apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - cluster-template.yaml patchesStrategicMerge: - |- apiVersion: controlplane.cluster.x-k8s.io/v1beta1 kind: KubeadmControlPlane metadata: name: '${CLUSTER_NAME}' namespace: '${NAMESPACE}' spec: kubeadmConfigSpec: clusterConfiguration: imageRepository: registry.{{ _template.network.fqdn }}/kubeadm - |- apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 kind: KubeadmConfigTemplate metadata: name: '${CLUSTER_NAME}-md-0' namespace: '${NAMESPACE}' spec: template: spec: clusterConfiguration: imageRepository: registry.{{ _template.network.fqdn }}/kubeadm diskSetup: filesystems: - device: /dev/sdb1 filesystem: ext4 label: blockstorage partitions: - device: /dev/sdb layout: true tableType: gpt mounts: - - LABEL=blockstorage - /mnt/blockstorage - |- apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 kind: KubeadmConfigTemplate metadata: name: '${CLUSTER_NAME}-md-0' namespace: '${NAMESPACE}' spec: template: spec: files: - content: | [plugins."io.containerd.grpc.v1.cri".registry] config_path = "/etc/containerd/certs.d" append: true path: /etc/containerd/config.toml {% for registry in _template.registries %} - content: | server = "https://{{ registry }}" [host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"] capabilities = ["pull", "resolve"] override_path = true owner: root:root path: /etc/containerd/certs.d/{{ registry }}/hosts.toml {% endfor %} - content: | network: {config: disabled} owner: root:root path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg - content: | {{ _template.rootca | indent(width=14, first=False) | trim }} owner: root:root path: /usr/local/share/ca-certificates/root_ca.crt - |- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: VSphereMachineTemplate metadata: name: ${CLUSTER_NAME} namespace: '${NAMESPACE}' spec: template: spec: network: devices: - dhcp4: false addressesFromPools: - apiGroup: ipam.cluster.x-k8s.io kind: InClusterIPPool name: inclusterippool-${CLUSTER_NAME} nameservers: - {{ _template.network.dnsserver }} networkName: '${VSPHERE_NETWORK}' - |- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: VSphereMachineTemplate metadata: name: ${CLUSTER_NAME}-worker namespace: '${NAMESPACE}' spec: template: spec: additionalDisksGiB: - {{ _template.additionaldisk }} network: devices: - dhcp4: false addressesFromPools: - apiGroup: ipam.cluster.x-k8s.io kind: InClusterIPPool name: inclusterippool-${CLUSTER_NAME} nameservers: - {{ _template.network.dnsserver }} networkName: '${VSPHERE_NETWORK}' patchesJson6902: - target: group: controlplane.cluster.x-k8s.io version: v1beta1 kind: KubeadmControlPlane name: .* patch: |- - op: add path: /spec/kubeadmConfigSpec/files/- value: content: | [plugins."io.containerd.grpc.v1.cri".registry] config_path = "/etc/containerd/certs.d" append: true path: /etc/containerd/config.toml {% for registry in _template.registries %} - op: add path: /spec/kubeadmConfigSpec/files/- value: content: | server = "https://{{ registry }}" [host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"] capabilities = ["pull", "resolve"] override_path = true owner: root:root path: /etc/containerd/certs.d/{{ registry }}/hosts.toml {% endfor %} - op: add path: /spec/kubeadmConfigSpec/files/- value: content: | network: {config: disabled} owner: root:root path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg - op: add path: /spec/kubeadmConfigSpec/files/- value: content: | {{ _template.rootca | indent(width=12, first=False) | trim }} owner: root:root path: /usr/local/share/ca-certificates/root_ca.crt - target: group: bootstrap.cluster.x-k8s.io version: v1beta1 kind: KubeadmConfigTemplate name: .* patch: |- {% for cmd in _template.runcmds %} - op: add path: /spec/template/spec/preKubeadmCommands/- value: {{ cmd }} {% endfor %} - target: group: controlplane.cluster.x-k8s.io version: v1beta1 kind: KubeadmControlPlane name: .* patch: |- {% for cmd in _template.runcmds %} - op: add path: /spec/kubeadmConfigSpec/preKubeadmCommands/- value: {{ cmd }} {% endfor %}