apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - cluster-template.yaml patches: - patch: |- apiVersion: v1 kind: Secret metadata: name: csi-vsphere-config namespace: '${NAMESPACE}' stringData: data: | apiVersion: v1 kind: Secret metadata: name: csi-vsphere-config namespace: kube-system stringData: csi-vsphere.conf: |+ [Global] insecure-flag = true thumbprint = "${VSPHERE_TLS_THUMBPRINT}" cluster-id = "${NAMESPACE}/${CLUSTER_NAME}" [VirtualCenter "${VSPHERE_SERVER}"] user = "${VSPHERE_USERNAME}" password = "${VSPHERE_PASSWORD}" datacenters = "${VSPHERE_DATACENTER}" [Network] public-network = "${VSPHERE_NETWORK}" type: Opaque - patch: |- apiVersion: controlplane.cluster.x-k8s.io/v1beta1 kind: KubeadmControlPlane metadata: name: '${CLUSTER_NAME}' namespace: '${NAMESPACE}' spec: kubeadmConfigSpec: clusterConfiguration: imageRepository: registry.{{ _template.network.fqdn }}/kubeadm ntp: enabled: true servers: - 0.nl.pool.ntp.org - 1.nl.pool.ntp.org - patch: |- apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 kind: KubeadmConfigTemplate metadata: name: '${CLUSTER_NAME}-md-0' namespace: '${NAMESPACE}' spec: template: spec: clusterConfiguration: imageRepository: registry.{{ _template.network.fqdn }}/kubeadm ntp: enabled: true servers: - 0.nl.pool.ntp.org - 1.nl.pool.ntp.org - patch: |- apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 kind: KubeadmConfigTemplate metadata: name: '${CLUSTER_NAME}-md-0' namespace: '${NAMESPACE}' spec: template: spec: files: - content: | [plugins."io.containerd.grpc.v1.cri".registry] config_path = "/etc/containerd/certs.d" append: true path: /etc/containerd/config.toml {% for registry in _template.registries %} - content: | server = "https://{{ registry }}" [host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"] capabilities = ["pull", "resolve"] override_path = true owner: root:root path: /etc/containerd/certs.d/{{ registry }}/hosts.toml {% endfor %} - content: | network: {config: disabled} owner: root:root path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg - content: | {{ _template.rootca | indent(width=14, first=False) | trim }} owner: root:root path: /usr/local/share/ca-certificates/root_ca.crt - patch: |- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: VSphereMachineTemplate metadata: name: ${CLUSTER_NAME} namespace: '${NAMESPACE}' spec: template: spec: network: devices: - dhcp4: false addressesFromPools: - apiGroup: ipam.cluster.x-k8s.io kind: InClusterIPPool name: inclusterippool-${CLUSTER_NAME} nameservers: - {{ _template.network.dnsserver }} networkName: '${VSPHERE_NETWORK}' - patch: |- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: VSphereMachineTemplate metadata: name: ${CLUSTER_NAME}-worker namespace: '${NAMESPACE}' spec: template: spec: network: devices: - dhcp4: false addressesFromPools: - apiGroup: ipam.cluster.x-k8s.io kind: InClusterIPPool name: inclusterippool-${CLUSTER_NAME} nameservers: - {{ _template.network.dnsserver }} networkName: '${VSPHERE_NETWORK}' - target: group: controlplane.cluster.x-k8s.io version: v1beta1 kind: KubeadmControlPlane name: .* patch: |- - op: add path: /spec/kubeadmConfigSpec/files/- value: content: | [plugins."io.containerd.grpc.v1.cri".registry] config_path = "/etc/containerd/certs.d" append: true path: /etc/containerd/config.toml {% for registry in _template.registries %} - op: add path: /spec/kubeadmConfigSpec/files/- value: content: | server = "https://{{ registry }}" [host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"] capabilities = ["pull", "resolve"] override_path = true owner: root:root path: /etc/containerd/certs.d/{{ registry }}/hosts.toml {% endfor %} - op: add path: /spec/kubeadmConfigSpec/files/- value: content: | network: {config: disabled} owner: root:root path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg - op: add path: /spec/kubeadmConfigSpec/files/- value: content: | {{ _template.rootca | indent(width=12, first=False) | trim }} owner: root:root path: /usr/local/share/ca-certificates/root_ca.crt - target: group: bootstrap.cluster.x-k8s.io version: v1beta1 kind: KubeadmConfigTemplate name: .* patch: |- {% for cmd in _template.runcmds %} - op: add path: /spec/template/spec/preKubeadmCommands/- value: {{ cmd }} {% endfor %} - target: group: controlplane.cluster.x-k8s.io version: v1beta1 kind: KubeadmControlPlane name: .* patch: |- {% for cmd in _template.runcmds %} - op: add path: /spec/kubeadmConfigSpec/preKubeadmCommands/- value: {{ cmd }} {% endfor %} - target: group: infrastructure.cluster.x-k8s.io version: v1beta1 kind: VSphereMachineTemplate name: \${CLUSTER_NAME} patch: |- - op: replace path: /metadata/name value: ${CLUSTER_NAME}-master - target: group: controlplane.cluster.x-k8s.io version: v1beta1 kind: KubeadmControlPlane name: \${CLUSTER_NAME} patch: |- - op: replace path: /metadata/name value: ${CLUSTER_NAME}-master - op: replace path: /spec/machineTemplate/infrastructureRef/name value: ${CLUSTER_NAME}-master - target: group: cluster.x-k8s.io version: v1beta1 kind: Cluster name: \${CLUSTER_NAME} patch: |- - op: replace path: /spec/controlPlaneRef/name value: ${CLUSTER_NAME}-master - target: group: infrastructure.cluster.x-k8s.io version: v1beta1 kind: VSphereMachineTemplate name: \${CLUSTER_NAME}-worker patch: |- - op: replace path: /spec/template/spec/numCPUs value: {{ _template.nodesize.cpu }} - op: replace path: /spec/template/spec/memoryMiB value: {{ _template.nodesize.memory }} - target: group: cluster.x-k8s.io version: v1beta1 kind: MachineDeployment name: \${CLUSTER_NAME}-md-0 patch: |- - op: replace path: /metadata/name value: ${CLUSTER_NAME}-worker - op: replace path: /spec/template/spec/bootstrap/configRef/name value: ${CLUSTER_NAME}-worker - target: group: bootstrap.cluster.x-k8s.io version: v1beta1 kind: KubeadmConfigTemplate name: \${CLUSTER_NAME}-md-0 patch: |- - op: replace path: /metadata/name value: ${CLUSTER_NAME}-worker