apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - cluster-template.yaml patches: - patch: |- apiVersion: controlplane.cluster.x-k8s.io/v1beta1 kind: KubeadmControlPlane metadata: name: '${CLUSTER_NAME}' namespace: '${NAMESPACE}' spec: kubeadmConfigSpec: clusterConfiguration: imageRepository: registry.{{ _template.network.fqdn }}/kubeadm - patch: |- apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 kind: KubeadmConfigTemplate metadata: name: '${CLUSTER_NAME}-md-0' namespace: '${NAMESPACE}' spec: template: spec: clusterConfiguration: imageRepository: registry.{{ _template.network.fqdn }}/kubeadm - patch: |- apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 kind: KubeadmConfigTemplate metadata: name: '${CLUSTER_NAME}-md-0' namespace: '${NAMESPACE}' spec: template: spec: files: - content: | [plugins."io.containerd.grpc.v1.cri".registry] config_path = "/etc/containerd/certs.d" append: true path: /etc/containerd/config.toml {% for registry in _template.registries %} - content: | server = "https://{{ registry }}" [host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"] capabilities = ["pull", "resolve"] override_path = true owner: root:root path: /etc/containerd/certs.d/{{ registry }}/hosts.toml {% endfor %} - content: | network: {config: disabled} owner: root:root path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg - content: | {{ _template.rootca | indent(width=14, first=False) | trim }} owner: root:root path: /usr/local/share/ca-certificates/root_ca.crt - patch: |- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: VSphereMachineTemplate metadata: name: ${CLUSTER_NAME} namespace: '${NAMESPACE}' spec: template: spec: diskGiB: 60 network: devices: - dhcp4: false addressesFromPools: - apiGroup: ipam.cluster.x-k8s.io kind: InClusterIPPool name: inclusterippool-${CLUSTER_NAME} nameservers: - {{ _template.network.dnsserver }} networkName: '${VSPHERE_NETWORK}' - patch: |- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: VSphereMachineTemplate metadata: name: ${CLUSTER_NAME}-worker namespace: '${NAMESPACE}' spec: template: spec: diskGiB: 60 network: devices: - dhcp4: false addressesFromPools: - apiGroup: ipam.cluster.x-k8s.io kind: InClusterIPPool name: inclusterippool-${CLUSTER_NAME} nameservers: - {{ _template.network.dnsserver }} networkName: '${VSPHERE_NETWORK}' - target: group: addons.cluster.x-k8s.io version: v1beta1 kind: ClusterResourceSet name: \${CLUSTER_NAME}-crs-0 patch: |- - op: replace path: /spec/resources value: - kind: Secret name: cloud-controller-manager - kind: Secret name: cloud-provider-vsphere-credentials - kind: ConfigMap name: cpi-manifests - op: add path: /spec/strategy value: Reconcile - target: group: controlplane.cluster.x-k8s.io version: v1beta1 kind: KubeadmControlPlane name: .* patch: |- - op: add path: /spec/kubeadmConfigSpec/files/- value: content: | [plugins."io.containerd.grpc.v1.cri".registry] config_path = "/etc/containerd/certs.d" append: true path: /etc/containerd/config.toml {% for registry in _template.registries %} - op: add path: /spec/kubeadmConfigSpec/files/- value: content: | server = "https://{{ registry }}" [host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"] capabilities = ["pull", "resolve"] override_path = true owner: root:root path: /etc/containerd/certs.d/{{ registry }}/hosts.toml {% endfor %} - op: add path: /spec/kubeadmConfigSpec/files/- value: content: | network: {config: disabled} owner: root:root path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg - op: add path: /spec/kubeadmConfigSpec/files/- value: content: | {{ _template.rootca | indent(width=10, first=False) | trim }} owner: root:root path: /usr/local/share/ca-certificates/root_ca.crt - target: group: bootstrap.cluster.x-k8s.io version: v1beta1 kind: KubeadmConfigTemplate name: .* patch: |- {% for cmd in _template.runcmds %} - op: add path: /spec/template/spec/preKubeadmCommands/- value: {{ cmd }} {% endfor %} - target: group: controlplane.cluster.x-k8s.io version: v1beta1 kind: KubeadmControlPlane name: .* patch: |- {% for cmd in _template.runcmds %} - op: add path: /spec/kubeadmConfigSpec/preKubeadmCommands/- value: {{ cmd }} {% endfor %} - target: group: infrastructure.cluster.x-k8s.io version: v1beta1 kind: VSphereMachineTemplate name: \${CLUSTER_NAME} patch: |- - op: replace path: /metadata/name value: ${CLUSTER_NAME}-master - op: remove path: /spec/template/spec/thumbprint - target: group: controlplane.cluster.x-k8s.io version: v1beta1 kind: KubeadmControlPlane name: \${CLUSTER_NAME} patch: |- - op: replace path: /metadata/name value: ${CLUSTER_NAME}-master - op: replace path: /spec/machineTemplate/infrastructureRef/name value: ${CLUSTER_NAME}-master - target: group: cluster.x-k8s.io version: v1beta1 kind: Cluster name: \${CLUSTER_NAME} patch: |- - op: replace path: /spec/clusterNetwork/pods value: cidrBlocks: - 172.30.0.0/16 - op: replace path: /spec/controlPlaneRef/name value: ${CLUSTER_NAME}-master - target: group: infrastructure.cluster.x-k8s.io version: v1beta1 kind: VSphereMachineTemplate name: \${CLUSTER_NAME}-worker patch: |- - op: replace path: /spec/template/spec/numCPUs value: {{ _template.nodesize.cpu }} - op: replace path: /spec/template/spec/memoryMiB value: {{ _template.nodesize.memory }} - op: remove path: /spec/template/spec/thumbprint - target: group: cluster.x-k8s.io version: v1beta1 kind: MachineDeployment name: \${CLUSTER_NAME}-md-0 patch: |- - op: replace path: /metadata/name value: ${CLUSTER_NAME}-worker - op: replace path: /spec/template/spec/bootstrap/configRef/name value: ${CLUSTER_NAME}-worker - target: group: bootstrap.cluster.x-k8s.io version: v1beta1 kind: KubeadmConfigTemplate name: \${CLUSTER_NAME}-md-0 patch: |- - op: replace path: /metadata/name value: ${CLUSTER_NAME}-worker - target: group: infrastructure.cluster.x-k8s.io version: v1beta1 kind: VSphereCluster name: .* patch: |- - op: remove path: /spec/thumbprint