Danny Bessems
e2e009aa3c
All checks were successful
continuous-integration/drone/push Build is passing
266 lines
7.5 KiB
Django/Jinja
266 lines
7.5 KiB
Django/Jinja
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
resources:
|
|
- cluster-template.yaml
|
|
|
|
patches:
|
|
- patch: |-
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: csi-vsphere-config
|
|
namespace: '${NAMESPACE}'
|
|
stringData:
|
|
data: |
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: csi-vsphere-config
|
|
namespace: kube-system
|
|
stringData:
|
|
csi-vsphere.conf: |+
|
|
[Global]
|
|
insecure-flag = true
|
|
thumbprint = "${VSPHERE_TLS_THUMBPRINT}"
|
|
cluster-id = "${NAMESPACE}/${CLUSTER_NAME}"
|
|
|
|
[VirtualCenter "${VSPHERE_SERVER}"]
|
|
user = "${VSPHERE_USERNAME}"
|
|
password = "${VSPHERE_PASSWORD}"
|
|
datacenters = "${VSPHERE_DATACENTER}"
|
|
|
|
[Network]
|
|
public-network = "${VSPHERE_NETWORK}"
|
|
type: Opaque
|
|
- patch: |-
|
|
apiVersion: controlplane.cluster.x-k8s.io/v1beta1
|
|
kind: KubeadmControlPlane
|
|
metadata:
|
|
name: '${CLUSTER_NAME}'
|
|
namespace: '${NAMESPACE}'
|
|
spec:
|
|
kubeadmConfigSpec:
|
|
clusterConfiguration:
|
|
imageRepository: registry.{{ _template.network.fqdn }}/kubeadm
|
|
ntp:
|
|
enabled: true
|
|
servers:
|
|
- 0.nl.pool.ntp.org
|
|
- 1.nl.pool.ntp.org
|
|
- patch: |-
|
|
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
|
|
kind: KubeadmConfigTemplate
|
|
metadata:
|
|
name: '${CLUSTER_NAME}-md-0'
|
|
namespace: '${NAMESPACE}'
|
|
spec:
|
|
template:
|
|
spec:
|
|
clusterConfiguration:
|
|
imageRepository: registry.{{ _template.network.fqdn }}/kubeadm
|
|
ntp:
|
|
enabled: true
|
|
servers:
|
|
- 0.nl.pool.ntp.org
|
|
- 1.nl.pool.ntp.org
|
|
- patch: |-
|
|
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
|
|
kind: KubeadmConfigTemplate
|
|
metadata:
|
|
name: '${CLUSTER_NAME}-md-0'
|
|
namespace: '${NAMESPACE}'
|
|
spec:
|
|
template:
|
|
spec:
|
|
files:
|
|
- content: |
|
|
[plugins."io.containerd.grpc.v1.cri".registry]
|
|
config_path = "/etc/containerd/certs.d"
|
|
append: true
|
|
path: /etc/containerd/config.toml
|
|
{% for registry in _template.registries %}
|
|
- content: |
|
|
server = "https://{{ registry }}"
|
|
|
|
[host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"]
|
|
capabilities = ["pull", "resolve"]
|
|
override_path = true
|
|
owner: root:root
|
|
path: /etc/containerd/certs.d/{{ registry }}/hosts.toml
|
|
{% endfor %}
|
|
- content: |
|
|
network: {config: disabled}
|
|
owner: root:root
|
|
path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
|
|
- content: |
|
|
{{ _template.rootca | indent(width=14, first=False) | trim }}
|
|
owner: root:root
|
|
path: /usr/local/share/ca-certificates/root_ca.crt
|
|
- patch: |-
|
|
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
|
|
kind: VSphereMachineTemplate
|
|
metadata:
|
|
name: ${CLUSTER_NAME}
|
|
namespace: '${NAMESPACE}'
|
|
spec:
|
|
template:
|
|
spec:
|
|
network:
|
|
devices:
|
|
- dhcp4: false
|
|
addressesFromPools:
|
|
- apiGroup: ipam.cluster.x-k8s.io
|
|
kind: InClusterIPPool
|
|
name: inclusterippool-${CLUSTER_NAME}
|
|
nameservers:
|
|
- {{ _template.network.dnsserver }}
|
|
networkName: '${VSPHERE_NETWORK}'
|
|
- patch: |-
|
|
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
|
|
kind: VSphereMachineTemplate
|
|
metadata:
|
|
name: ${CLUSTER_NAME}-worker
|
|
namespace: '${NAMESPACE}'
|
|
spec:
|
|
template:
|
|
spec:
|
|
network:
|
|
devices:
|
|
- dhcp4: false
|
|
addressesFromPools:
|
|
- apiGroup: ipam.cluster.x-k8s.io
|
|
kind: InClusterIPPool
|
|
name: inclusterippool-${CLUSTER_NAME}
|
|
nameservers:
|
|
- {{ _template.network.dnsserver }}
|
|
networkName: '${VSPHERE_NETWORK}'
|
|
|
|
- target:
|
|
group: controlplane.cluster.x-k8s.io
|
|
version: v1beta1
|
|
kind: KubeadmControlPlane
|
|
name: .*
|
|
patch: |-
|
|
- op: add
|
|
path: /spec/kubeadmConfigSpec/files/-
|
|
value:
|
|
content: |
|
|
[plugins."io.containerd.grpc.v1.cri".registry]
|
|
config_path = "/etc/containerd/certs.d"
|
|
append: true
|
|
path: /etc/containerd/config.toml
|
|
{% for registry in _template.registries %}
|
|
- op: add
|
|
path: /spec/kubeadmConfigSpec/files/-
|
|
value:
|
|
content: |
|
|
server = "https://{{ registry }}"
|
|
|
|
[host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"]
|
|
capabilities = ["pull", "resolve"]
|
|
override_path = true
|
|
owner: root:root
|
|
path: /etc/containerd/certs.d/{{ registry }}/hosts.toml
|
|
{% endfor %}
|
|
- op: add
|
|
path: /spec/kubeadmConfigSpec/files/-
|
|
value:
|
|
content: |
|
|
network: {config: disabled}
|
|
owner: root:root
|
|
path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
|
|
- op: add
|
|
path: /spec/kubeadmConfigSpec/files/-
|
|
value:
|
|
content: |
|
|
{{ _template.rootca | indent(width=12, first=False) | trim }}
|
|
owner: root:root
|
|
path: /usr/local/share/ca-certificates/root_ca.crt
|
|
- target:
|
|
group: bootstrap.cluster.x-k8s.io
|
|
version: v1beta1
|
|
kind: KubeadmConfigTemplate
|
|
name: .*
|
|
patch: |-
|
|
{% for cmd in _template.runcmds %}
|
|
- op: add
|
|
path: /spec/template/spec/preKubeadmCommands/-
|
|
value: {{ cmd }}
|
|
{% endfor %}
|
|
- target:
|
|
group: controlplane.cluster.x-k8s.io
|
|
version: v1beta1
|
|
kind: KubeadmControlPlane
|
|
name: .*
|
|
patch: |-
|
|
{% for cmd in _template.runcmds %}
|
|
- op: add
|
|
path: /spec/kubeadmConfigSpec/preKubeadmCommands/-
|
|
value: {{ cmd }}
|
|
{% endfor %}
|
|
|
|
- target:
|
|
group: infrastructure.cluster.x-k8s.io
|
|
version: v1beta1
|
|
kind: VSphereMachineTemplate
|
|
name: \${CLUSTER_NAME}
|
|
patch: |-
|
|
- op: replace
|
|
path: /metadata/name
|
|
value: ${CLUSTER_NAME}-master
|
|
- target:
|
|
group: controlplane.cluster.x-k8s.io
|
|
version: v1beta1
|
|
kind: KubeadmControlPlane
|
|
name: \${CLUSTER_NAME}
|
|
patch: |-
|
|
- op: replace
|
|
path: /metadata/name
|
|
value: ${CLUSTER_NAME}-master
|
|
- op: replace
|
|
path: /spec/machineTemplate/infrastructureRef/name
|
|
value: ${CLUSTER_NAME}-master
|
|
- target:
|
|
group: cluster.x-k8s.io
|
|
version: v1beta1
|
|
kind: Cluster
|
|
name: \${CLUSTER_NAME}
|
|
patch: |-
|
|
- op: replace
|
|
path: /spec/controlPlaneRef/name
|
|
value: ${CLUSTER_NAME}-master
|
|
|
|
- target:
|
|
group: infrastructure.cluster.x-k8s.io
|
|
version: v1beta1
|
|
kind: VSphereMachineTemplate
|
|
name: \${CLUSTER_NAME}-worker
|
|
patch: |-
|
|
- op: replace
|
|
path: /spec/template/spec/numCPUs
|
|
value: {{ _template.nodesize.cpu }}
|
|
- op: replace
|
|
path: /spec/template/spec/memoryMiB
|
|
value: {{ _template.nodesize.memory }}
|
|
- target:
|
|
group: cluster.x-k8s.io
|
|
version: v1beta1
|
|
kind: MachineDeployment
|
|
name: \${CLUSTER_NAME}-md-0
|
|
patch: |-
|
|
- op: replace
|
|
path: /metadata/name
|
|
value: ${CLUSTER_NAME}-worker
|
|
- op: replace
|
|
path: /spec/template/spec/bootstrap/configRef/name
|
|
value: ${CLUSTER_NAME}-worker
|
|
- target:
|
|
group: bootstrap.cluster.x-k8s.io
|
|
version: v1beta1
|
|
kind: KubeadmConfigTemplate
|
|
name: \${CLUSTER_NAME}-md-0
|
|
patch: |-
|
|
- op: replace
|
|
path: /metadata/name
|
|
value: ${CLUSTER_NAME}-worker
|