Packer.Images/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2

267 lines
7.4 KiB
Django/Jinja

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster-template.yaml
patches:
- patch: |-
apiVersion: controlplane.cluster.x-k8s.io/v1beta1
kind: KubeadmControlPlane
metadata:
name: '${CLUSTER_NAME}'
namespace: '${NAMESPACE}'
spec:
kubeadmConfigSpec:
clusterConfiguration:
imageRepository: registry.{{ _template.network.fqdn }}/kubeadm
- patch: |-
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
kind: KubeadmConfigTemplate
metadata:
name: '${CLUSTER_NAME}-md-0'
namespace: '${NAMESPACE}'
spec:
template:
spec:
clusterConfiguration:
imageRepository: registry.{{ _template.network.fqdn }}/kubeadm
- patch: |-
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
kind: KubeadmConfigTemplate
metadata:
name: '${CLUSTER_NAME}-md-0'
namespace: '${NAMESPACE}'
spec:
template:
spec:
files:
- content: |
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
append: true
path: /etc/containerd/config.toml
{% for registry in _template.registries %}
- content: |
server = "https://{{ registry }}"
[host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"]
capabilities = ["pull", "resolve"]
override_path = true
owner: root:root
path: /etc/containerd/certs.d/{{ registry }}/hosts.toml
{% endfor %}
- content: |
network: {config: disabled}
owner: root:root
path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
- content: |
{{ _template.rootca | indent(width=14, first=False) | trim }}
owner: root:root
path: /usr/local/share/ca-certificates/root_ca.crt
- patch: |-
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: VSphereMachineTemplate
metadata:
name: ${CLUSTER_NAME}
namespace: '${NAMESPACE}'
spec:
template:
spec:
diskGiB: 60
network:
devices:
- dhcp4: false
addressesFromPools:
- apiGroup: ipam.cluster.x-k8s.io
kind: InClusterIPPool
name: inclusterippool-${CLUSTER_NAME}
nameservers:
- {{ _template.network.dnsserver }}
networkName: '${VSPHERE_NETWORK}'
- patch: |-
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: VSphereMachineTemplate
metadata:
name: ${CLUSTER_NAME}-worker
namespace: '${NAMESPACE}'
spec:
template:
spec:
diskGiB: 60
network:
devices:
- dhcp4: false
addressesFromPools:
- apiGroup: ipam.cluster.x-k8s.io
kind: InClusterIPPool
name: inclusterippool-${CLUSTER_NAME}
nameservers:
- {{ _template.network.dnsserver }}
networkName: '${VSPHERE_NETWORK}'
- target:
group: addons.cluster.x-k8s.io
version: v1beta1
kind: ClusterResourceSet
name: \${CLUSTER_NAME}-crs-0
patch: |-
- op: replace
path: /spec/resources
value:
- kind: Secret
name: cloud-controller-manager
- kind: Secret
name: cloud-provider-vsphere-credentials
- kind: ConfigMap
name: cpi-manifests
- op: add
path: /spec/strategy
value: Reconcile
- target:
group: controlplane.cluster.x-k8s.io
version: v1beta1
kind: KubeadmControlPlane
name: .*
patch: |-
- op: add
path: /spec/kubeadmConfigSpec/files/-
value:
content: |
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
append: true
path: /etc/containerd/config.toml
{% for registry in _template.registries %}
- op: add
path: /spec/kubeadmConfigSpec/files/-
value:
content: |
server = "https://{{ registry }}"
[host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"]
capabilities = ["pull", "resolve"]
override_path = true
owner: root:root
path: /etc/containerd/certs.d/{{ registry }}/hosts.toml
{% endfor %}
- op: add
path: /spec/kubeadmConfigSpec/files/-
value:
content: |
network: {config: disabled}
owner: root:root
path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
- op: add
path: /spec/kubeadmConfigSpec/files/-
value:
content: |
{{ _template.rootca | indent(width=10, first=False) | trim }}
owner: root:root
path: /usr/local/share/ca-certificates/root_ca.crt
- target:
group: bootstrap.cluster.x-k8s.io
version: v1beta1
kind: KubeadmConfigTemplate
name: .*
patch: |-
{% for cmd in _template.runcmds %}
- op: add
path: /spec/template/spec/preKubeadmCommands/-
value: {{ cmd }}
{% endfor %}
- target:
group: controlplane.cluster.x-k8s.io
version: v1beta1
kind: KubeadmControlPlane
name: .*
patch: |-
{% for cmd in _template.runcmds %}
- op: add
path: /spec/kubeadmConfigSpec/preKubeadmCommands/-
value: {{ cmd }}
{% endfor %}
- target:
group: infrastructure.cluster.x-k8s.io
version: v1beta1
kind: VSphereMachineTemplate
name: \${CLUSTER_NAME}
patch: |-
- op: replace
path: /metadata/name
value: ${CLUSTER_NAME}-master
- op: remove
path: /spec/template/spec/thumbprint
- target:
group: controlplane.cluster.x-k8s.io
version: v1beta1
kind: KubeadmControlPlane
name: \${CLUSTER_NAME}
patch: |-
- op: replace
path: /metadata/name
value: ${CLUSTER_NAME}-master
- op: replace
path: /spec/machineTemplate/infrastructureRef/name
value: ${CLUSTER_NAME}-master
- target:
group: cluster.x-k8s.io
version: v1beta1
kind: Cluster
name: \${CLUSTER_NAME}
patch: |-
- op: replace
path: /spec/clusterNetwork/pods
value:
cidrBlocks:
- 172.30.0.0/16
- op: replace
path: /spec/controlPlaneRef/name
value: ${CLUSTER_NAME}-master
- target:
group: infrastructure.cluster.x-k8s.io
version: v1beta1
kind: VSphereMachineTemplate
name: \${CLUSTER_NAME}-worker
patch: |-
- op: replace
path: /spec/template/spec/numCPUs
value: {{ _template.nodesize.cpu }}
- op: replace
path: /spec/template/spec/memoryMiB
value: {{ _template.nodesize.memory }}
- op: remove
path: /spec/template/spec/thumbprint
- target:
group: cluster.x-k8s.io
version: v1beta1
kind: MachineDeployment
name: \${CLUSTER_NAME}-md-0
patch: |-
- op: replace
path: /metadata/name
value: ${CLUSTER_NAME}-worker
- op: replace
path: /spec/template/spec/bootstrap/configRef/name
value: ${CLUSTER_NAME}-worker
- target:
group: bootstrap.cluster.x-k8s.io
version: v1beta1
kind: KubeadmConfigTemplate
name: \${CLUSTER_NAME}-md-0
patch: |-
- op: replace
path: /metadata/name
value: ${CLUSTER_NAME}-worker
- target:
group: infrastructure.cluster.x-k8s.io
version: v1beta1
kind: VSphereCluster
name: .*
patch: |-
- op: remove
path: /spec/thumbprint