cluster.config.controlPlaneConfig.cloud_provider_name }} {{- end }} {{- if .Values.cluster.config.controlPlaneConfig.cloud_provider_config }} cloud-provider-config: {{ .Values.cluster.config.controlPlaneConfig.cloud_provider_config }} {{- end }} {{- if .Values.cluster.config.controlPlaneConfig.kube_controller_manager_arg }} kube-controller-manager-arg: {{ .Values.cluster.config.controlPlaneConfig.kube_controller_manager_arg | toRawJson }} {{- end }} {{- if .Values.cluster.config.controlPlaneConfig.kube_scheduler_arg }} kube-scheduler-arg: {{ .Values.cluster.config.controlPlaneConfig.kube_scheduler_arg | toRawJson }} {{- end }} {{- if .Values.cluster.config.controlPlaneConfig.kube_apiserver_arg }} kube-apiserver-arg: {{ .Values.cluster.config.controlPlaneConfig.kube_apiserver_arg | toRawJson }} {{- end }} {{- if .Values.cluster.config.controlPlaneConfig.kubelet_proxy_arg }} kubelet-proxy-arg: {{ .Values.cluster.config.controlPlaneConfig.kubelet_proxy_arg | toRawJson }} {{- end }} {{- if .Values.cluster.config.controlPlaneConfig.kubelet_arg }} kubelet-arg: {{ .Values.cluster.config.controlPlaneConfig.kubelet_arg | toRawJson }} {{- end }} machineLabelSelector: matchLabels: node-role.kubernetes.io/control-plane: "true" {{- end }} {{- if .Values.cluster.config.workerConfig }} - config: {{- if .Values.cluster.config.workerConfig.cni }} cni: {{ .Values.cluster.config.workerConfig.cni }} {{- end }} {{- if .Values.cluster.config.workerConfig.docker }} docker: {{ .Values.cluster.config.workerConfig.docker }} {{- end }} {{- if .Values.cluster.config.globalConfig.disable }} disable: {{ .Values.cluster.config.globalConfig.disable | toRawJson }} {{- end }} {{- if .Values.cluster.config.globalConfig.disable_scheduler }} disable-scheduler: {{ .Values.cluster.config.globalConfig.disable_scheduler }} {{- end }} {{- if .Values.cluster.config.globalConfig.disable_cloud_controller }} disable-cloud-controller: {{ .Values.cluster.config.globalConfig.disable_cloud_controller }} {{- end }} {{- if .Values.cluster.config.workerConfig.disable_kube_proxy }} disable-kube-proxy: {{ .Values.cluster.config.workerConfig.disable_kube_proxy }} {{- end }} {{- if .Values.cluster.config.workerConfig.etcd_expose_metrics }} etcd-expose-metrics: {{ .Values.cluster.config.workerConfig.etcd_expose_metrics }} {{- end }} {{- if .Values.cluster.config.workerConfig.profile }} profile: {{ .Values.cluster.config.workerConfig.profile }} {{- end }} {{- if .Values.cluster.config.workerConfig.selinux }} selinux: {{ .Values.cluster.config.workerConfig.selinux }} {{- end }} {{- if .Values.cluster.config.workerConfig.tls_san }} tls-san: {{ .Values.cluster.config.workerConfig.tls_san | toRawJson }} {{- end }} {{- if .Values.cluster.config.workerConfig.token }} token: {{ .Values.cluster.config.workerConfig.token }} {{- end }} {{- if .Values.cluster.config.workerConfig.systemDefaultRegistry }} system-default-registry: {{ .Values.cluster.config.workerConfig.systemDefaultRegistry }} {{- end }} {{- if .Values.cluster.config.workerConfig.secrets_encryption }} secrets-encryption: {{ .Values.cluster.config.workerConfig.secrets_encryption }} {{- end }} {{- if .Values.cluster.config.workerConfig.write_kubeconfig_mode }} write-kubeconfig-mode: {{ .Values.cluster.config.workerConfig.write_kubeconfig_mode }} {{- end }} {{- if .Values.cluster.config.workerConfig.use_service_account_credentials }} use-service-account-credentials: {{ .Values.cluster.config.workerConfig.use_service_account_credentials }} {{- end }} {{- if .Values.cluster.config.workerConfig.protect_kernel_defaults }} protect-kernel-defaults: {{ .Values.cluster.config.workerConfig.protect_kernel_defaults }} {{- end }} {{- if .Values.cluster.config.workerConfig.cloud_provider_name }} cloud-provider-name: {{ .Values.cluster.config.workerConfig.cloud_provider_name }} {{- end }} {{- if .Values.cluster.config.workerConfig.cloud_provider_config }} cloud-provider-config: {{ .Values.cluster.config.workerConfig.cloud_provider_config }} {{- end }} {{- if .Values.cluster.config.workerConfig.kube_controller_manager_arg }} kube-controller-manager-arg: {{ .Values.cluster.config.workerConfig.kube_controller_manager_arg | toRawJson }} {{- end }} {{- if .Values.cluster.config.workerConfig.kube_scheduler_arg }} kube-scheduler-arg: {{ .Values.cluster.config.workerConfig.kube_scheduler_arg | toRawJson }} {{- end }} {{- if .Values.cluster.config.workerConfig.kube_apiserver_arg }} kube-apiserver-arg: {{ .Values.cluster.config.workerConfig.kube_apiserver_arg | toRawJson }} {{- end }} {{- if .Values.cluster.config.workerConfig.kubelet_proxy_arg }} kubelet-proxy-arg: {{ .Values.cluster.config.workerConfig.kubelet_proxy_arg | toRawJson }} {{- end }} {{- if .Values.cluster.config.workerConfig.kubelet_arg }} kubelet-arg: {{ .Values.cluster.config.workerConfig.kubelet_arg | toRawJson }} {{- end }} machineLabelSelector: matchLabels: rke.cattle.io/worker-role: "true" {{- end }} {{- end }} {{- end }} # machineSelectorFiles: # provisionGeneration: {{- if and .Values.cluster.config.registries (eq .Values.cluster.config.registries.enabled true) }} registries: configs: {{- range .Values.cluster.config.registries.configs }} {{ .name }}: authConfigSecretName: {{ .authConfigSecretName }} caBundle: {{ .caBundle }} insecureSkipVerify: {{ .insecureSkipVerify }} tlsSecretName: {{ .tlsSecretName }} {{- end }} {{- if .Values.cluster.config.registries.mirrors }} mirrors: {{- range .Values.cluster.config.registries.mirrors }} {{ .name | quote }}: endpoint: {{- range .endpoints }} - {{ . }} {{- end }} {{- if .rewrite }} rewrite: {{- range $key, $value := .rewrite }} "{{ $key }}": "{{ $value }}" {{- end }} {{- end }} {{- end }} {{- end }} {{- end }} # rotateCertificates: # rotateEncryptionKeys: {{- if .Values.cluster.config.upgradeStrategy }} upgradeStrategy: controlPlaneConcurrency: {{ .Values.cluster.config.upgradeStrategy.controlPlaneConcurrency }} {{- if eq .Values.cluster.config.upgradeStrategy.controlPlaneDrainOptions.enabled true }} controlPlaneDrainOptions: enabled: {{ .Values.cluster.config.upgradeStrategy.controlPlaneDrainOptions.enabled }} deleteEmptyDirData: {{ .Values.cluster.config.upgradeStrategy.controlPlaneDrainOptions.deleteEmptyDirData }} disableEviction: {{ .Values.cluster.config.upgradeStrategy.controlPlaneDrainOptions.disableEviction }} force: {{ .Values.cluster.config.upgradeStrategy.controlPlaneDrainOptions.force }} gracePeriod: {{ .Values.cluster.config.upgradeStrategy.controlPlaneDrainOptions.gracePeriod }} ignoreDaemonSets: {{ .Values.cluster.config.upgradeStrategy.controlPlaneDrainOptions.ignoreDaemonSets }} ignoreErrors: {{ .Values.cluster.config.upgradeStrategy.controlPlaneDrainOptions.ignoreErrors }} skipWaitForDeleteTimeoutSeconds: {{ .Values.cluster.config.upgradeStrategy.controlPlaneDrainOptions.skipWaitForDeleteTimeoutSeconds }} timeout: {{ .Values.cluster.config.upgradeStrategy.controlPlaneDrainOptions.timeout }} {{- else }} controlPlaneDrainOptions: enabled: {{ .Values.cluster.config.upgradeStrategy.controlPlaneDrainOptions.enabled }} {{- end }} workerConcurrency: {{ .Values.cluster.config.upgradeStrategy.workerConcurrency }} {{- if eq .Values.cluster.config.upgradeStrategy.workerDrainOptions.enabled true }} workerDrainOptions: enabled: {{ .Values.cluster.config.upgradeStrategy.workerDrainOptions.enabled }} deleteEmptyDirData: {{ .Values.cluster.config.upgradeStrategy.workerDrainOptions.deleteEmptyDirData }} disableEviction: {{ .Values.cluster.config.upgradeStrategy.workerDrainOptions.disableEviction }} force: {{ .Values.cluster.config.upgradeStrategy.workerDrainOptions.force }} gracePeriod: {{ .Values.cluster.config.upgradeStrategy.workerDrainOptions.gracePeriod }} ignoreDaemonSets: {{ .Values.cluster.config.upgradeStrategy.workerDrainOptions.ignoreDaemonSets }} ignoreErrors: {{ .Values.cluster.config.upgradeStrategy.workerDrainOptions.ignoreErrors }} skipWaitForDeleteTimeoutSeconds: {{ .Values.cluster.config.upgradeStrategy.workerDrainOptions.skipWaitForDeleteTimeoutSeconds }} timeout: {{ .Values.cluster.config.upgradeStrategy.workerDrainOptions.timeout }} {{- else }} workerDrainOptions: enabled: {{ .Values.cluster.config.upgradeStrategy.workerDrainOptions.enabled }} {{- end }} {{- end }}