diff --git a/.github/workflows/cluster-chart-unit-test.yml b/.github/workflows/cluster-chart-unit-test.yml new file mode 100644 index 000000000..72a49533e --- /dev/null +++ b/.github/workflows/cluster-chart-unit-test.yml @@ -0,0 +1,27 @@ +name: cluster-chart-unit-test + +on: + push: + branches: [ main ] + paths: + - 'bootstrap/helm/cluster-api-cluster/**' + pull_request: + branches: [ main ] + paths: + - 'bootstrap/helm/cluster-api-cluster/**' +jobs: + helm-unit-test: + runs-on: ubuntu-latest + permissions: + contents: 'read' + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: install helm + uses: azure/setup-helm@v3 + with: + version: v3.12.3 + - name: install helm unit test + run: helm plugin install https://github.com/helm-unittest/helm-unittest.git + - name: run helm unit test + run: helm unittest ./bootstrap/helm/cluster-api-cluster diff --git a/bootstrap/helm/cluster-api-bootstrap/charts/cluster-api-bootstrap-0.1.2.tgz b/bootstrap/helm/cluster-api-bootstrap/charts/cluster-api-bootstrap-0.1.2.tgz new file mode 100644 index 000000000..f39e36719 Binary files /dev/null and b/bootstrap/helm/cluster-api-bootstrap/charts/cluster-api-bootstrap-0.1.2.tgz differ diff --git a/bootstrap/helm/cluster-api-cluster/.helmignore b/bootstrap/helm/cluster-api-cluster/.helmignore new file mode 100644 index 000000000..faeb926b1 --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/.helmignore @@ -0,0 +1,24 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +tests/ diff --git a/bootstrap/helm/cluster-api-cluster/Chart.yaml b/bootstrap/helm/cluster-api-cluster/Chart.yaml new file mode 100644 index 000000000..ff6b464bc --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: cluster-api-cluster +description: A Helm chart for Kubernetes +type: application +version: 0.1.40 +appVersion: "1.16.0" diff --git a/bootstrap/helm/cluster-api-cluster/README.md b/bootstrap/helm/cluster-api-cluster/README.md new file mode 100644 index 000000000..a0a0c9626 --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/README.md @@ -0,0 +1,3 @@ +# Cluster API Cluster + +A helm chart that deploys a cluster using the Cluster-API project diff --git a/bootstrap/helm/cluster-api-cluster/deps.yaml b/bootstrap/helm/cluster-api-cluster/deps.yaml new file mode 100644 index 000000000..37db77237 --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/deps.yaml @@ -0,0 +1,7 @@ +apiVersion: plural.sh/v1alpha1 +kind: Dependencies +metadata: + application: true + description: installs a cluster using cluster-api +spec: + dependencies: [] diff --git a/bootstrap/helm/cluster-api-cluster/templates/_helpers.tpl b/bootstrap/helm/cluster-api-cluster/templates/_helpers.tpl new file mode 100644 index 000000000..864e3c120 --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/_helpers.tpl @@ -0,0 +1,237 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cluster-api-cluster.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cluster-api-cluster.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cluster-api-cluster.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cluster-api-cluster.labels" -}} +helm.sh/chart: {{ include "cluster-api-cluster.chart" . }} +{{ include "cluster-api-cluster.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cluster-api-cluster.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cluster-api-cluster.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cluster-api-cluster.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "cluster-api-cluster.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Creates the Kubernetes version for the cluster +# TODO: this should actually be used to sanatize the `.Values.cluster.kubernetesVersion` value to what the providers support instead of defining these static versions +*/}} +{{- define "cluster.kubernetesVersion" -}} +{{- if .Values.cluster.kubernetesVersion -}} +{{ .Values.cluster.kubernetesVersion }} +{{- else if eq .Values.provider "aws" -}} +v1.24 +{{- else if eq .Values.provider "azure" -}} +v1.25.11 +{{- else if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}} +1.24.14-gke.2700 +{{- else if eq .Values.provider "kind" -}} +v1.25.11 +{{- end }} +{{- end }} + +{{/* +Create the kind for the infrastructureRef for the cluster +*/}} +{{- define "cluster.infrastructure.kind" -}} +{{- if and (eq .Values.provider "aws") (eq .Values.type "managed") -}} +AWSManagedCluster +{{- end }} +{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") -}} +AzureManagedCluster +{{- end }} +{{- if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}} +GCPManagedCluster +{{- end }} +{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}} +DockerCluster +{{- end }} +{{- end }} + +{{/* +Create the apiVersion for the infrastructureRef for the cluster +*/}} +{{- define "cluster.infrastructure.apiVersion" -}} +{{- if and (eq .Values.provider "aws") (eq .Values.type "managed") -}} +infrastructure.cluster.x-k8s.io/v1beta2 +{{- end }} +{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") -}} +infrastructure.cluster.x-k8s.io/v1beta1 +{{- end }} +{{- if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}} +infrastructure.cluster.x-k8s.io/v1beta1 +{{- end }} +{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}} +infrastructure.cluster.x-k8s.io/v1beta1 +{{- end }} +{{- end }} + +{{/* +Create the kind for the controlPlaneRef for the cluster +*/}} +{{- define "cluster.controlPlane.kind" -}} +{{- if and (eq .Values.provider "aws") (eq .Values.type "managed") -}} +AWSManagedControlPlane +{{- end }} +{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") -}} +AzureManagedControlPlane +{{- end }} +{{- if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}} +GCPManagedControlPlane +{{- end }} +{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}} +KubeadmControlPlane +{{- end }} +{{- end }} + +{{/* +Create the apiVersion for the controlPlaneRef for the cluster +*/}} +{{- define "cluster.controlPlane.apiVersion" -}} +{{- if and (eq .Values.provider "aws") (eq .Values.type "managed") -}} +controlplane.cluster.x-k8s.io/v1beta2 +{{- end }} +{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") -}} +infrastructure.cluster.x-k8s.io/v1beta1 +{{- end }} +{{- if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}} +infrastructure.cluster.x-k8s.io/v1beta1 +{{- end }} +{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}} +controlplane.cluster.x-k8s.io/v1beta1 +{{- end }} +{{- end }} + +{{/* +Create the kind for the infrastructureRef for the worker MachinePools +*/}} +{{- define "workers.infrastructure.kind" -}} +{{- if and (eq .Values.provider "aws") (eq .Values.type "managed") -}} +AWSManagedMachinePool +{{- end }} +{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") -}} +AzureManagedMachinePool +{{- end }} +{{- if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}} +GCPManagedMachinePool +{{- end }} +{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}} +DockerMachinePool +{{- end }} +{{- end }} + +{{/* +Create the apiVersion for the infrastructureRef for the worker MachinePools +*/}} +{{- define "workers.infrastructure.apiVersion" -}} +{{- if and (eq .Values.provider "aws") (eq .Values.type "managed") -}} +infrastructure.cluster.x-k8s.io/v1beta2 +{{- end }} +{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") -}} +infrastructure.cluster.x-k8s.io/v1beta1 +{{- end }} +{{- if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}} +infrastructure.cluster.x-k8s.io/v1beta1 +{{- end }} +{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}} +infrastructure.cluster.x-k8s.io/v1beta1 +{{- end }} +{{- end }} + +{{/* +Create the configRef for the worker MachinePools +*/}} +{{- define "workers.configref" -}} +{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}} +configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: worker-mp-config +{{- end }} +{{- end }} + +{{/* +Create a MachinePool for the given values + ctx = . context + name = the name of the MachinePool resource + values = the values for this specific MachinePool resource + defaultVals = the default values for the MachinePool resource +*/}} +{{- define "workers.machinePool" -}} +{{- $replicas := (.values | default dict).replicas | default .defaultVals.replicas }} +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: {{ .name }} + annotations: + helm.sh/resource-policy: keep +spec: + clusterName: {{ .ctx.Values.cluster.name }} + replicas: {{ $replicas }} + template: + spec: + {{- if or (eq .ctx.Values.provider "gcp") (eq .ctx.Values.provider "azure") (eq .ctx.Values.provider "kind") }} + version: {{ .values.kubernetesVersion | default (include "cluster.kubernetesVersion" .ctx) }} + {{- end }} + clusterName: {{ .ctx.Values.cluster.name }} + bootstrap: + {{- if or (eq .ctx.Values.provider "gcp") (eq .ctx.Values.provider "azure") (eq .ctx.Values.provider "aws") }} + dataSecretName: "" + {{- end }} + {{- if eq .ctx.Values.provider "kind" }} + {{- include "workers.configref" .ctx | nindent 8 }} + {{- end }} + infrastructureRef: + name: {{ .name }} + apiVersion: {{ include "workers.infrastructure.apiVersion" .ctx }} + kind: {{ include "workers.infrastructure.kind" .ctx }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-cluster/templates/aws/_helpers.tpl b/bootstrap/helm/cluster-api-cluster/templates/aws/_helpers.tpl new file mode 100644 index 000000000..26d07d0f4 --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/aws/_helpers.tpl @@ -0,0 +1,100 @@ +{{/* +Function to template an AWSManagedMachinePool resource. +Params: + ctx = . context + name = the name of the AWSManagedMachinePool resource + defaultVals = the default values for the AWSManagedMachinePool resource + values = the values for this specific AWSManagedMachinePool resource + availabilityZones = the availability zones for the AWSManagedMachinePool +*/}} +{{- define "workers.aws.managedMachinePool" -}} +{{- $validAmiTypes := (list "AL2_x86_64" "AL2_x86_64_GPU" "AL2_ARM_64") -}} +{{- $validCapacityTypes := (list "onDemand" "spot") -}} +{{- $amiType := (.values.spec | default dict).amiType | default .defaultVals.spec.amiType }} +{{- if not (has $amiType $validAmiTypes) }} + {{- fail (printf "Invalid value for amiType: %s. Expected one of: %s" $amiType $validAmiTypes) }} +{{- end }} +{{- $capacityType := (.values.spec | default dict).capacityType | default .defaultVals.spec.capacityType }} +{{- if not (has $capacityType $validCapacityTypes) }} + {{- fail (printf "Invalid value for capacityType: %s. Expected one of: %s" $capacityType $validCapacityTypes) }} +{{- end }} +{{- $scaling := (.values.spec | default dict).scaling | default .defaultVals.spec.scaling }} +{{- if $scaling }} +{{- if not (and (hasKey $scaling "minSize") (hasKey $scaling "maxSize")) }} + {{- fail (printf "Invalid value for scaling. Both minSize and maxSize must be set") }} +{{- end }} +{{- end }} +{{- $updateConfig := (.values.spec | default dict).updateConfig | default .defaultVals.spec.updateConfig }} +{{- if $updateConfig }} +{{- if and (hasKey $updateConfig "maxUnavailable") (hasKey $updateConfig "maxSurge") }} + {{- fail (printf "Invalid value for updateConfig. Only one of maxUnavailable and maxSurge can be set") }} +{{- end }} +{{- end }} +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: AWSManagedMachinePool +metadata: + annotations: + helm.sh/resource-policy: keep + {{- if (hasKey .values "annotations") -}} + {{- toYaml (merge .values.annotations .defaultVals.annotations)| nindent 4 }} + {{- else -}} + {{- toYaml .defaultVals.annotations | nindent 4 }} + {{- end }} + labels: + {{- if (hasKey .values "labels") -}} + {{- toYaml (merge .values.labels .defaultVals.labels)| nindent 4 }} + {{- else -}} + {{- toYaml .defaultVals.labels | nindent 4 }} + {{- end }} + name: {{ .name }} +spec: + amiType: {{ $amiType }} + amiVersion: {{ (.values.spec | default dict).amiVersion | default .defaultVals.spec.amiVersion }} + capacityType: {{ $capacityType }} + diskSize: {{ (.values.spec | default dict).diskSize | default .defaultVals.spec.diskSize }} + eksNodegroupName: {{ .name }} + instanceType: {{ (.values.spec | default dict).instanceType | default .defaultVals.spec.instanceType }} + {{- if or (.defaultVals.spec.roleName) ((.values.spec | default dict).roleName) }} + roleName: {{ (.values.spec | default dict).roleName | default .defaultVals.spec.roleName }} + {{- end }} + {{- if $scaling }} + scaling: + {{- toYaml $scaling | nindent 4 }} + {{- end }} + {{- if .availabilityZones }} + availabilityZones: {{- toYaml .availabilityZones | nindent 2 }} + {{- end}} + {{- if or (.defaultVals.spec.subnetIDs) ((.values.spec | default dict).subnetIDs) }} + subnetIDs: + {{- toYaml ((.values.spec | default dict).subnetIDs | default .defaultVals.spec.subnetIDs) | nindent 2 }} + {{- end }} + labels: + {{- if (dig "spec" "labels" .values) -}} + {{- toYaml (merge .values.spec.labels .defaultVals.spec.labels)| nindent 4 }} + {{- else -}} + {{- toYaml .defaultVals.spec.labels | nindent 4 }} + {{- end }} + {{- if eq (len .availabilityZones) 1 }} + topology.ebs.csi.aws.com/zone: {{ index .availabilityZones 0 }} + {{- end }} + {{- if or (.defaultVals.spec.taints) ((.values.spec | default dict).taints) }} + taints: + {{- toYaml ((.values.spec | default dict).taints | default .defaultVals.spec.taints) | nindent 2 }} + {{- end }} + {{- if $updateConfig }} + updateConfig: + {{- toYaml $updateConfig | nindent 4 }} + {{- end }} + additionalTags: + {{- if (dig "spec" "additionalTags" .values) }} + {{- toYaml (merge .values.spec.additionalTags .defaultVals.spec.additionalTags) | nindent 4 }} + {{- else -}} + {{- toYaml .defaultVals.spec.additionalTags | nindent 4 }} + {{- end }} + {{- if or (.defaultVals.spec.roleAdditionalPolicies) ((.values.spec | default dict).roleAdditionalPolicies) }} + roleAdditionalPolicies: + {{- toYaml ((.values.spec | default dict).roleAdditionalPolicies | default .defaultVals.spec.roleAdditionalPolicies) | nindent 2 }} + {{- end }} +--- +{{- include "workers.machinePool" (dict "ctx" .ctx "name" .name "values" .values "defaultVals" .defaultVals) }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-cluster/templates/aws/cluster.yaml b/bootstrap/helm/cluster-api-cluster/templates/aws/cluster.yaml new file mode 100644 index 000000000..326e45aac --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/aws/cluster.yaml @@ -0,0 +1,17 @@ +{{- if and (eq .Values.provider "aws") (eq .Values.type "managed") -}} +kind: AWSManagedCluster +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +metadata: + name: {{ .Values.cluster.name }} + annotations: + helm.sh/resource-policy: keep + {{- if .Values.cluster.aws.controlPlaneEndpoint}} + {{- with .Values.cluster.aws.controlPlaneEndpoint }} +spec: + controlPlaneEndpoint: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- else }} +spec: {} + {{- end }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-cluster/templates/aws/control-plane.yaml b/bootstrap/helm/cluster-api-cluster/templates/aws/control-plane.yaml new file mode 100644 index 000000000..fd37fdf61 --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/aws/control-plane.yaml @@ -0,0 +1,84 @@ +{{- if and (eq .Values.provider "aws") (eq .Values.type "managed") -}} +kind: AWSManagedControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 +metadata: + name: {{ .Values.cluster.name }} + annotations: + helm.sh/resource-policy: keep +spec: + region: {{ .Values.cluster.aws.region }} + sshKeyName: {{ .Values.cluster.aws.sshKeyName }} + version: {{ include "cluster.kubernetesVersion" . }} + {{- with .Values.cluster.aws.addons }} + addons: + {{- toYaml . | nindent 4 }} + {{- end }} + eksClusterName: {{ .Values.cluster.name }} + {{- with .Values.cluster.aws.network }} + network: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.cluster.aws.identityRef }} + identityRef: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.cluster.aws.secondaryCidrBlock }} + secondaryCidrBlock: {{ .Values.cluster.aws.secondaryCidrBlock }} + {{- end }} + {{- if .Values.cluster.aws.roleName }} + roleName: {{ .Values.cluster.aws.roleName }} + {{- end }} + {{- with .Values.cluster.aws.roleAdditionalPolicies }} + roleAdditionalPolicies: + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.cluster.aws.logging }} + logging: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.cluster.aws.encryptionConfig }} + encryptionConfig: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.cluster.aws.additionalTags }} + additionalTags: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or (.Values.cluster.aws.iamAuthenticatorConfig.mapRoles) (.Values.cluster.aws.iamAuthenticatorConfig.mapUsers) }} + iamAuthenticatorConfig: + {{- with .Values.cluster.aws.iamAuthenticatorConfig.mapRoles }} + mapRoles: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.cluster.aws.iamAuthenticatorConfig.mapUsers }} + mapUsers: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- with .Values.cluster.aws.endpointAccess }} + endpointAccess: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.cluster.aws.bastion }} + bastion: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.cluster.aws.tokenMethod }} + tokenMethod: {{ .Values.cluster.aws.tokenMethod }} + {{- end }} + {{- if .Values.cluster.aws.associateOIDCProvider }} + associateOIDCProvider: {{ .Values.cluster.aws.associateOIDCProvider }} + {{- end }} + {{- with .Values.cluster.aws.oidcIdentityProviderConfig }} + oidcIdentityProviderConfig: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.cluster.aws.vpcCni }} + vpcCni: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.cluster.aws.kubeProxy }} + kubeProxy: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-cluster/templates/aws/machinepools.yaml b/bootstrap/helm/cluster-api-cluster/templates/aws/machinepools.yaml new file mode 100644 index 000000000..6285bcce7 --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/aws/machinepools.yaml @@ -0,0 +1,22 @@ +{{- if and (eq .Values.provider "aws") (eq .Values.type "managed") -}} +{{- $currentScope := . -}} +{{- $defaultVals := .Values.workers.defaults.aws -}} +{{- range $name, $values := .Values.workers.aws }} +{{- with $currentScope }} +{{- $isMultiAZ := ($values | default dict).isMultiAZ | default $defaultVals.isMultiAZ }} +{{- $availabilityZones := ($values.spec | default dict).availabilityZones | default $defaultVals.spec.availabilityZones }} +{{- if and (not $isMultiAZ) (not $availabilityZones) }} + {{- fail (printf "Invalid value for isMultiAZ. availabilityZones must be set") }} +{{- end }} +{{- if not $isMultiAZ }} +{{ range $az := $availabilityZones }} +{{- include "workers.aws.managedMachinePool" (dict "ctx" $currentScope "name" (printf "%s-%s" $name $az) "defaultVals" $defaultVals "values" $values "availabilityZones" (list $az)) }} +--- +{{- end }} +{{- else }} +{{- include "workers.aws.managedMachinePool" (dict "ctx" $currentScope "name" $name "defaultVals" $defaultVals "values" $values "availabilityZones" $availabilityZones) }} +--- +{{- end }} +{{- end }} +{{- end }} +{{ end }} diff --git a/bootstrap/helm/cluster-api-cluster/templates/azure/_helpers.tpl b/bootstrap/helm/cluster-api-cluster/templates/azure/_helpers.tpl new file mode 100644 index 000000000..48fe04909 --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/azure/_helpers.tpl @@ -0,0 +1,112 @@ +{{/* +Name of the AzureClusterIdentity used for bootstrapping +*/}} +{{- define "azure-bootstrap.cluster-identity-name" -}} +{{- printf "%s-azure-bootstrap-identity" .Release.Name | trunc 63 }} +{{- end }} + +{{/* +Name of the secret for the AzureClusterIdentity used for bootstrapping +*/}} +{{- define "azure-bootstrap.identity-credentials" -}} +{{- printf "%s-azure-bootstrap-credentials" .Release.Name | trunc 63 }} +{{- end }} + +{{/* +Name of the AAD Pod Identity used for bootstrapping +*/}} +{{- define "azure-bootstrap.pod-identity-name" -}} +{{- printf "%s-%s-%s" .Values.cluster.name .Release.Namespace (include "azure-bootstrap.cluster-identity-name" .) }} +{{- end }} + +{{/* +Name of the AAD Pod Identity Binding used for bootstrapping +*/}} +{{- define "azure-bootstrap.pod-identity-binding" -}} +{{- printf "%s-binding" (include "azure-bootstrap.pod-identity-name" .) }} +{{- end }} + +{{/* +Function to template an AzureManagedMachinePool resource. +Params: + ctx = . context + name = the name of the AzureManagedMachinePool resource + defaultVals = the default values for the AzureManagedMachinePool resource + values = the values for this specific AzureManagedMachinePool resource + availabilityZones = the availability zones for the AzureManagedMachinePool +*/}} +{{- define "workers.azure.managedMachinePool" -}} +{{- $scaling := (.values.spec | default dict).scaling | default .defaultVals.spec.scaling }} +{{- if $scaling }} +{{- if not (and (hasKey $scaling "minSize") (hasKey $scaling "maxSize")) }} + {{- fail (printf "Invalid value for scaling. Both minSize and maxSize must be set") }} +{{- end }} +{{- end }} +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureManagedMachinePool +metadata: + annotations: + helm.sh/resource-policy: keep + {{- if (hasKey .values "annotations") -}} + {{- toYaml (merge .values.annotations .defaultVals.annotations)| nindent 4 }} + {{- else -}} + {{- toYaml .defaultVals.annotations | nindent 4 }} + {{- end }} + labels: + {{- if (hasKey .values "labels") -}} + {{- toYaml (merge .values.labels .defaultVals.labels)| nindent 4 }} + {{- else -}} + {{- toYaml .defaultVals.labels | nindent 4 }} + {{- end }} + name: {{ .name }} +spec: + name: {{ .name }} + additionalTags: + {{- if (dig "spec" "additionalTags" .values) -}} + {{- toYaml (merge .values.spec.additionalTags .defaultVals.spec.additionalTags)| nindent 4 }} + {{- else }} + {{- toYaml .defaultVals.spec.additionalTags | nindent 4 }} + {{- end }} + mode: {{ (.values.spec | default dict).mode | default .defaultVals.spec.mode }} + sku: {{ (.values.spec | default dict).sku | default .defaultVals.spec.sku }} + osDiskSizeGB: {{ (.values.spec | default dict).osDiskSizeGB | default .defaultVals.spec.osDiskSizeGB }} + availabilityZones: {{- toYaml .availabilityZones | nindent 2 }} + nodeLabels: + {{- if (dig "spec" "nodeLabels" .values) -}} + {{- toYaml (merge .values.spec.nodeLabels .defaultVals.spec.nodeLabels)| nindent 4 }} + {{- else -}} + {{- toYaml .defaultVals.spec.nodeLabels | nindent 4 }} + {{- end }} + {{- if or (.defaultVals.spec.taints) ((.values.spec | default dict).taints) }} + taints: + {{- toYaml ((.values.spec | default dict).taints | default .defaultVals.spec.taints) | nindent 2 }} + {{- end }} + {{- if $scaling }} + scaling: + {{- toYaml $scaling | nindent 4 }} + {{- end }} + {{- if or (.defaultVals.spec.scaleDownMode) ((.values.spec | default dict).scaleDownMode) }} + scaleDownMode: {{ (.values.spec | default dict).scaleDownMode | default .defaultVals.spec.scaleDownMode }} + {{- end }} + {{- if or (.defaultVals.spec.spotMaxPrice) ((.values.spec | default dict).spotMaxPrice) }} + spotMaxPrice: {{ (.values.spec | default dict).spotMaxPrice | default .defaultVals.spec.spotMaxPrice }} + {{- end }} + maxPods: {{ (.values.spec | default dict).maxPods | default .defaultVals.spec.maxPods }} + osDiskType: {{ (.values.spec | default dict).osDiskType | default .defaultVals.spec.osDiskType }} + {{- if or (.defaultVals.spec.scaleSetPriority) ((.values.spec | default dict).scaleSetPriority) }} + scaleSetPriority: {{ (.values.spec | default dict).scaleSetPriority | default .defaultVals.spec.scaleSetPriority }} + {{- end }} + osType: {{ (.values.spec | default dict).osType | default .defaultVals.spec.osType }} + enableNodePublicIP: {{ (.values.spec | default dict).enableNodePublicIP | default .defaultVals.spec.enableNodePublicIP }} + nodePublicIPPrefixID: {{ (.values.spec | default dict).nodePublicIPPrefixID | default .defaultVals.spec.nodePublicIPPrefixID }} + {{- if or (.defaultVals.spec.kubeletConfig) ((.values.spec | default dict).kubeletConfig) }} + kubeletConfig: + {{- toYaml ((.values.spec | default dict).kubeletConfig | default .defaultVals.spec.kubeletConfig) | nindent 2 }} + {{- end }} + {{- if or (.defaultVals.spec.linuxOSConfig) ((.values.spec | default dict).linuxOSConfig) }} + linuxOSConfig: + {{- toYaml ((.values.spec | default dict).linuxOSConfig | default .defaultVals.spec.linuxOSConfig) | nindent 2 }} + {{- end }} +--- +{{- include "workers.machinePool" (dict "ctx" .ctx "name" .name "values" .values "defaultVals" .defaultVals) }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-cluster/templates/azure/bootstrap-cluster-identity.yaml b/bootstrap/helm/cluster-api-cluster/templates/azure/bootstrap-cluster-identity.yaml new file mode 100644 index 000000000..b8a32402b --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/azure/bootstrap-cluster-identity.yaml @@ -0,0 +1,62 @@ +{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") .Values.cluster.azure.clusterIdentity.bootstrapMode -}} +kind: AzureClusterIdentity +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +metadata: + name: {{ include "azure-bootstrap.cluster-identity-name" . }} + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + {{- include "cluster-api-cluster.labels" . | nindent 4 }} +spec: + type: ServicePrincipal + allowedNamespaces: {} + tenantID: {{ .Values.cluster.azure.clusterIdentity.tenantID }} + clientID: {{ .Values.cluster.azure.clusterIdentity.bootstrapCredentials.clientID }} + clientSecret: + name: {{ include "azure-bootstrap.identity-credentials" . }} + namespace: {{ .Release.Namespace }} +--- +kind: Secret +apiVersion: v1 +metadata: + name: {{ include "azure-bootstrap.identity-credentials" . }} + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + {{- include "cluster-api-cluster.labels" . | nindent 4 }} +type: Opaque +data: + clientSecret: {{ .Values.cluster.azure.clusterIdentity.bootstrapCredentials.clientSecret | b64enc | quote }} +--- +apiVersion: aadpodidentity.k8s.io/v1 +kind: AzureIdentity +metadata: + name: {{ include "azure-bootstrap.pod-identity-name" . }} + labels: + azurecluster.infrastructure.cluster.x-k8s.io/cluster-namespace: {{ .Release.Namespace }} + cluster.x-k8s.io/cluster-name: {{ .Values.cluster.name }} + clusterctl.cluster.x-k8s.io/move-hierarchy: 'true' + {{- include "cluster-api-cluster.labels" . | nindent 4 }} + annotations: + aadpodidentity.k8s.io/Behavior: namespaced +spec: + adEndpoint: https://login.microsoftonline.com/ + adResourceID: https://management.azure.com/ + clientID: {{ .Values.cluster.azure.clusterIdentity.bootstrapCredentials.clientID }} + clientPassword: + name: {{ include "azure-bootstrap.identity-credentials" . }} + namespace: {{ .Release.Namespace }} + tenantID: {{ .Values.cluster.azure.clusterIdentity.tenantID }} + type: 1 +--- +apiVersion: aadpodidentity.k8s.io/v1 +kind: AzureIdentityBinding +metadata: + name: {{ include "azure-bootstrap.pod-identity-binding" . }} + labels: + azurecluster.infrastructure.cluster.x-k8s.io/cluster-namespace: {{ .Release.Namespace }} + cluster.x-k8s.io/cluster-name: {{ .Values.cluster.name }} + clusterctl.cluster.x-k8s.io/move-hierarchy: 'true' + {{- include "cluster-api-cluster.labels" . | nindent 4 }} +spec: + azureIdentity: {{ include "azure-bootstrap.pod-identity-name" . }} + selector: capz-controller-aadpodidentity-selector +{{- end }} diff --git a/bootstrap/helm/cluster-api-cluster/templates/azure/cluster-workload-identity.yaml b/bootstrap/helm/cluster-api-cluster/templates/azure/cluster-workload-identity.yaml new file mode 100644 index 000000000..3efdd1aa8 --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/azure/cluster-workload-identity.yaml @@ -0,0 +1,16 @@ +{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") (not .Values.cluster.azure.clusterIdentity.bootstrapMode) .Values.cluster.azure.clusterIdentity.workloadIdentity.enabled }} +kind: AzureClusterIdentity +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +metadata: + name: {{ .Values.cluster.azure.clusterIdentity.workloadIdentity.name }} + labels: + cluster.x-k8s.io/provider: infrastructure-azure + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + {{- include "cluster-api-cluster.labels" . | nindent 4 }} +spec: + type: WorkloadIdentity + allowedNamespaces: + {{- toYaml .Values.cluster.azure.clusterIdentity.workloadIdentity.allowedNamespaces | nindent 4 }} + clientID: {{ .Values.cluster.azure.clusterIdentity.workloadIdentity.clientID }} + tenantID: {{ .Values.cluster.azure.clusterIdentity.tenantID }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-cluster/templates/azure/cluster.yaml b/bootstrap/helm/cluster-api-cluster/templates/azure/cluster.yaml new file mode 100644 index 000000000..9c40dfe1e --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/azure/cluster.yaml @@ -0,0 +1,9 @@ +{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") -}} +kind: AzureManagedCluster +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +metadata: + name: {{ .Values.cluster.name }} + annotations: + helm.sh/resource-policy: keep +spec: {} +{{- end }} diff --git a/bootstrap/helm/cluster-api-cluster/templates/azure/control-plane.yaml b/bootstrap/helm/cluster-api-cluster/templates/azure/control-plane.yaml new file mode 100644 index 000000000..842739cfa --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/azure/control-plane.yaml @@ -0,0 +1,65 @@ +{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") -}} +kind: AzureManagedControlPlane +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +metadata: + name: {{ .Values.cluster.name }} + annotations: + helm.sh/resource-policy: keep +spec: + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + {{- if .Values.cluster.azure.clusterIdentity.bootstrapMode }} + name: {{ include "azure-bootstrap.cluster-identity-name" . }} + {{- else if .Values.cluster.azure.clusterIdentity.workloadIdentity.enabled }} + name: {{ .Values.cluster.azure.clusterIdentity.workloadIdentity.name }} + {{- else }} + name: {{ .Values.cluster.azure.clusterIdentity.name }} + {{- end }} + namespace: {{ .Release.Namespace }} + location: {{ .Values.cluster.azure.location }} + resourceGroupName: {{ .Values.cluster.azure.resourceGroupName }} + nodeResourceGroupName: {{ .Values.cluster.azure.nodeResourceGroupName }} + subscriptionID: {{ .Values.cluster.azure.subscriptionID }} + version: {{ include "cluster.kubernetesVersion" . }} + {{- if ne .Values.cluster.azure.sshPublicKey "skip" }} + sshPublicKey: {{ .Values.cluster.azure.sshPublicKey | quote }} + {{- end }} + {{- with .Values.cluster.azure.virtualNetwork }} + virtualNetwork: + {{- toYaml . | nindent 4 }} + {{- end }} + networkPlugin: {{ .Values.cluster.azure.networkPlugin }} + networkPolicy: {{ .Values.cluster.azure.networkPolicy }} + outboundType: {{ .Values.cluster.azure.outboundType }} + dnsServiceIP: {{ .Values.cluster.azure.dnsServiceIP }} + {{- with .Values.cluster.azure.identity }} + identity: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.cluster.azure.sku }} + sku: + {{- toYaml . | nindent 4 }} + {{- end }} + loadBalancerSKU: {{ .Values.cluster.azure.loadBalancerSKU }} + {{- with .Values.cluster.azure.aadProfile }} + aadProfile: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.cluster.azure.loadBalancerProfile }} + loadBalancerProfile: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.cluster.azure.apiServerAccessProfile }} + apiServerAccessProfile: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.cluster.azure.autoscalerProfile }} + autoscalerProfile: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.cluster.azure.addonProfiles }} + addonProfiles: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-cluster/templates/azure/machine-pools.yaml b/bootstrap/helm/cluster-api-cluster/templates/azure/machine-pools.yaml new file mode 100644 index 000000000..6f1a03f6a --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/azure/machine-pools.yaml @@ -0,0 +1,22 @@ +{{- if and (eq .Values.provider "azure") (eq .Values.type "managed") -}} +{{- $currentScope := . -}} +{{- $defaultVals := .Values.workers.defaults.azure -}} +{{- range $name, $values := .Values.workers.azure }} +{{- with $currentScope}} +{{- $isMultiAZ := ($values | default dict).isMultiAZ | default $defaultVals.isMultiAZ }} +{{- $availabilityZones := ($values.spec | default dict).availabilityZones | default $defaultVals.spec.availabilityZones }} +{{- if and (not $isMultiAZ) (not $availabilityZones) }} + {{- fail (printf "Invalid value for isMultiAZ. availabilityZones must be set") }} +{{- end }} +{{- if not $isMultiAZ }} +{{ range $az := $availabilityZones }} +{{- include "workers.azure.managedMachinePool" (dict "ctx" $currentScope "name" (printf "%s%s" $name $az) "defaultVals" $defaultVals "values" $values "availabilityZones" (list $az)) }} +--- +{{- end }} +{{- else }} +{{- include "workers.azure.managedMachinePool" (dict "ctx" $currentScope "name" $name "defaultVals" $defaultVals "values" $values "availabilityZones" $availabilityZones) }} +--- +{{- end }} +{{- end }} +{{- end }} +{{ end }} diff --git a/bootstrap/helm/cluster-api-cluster/templates/cluster.yaml b/bootstrap/helm/cluster-api-cluster/templates/cluster.yaml new file mode 100644 index 000000000..3d729804c --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/cluster.yaml @@ -0,0 +1,24 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: {{ .Values.cluster.name }} + annotations: + helm.sh/resource-policy: keep +spec: + clusterNetwork: + {{- with .Values.cluster.podCidrBlocks }} + pods: + cidrBlocks: {{ toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.cluster.serviceCidrBlocks }} + services: + cidrBlocks: {{ toYaml . | nindent 6 }} + {{- end }} + infrastructureRef: + kind: {{ include "cluster.infrastructure.kind" . }} + apiVersion: {{ include "cluster.infrastructure.apiVersion" . }} + name: {{ .Values.cluster.name }} + controlPlaneRef: + kind: {{ include "cluster.controlPlane.kind" . }} + apiVersion: {{ include "cluster.controlPlane.apiVersion" . }} + name: {{ .Values.cluster.name }} diff --git a/bootstrap/helm/cluster-api-cluster/templates/gcp/_helpers.tpl b/bootstrap/helm/cluster-api-cluster/templates/gcp/_helpers.tpl new file mode 100644 index 000000000..2cc1a9617 --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/gcp/_helpers.tpl @@ -0,0 +1,73 @@ +{{/* +Function to template an GCPManagedMachinePool resource. +Params: + ctx = . context + name = the name of the GCPManagedMachinePool resource + defaultVals = the default values for the GCPManagedMachinePool resource + values = the values for this specific GCPManagedMachinePool resource + availabilityZones = the availability zones for the GCPManagedMachinePool +*/}} +{{- define "workers.gcp.managedMachinePool" -}} +{{- $scaling := (.values.spec | default dict).scaling | default .defaultVals.spec.scaling }} +{{- if $scaling }} +{{- if not (and (hasKey $scaling "minCount") (hasKey $scaling "maxCount")) }} + {{- fail (printf "Invalid value for scaling. Both minCount and maxCount must be set") }} +{{- end }} +{{- end }} +{{- $management := (.values.spec | default dict).management | default .defaultVals.spec.management }} +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: GCPManagedMachinePool +metadata: + name: {{ .name }} + annotations: + helm.sh/resource-policy: keep + {{- if (hasKey .values "annotations") -}} + {{- toYaml (merge .values.annotations .defaultVals.annotations)| nindent 4 }} + {{- else -}} + {{- toYaml .defaultVals.annotations | nindent 4 }} + {{- end }} + labels: + {{- if (hasKey .values "labels") -}} + {{- toYaml (merge .values.labels .defaultVals.labels)| nindent 4 }} + {{- else -}} + {{- toYaml .defaultVals.labels | nindent 4 }} + {{- end }} +spec: + nodePoolName: {{ .name }} + {{- if $scaling }} + scaling: + {{- toYaml $scaling | nindent 4 }} + {{- end }} + {{- if $management }} + management: + {{- toYaml $management | nindent 4 }} + {{- end }} + kubernetesLabels: + {{- if (dig "spec" "kubernetesLabels" .values) }} + {{- toYaml (merge .values.spec.kubernetesLabels .defaultVals.spec.kubernetesLabels) | nindent 4 }} + {{- else }} + {{- toYaml .defaultVals.spec.kubernetesLabels | nindent 4 }} + {{- end }} + {{- if or (.defaultVals.spec.kubernetesTaints) ((.values.spec | default dict).kubernetesTaints) }} + kubernetesTaints: + {{- toYaml ((.values.spec | default dict).kubernetesTaints | default .defaultVals.spec.kubernetesTaints) | nindent 4 }} + {{- end }} + additionalLabels: + {{- if (dig "spec" "additionalLabels" .values) }} + {{- toYaml (merge .values.spec.additionalLabels .defaultVals.spec.additionalLabels) | nindent 4 }} + {{- else }} + {{- toYaml .defaultVals.spec.additionalLabels | nindent 4 }} + {{- end }} + {{- if .values.spec.providerIDList }} + providerIDList: + {{- toYaml .values.spec.providerIDList | nindent 2 }} + {{- end }} + machineType: {{ (.values.spec | default dict).machineType | default .defaultVals.spec.machineType }} + diskSizeGb: {{ (.values.spec | default dict).diskSizeGb | default .defaultVals.spec.diskSizeGb }} + diskType: {{ (.values.spec | default dict).diskType | default .defaultVals.spec.diskType }} + spot: {{ (.values.spec | default dict).spot | default .defaultVals.spec.spot }} + preemptible: {{ (.values.spec | default dict).preemptible | default .defaultVals.spec.preemptible }} + imageType: {{ (.values.spec | default dict).imageType | default .defaultVals.spec.imageType }} +--- +{{- include "workers.machinePool" (dict "ctx" .ctx "name" .name "values" .values "defaultVals" .defaultVals) }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-cluster/templates/gcp/cluster.yaml b/bootstrap/helm/cluster-api-cluster/templates/gcp/cluster.yaml new file mode 100644 index 000000000..3f1c22da5 --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/gcp/cluster.yaml @@ -0,0 +1,42 @@ +{{- if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}} +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: GCPManagedCluster +metadata: + name: {{ .Values.cluster.name }} + annotations: + helm.sh/resource-policy: keep +spec: + project: {{ .Values.cluster.gcp.project }} + region: {{ .Values.cluster.gcp.region }} + {{- with .Values.cluster.gcp.additionalLabels }} + additionalLabels: + {{- . | toYaml | nindent 4 }} + {{- end }} + controlPlaneEndpoint: + host: "" + port: 0 + {{- with .Values.cluster.gcp.addonsConfig }} + addonsConfig: + {{- . | toYaml | nindent 4 }} + {{- end }} + network: + {{- with .Values.cluster.gcp.network }} + name: {{ .name }} + autoCreateSubnetworks: {{ .autoCreateSubnetworks }} + datapathProvider: {{ .datapathProvider }} + {{- end }} + subnets: + {{- range .Values.cluster.gcp.subnets }} + - name: {{ .name }} + region: {{ $.Values.cluster.gcp.region }} + cidrBlock: {{ .cidrBlock }} + description: {{ .description }} + {{- with .secondaryCidrBlocks }} + secondaryCidrBlocks: + {{- . | toYaml | nindent 10 }} + {{- end }} + privateGoogleAccess: {{ .privateGoogleAccess }} + enableFlowLogs: {{ .enableFlowLogs }} + purpose: {{ .purpose }} + {{- end }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-cluster/templates/gcp/control-plane.yaml b/bootstrap/helm/cluster-api-cluster/templates/gcp/control-plane.yaml new file mode 100644 index 000000000..863930ba3 --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/gcp/control-plane.yaml @@ -0,0 +1,23 @@ +{{- if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}} +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: GCPManagedControlPlane +metadata: + name: {{ .Values.cluster.name }} + annotations: + helm.sh/resource-policy: keep +spec: + clusterName: {{ .Values.cluster.name }} + {{- with .Values.cluster.gcp }} + project: {{ .project }} + location: {{ .region }} + enableAutopilot: {{ .enableAutopilot | default false }} + enableWorkloadIdentity: {{ .enableWorkloadIdentity }} + {{- if ne .releaseChannel "unspecified" }} + releaseChannel: {{ .releaseChannel }} + {{- end }} + endpoint: + host: "" + port: 0 + {{- end }} + controlPlaneVersion: {{ include "cluster.kubernetesVersion" . }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-cluster/templates/gcp/machinepools.yaml b/bootstrap/helm/cluster-api-cluster/templates/gcp/machinepools.yaml new file mode 100644 index 000000000..9788fdace --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/gcp/machinepools.yaml @@ -0,0 +1,25 @@ +{{- if and (eq .Values.provider "gcp") (eq .Values.type "managed") -}} +{{- $currentScope := . -}} +{{- $defaultVals := .Values.workers.defaults.gcp -}} +{{- range $name, $values := .Values.workers.gcp }} +{{- with $currentScope}} +{{- $isMultiAZ := ($values | default dict).isMultiAZ | default $defaultVals.isMultiAZ }} +{{- if not $isMultiAZ }} + {{- fail (printf "Invalid value for isMultiAZ. GCP currently only supports `true` for this value") }} +{{- end }} +{{- $availabilityZones := ($values.spec | default dict).availabilityZones | default $defaultVals.spec.availabilityZones }} +{{- if and (not $isMultiAZ) (not $availabilityZones) }} + {{- fail (printf "Invalid value for isMultiAZ. availabilityZones must be set") }} +{{- end }} +{{- if not $isMultiAZ }} +{{ range $az := $availabilityZones }} +{{- include "workers.gcp.managedMachinePool" (dict "ctx" $currentScope "name" (printf "%s-%s" $name $az) "defaultVals" $defaultVals "values" $values "availabilityZones" (list $az)) }} +--- +{{- end }} +{{- else }} +{{- include "workers.gcp.managedMachinePool" (dict "ctx" $currentScope "name" $name "defaultVals" $defaultVals "values" $values "availabilityZones" $availabilityZones) }} +--- +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-cluster/templates/kind/cluster.yaml b/bootstrap/helm/cluster-api-cluster/templates/kind/cluster.yaml new file mode 100644 index 000000000..93d0020c1 --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/kind/cluster.yaml @@ -0,0 +1,9 @@ +{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}} +kind: DockerCluster +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +metadata: + name: {{ .Values.cluster.name }} + annotations: + helm.sh/resource-policy: keep +spec: {} +{{- end }} diff --git a/bootstrap/helm/cluster-api-cluster/templates/kind/control-plane.yaml b/bootstrap/helm/cluster-api-cluster/templates/kind/control-plane.yaml new file mode 100644 index 000000000..947f6991f --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/kind/control-plane.yaml @@ -0,0 +1,45 @@ +{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}} +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: {{ .Values.cluster.name }} + annotations: + helm.sh/resource-policy: keep +spec: + replicas: 1 + version: {{ include "cluster.kubernetesVersion" . }} + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: DockerMachineTemplate + name: controlplane + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + certSANs: + - localhost + - 127.0.0.1 + - 0.0.0.0 + controllerManager: + extraArgs: + enable-hostpath-provisioner: "true" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: DockerMachineTemplate +metadata: + name: controlplane +spec: + template: + spec: + extraMounts: + - containerPath: /var/run/docker.sock + hostPath: /var/run/docker.sock +{{- end }} diff --git a/bootstrap/helm/cluster-api-cluster/templates/kind/kubeadm-config.yaml b/bootstrap/helm/cluster-api-cluster/templates/kind/kubeadm-config.yaml new file mode 100644 index 000000000..c80704403 --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/kind/kubeadm-config.yaml @@ -0,0 +1,13 @@ +{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}} +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: worker-mp-config + annotations: + helm.sh/resource-policy: keep +spec: + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% +{{- end }} diff --git a/bootstrap/helm/cluster-api-cluster/templates/kind/machine-pools.yaml b/bootstrap/helm/cluster-api-cluster/templates/kind/machine-pools.yaml new file mode 100644 index 000000000..0d83fcaca --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/templates/kind/machine-pools.yaml @@ -0,0 +1,24 @@ +{{- if and (eq .Values.provider "kind") (eq .Values.type "managed") -}} + +{{- $currentScope := . -}} +{{- $defaultVals := .Values.workers.defaults.kind -}} + +{{- range $name, $values := .Values.workers.kind }} +{{- with $currentScope}} +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: DockerMachinePool +metadata: + name: {{ $name }} + annotations: + helm.sh/resource-policy: keep +spec: + template: + extraMounts: + - containerPath: /var/run/docker.sock + hostPath: /var/run/docker.sock +--- +{{- include "workers.machinePool" (dict "ctx" $currentScope "name" $name "values" $values "defaultVals" $defaultVals) }} +{{- end }} +--- +{{ end }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-cluster/tests/aws_cluster_test.yaml b/bootstrap/helm/cluster-api-cluster/tests/aws_cluster_test.yaml new file mode 100644 index 000000000..b60d0ddd6 --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/tests/aws_cluster_test.yaml @@ -0,0 +1,23 @@ +suite: test aws cluster +templates: + - aws/cluster.yaml +tests: + - it: should be created with the controlPlaneEndpoint + set: + cluster.name: test + provider: aws + type: managed + cluster.aws.controlPlaneEndpoint: abc + asserts: + - template: aws/cluster.yaml + hasDocuments: + count: 1 + - template: aws/cluster.yaml + documentIndex: 0 + isKind: + of: AWSManagedCluster + - template: aws/cluster.yaml + documentIndex: 0 + equal: + path: spec.controlPlaneEndpoint + value: abc \ No newline at end of file diff --git a/bootstrap/helm/cluster-api-cluster/tests/aws_control_plane_test.yaml b/bootstrap/helm/cluster-api-cluster/tests/aws_control_plane_test.yaml new file mode 100644 index 000000000..231ce232d --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/tests/aws_control_plane_test.yaml @@ -0,0 +1,43 @@ +suite: test control plane +templates: + - aws/control-plane.yaml +tests: + - it: check kind + set: + cluster.name: test + provider: aws + type: managed + cluster.aws.controlPlaneEndpoint: abc + asserts: + - template: aws/control-plane.yaml + hasDocuments: + count: 1 + - template: aws/control-plane.yaml + documentIndex: 0 + isKind: + of: AWSManagedControlPlane + - it: should equal + set: + cluster.name: test + provider: aws + type: managed + cluster.aws.region: abc + cluster.kubernetesVersion: v1.2.3 + asserts: + - equal: + path: spec.region + value: abc + - equal: + path: spec.sshKeyName + value: default + - equal: + path: spec.version + value: v1.2.3 + - equal: + path: spec.eksClusterName + value: test + - equal: + path: spec.eksClusterName + value: test + template: aws/control-plane.yaml + documentIndex: 0 \ No newline at end of file diff --git a/bootstrap/helm/cluster-api-cluster/tests/aws_machinepools_test.yaml b/bootstrap/helm/cluster-api-cluster/tests/aws_machinepools_test.yaml new file mode 100644 index 000000000..4a8fb59d4 --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/tests/aws_machinepools_test.yaml @@ -0,0 +1,156 @@ +suite: test machine pools +templates: + - aws/machinepools.yaml +tests: + - it: check kind + set: + cluster.name: test + provider: aws + type: managed + workers.defaults.aws.spec.availabilityZones: + - us-east-1a + - us-east-1b + - us-east-1c + asserts: + - template: aws/machinepools.yaml + hasDocuments: + count: 24 + - template: aws/machinepools.yaml + documentIndex: 0 + isKind: + of: AWSManagedMachinePool + - template: aws/machinepools.yaml + documentIndex: 13 + isKind: + of: MachinePool + - it: test defaults + set: + cluster.name: test + provider: aws + type: managed + cluster.aws.region: abc + cluster.kubernetesVersion: v1.2.3 + workers.defaults.aws.spec.availabilityZones: + - us-east-1a + - us-east-1b + - us-east-1c + asserts: + - equal: + path: spec.amiType + value: AL2_x86_64 + documentIndex: 0 + - equal: + path: spec.diskSize + value: 50 + documentIndex: 2 + template: aws/machinepools.yaml + - it: test large-burst-spot + set: + cluster.name: test + provider: aws + type: managed + cluster.aws.region: abc + cluster.kubernetesVersion: v1.2.3 + workers.defaults.aws.spec.availabilityZones: + - us-east-1a + - us-east-1b + - us-east-1c + asserts: + - equal: + path: spec.capacityType + value: spot + - equal: + path: spec.eksNodegroupName + value: large-burst-spot + - equal: + path: spec.instanceType + value: t3.2xlarge + - equal: + path: spec.availabilityZones + value: + - us-east-1a + - us-east-1b + - us-east-1c + template: aws/machinepools.yaml + documentIndex: 6 + - it: test large-burst-on-demand-us-east-1a + set: + cluster.name: test + provider: aws + type: managed + cluster.aws.region: abc + cluster.kubernetesVersion: v1.2.3 + workers.defaults.aws.spec.availabilityZones: + - us-east-1a + - us-east-1b + - us-east-1c + asserts: + - equal: + path: spec.capacityType + value: onDemand + - equal: + path: spec.eksNodegroupName + value: large-burst-on-demand-us-east-1a + - equal: + path: spec.instanceType + value: t3.2xlarge + - equal: + path: spec.availabilityZones + value: + - us-east-1a + template: aws/machinepools.yaml + documentIndex: 0 + - it: test large-burst-on-demand-us-east-1b + set: + cluster.name: test + provider: aws + type: managed + cluster.aws.region: abc + cluster.kubernetesVersion: v1.2.3 + workers.defaults.aws.spec.availabilityZones: + - us-east-1a + - us-east-1b + - us-east-1c + asserts: + - equal: + path: spec.capacityType + value: onDemand + - equal: + path: spec.eksNodegroupName + value: large-burst-on-demand-us-east-1b + - equal: + path: spec.instanceType + value: t3.2xlarge + - equal: + path: spec.availabilityZones + value: + - us-east-1b + template: aws/machinepools.yaml + documentIndex: 2 + - it: test large-burst-on-demand-us-east-1c + set: + cluster.name: test + provider: aws + type: managed + cluster.aws.region: abc + cluster.kubernetesVersion: v1.2.3 + workers.defaults.aws.spec.availabilityZones: + - us-east-1a + - us-east-1b + - us-east-1c + asserts: + - equal: + path: spec.capacityType + value: onDemand + - equal: + path: spec.eksNodegroupName + value: large-burst-on-demand-us-east-1c + - equal: + path: spec.instanceType + value: t3.2xlarge + - equal: + path: spec.availabilityZones + value: + - us-east-1c + template: aws/machinepools.yaml + documentIndex: 4 diff --git a/bootstrap/helm/cluster-api-cluster/tests/azure_cluster_identity_test.yaml b/bootstrap/helm/cluster-api-cluster/tests/azure_cluster_identity_test.yaml new file mode 100644 index 000000000..16729f1e1 --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/tests/azure_cluster_identity_test.yaml @@ -0,0 +1,101 @@ +suite: test azure cluster identity +templates: + - azure/bootstrap-cluster-identity.yaml + - azure/cluster-workload-identity.yaml + - azure/control-plane.yaml +tests: + - it: should be created if bootstrapMode is true + set: + cluster.name: test + provider: azure + type: managed + cluster.azure.clusterIdentity.tenantID: tenant-id + cluster.azure.clusterIdentity.bootstrapCredentials.clientID: client-id + cluster.azure.clusterIdentity.bootstrapCredentials.clientSecret: client-secret + cluster.azure.clusterIdentity.bootstrapMode: true + asserts: + - template: azure/bootstrap-cluster-identity.yaml + hasDocuments: + count: 4 + - template: azure/bootstrap-cluster-identity.yaml + documentIndex: 0 + isKind: + of: AzureClusterIdentity + - template: azure/bootstrap-cluster-identity.yaml + documentIndex: 0 + matchRegex: + path: metadata.name + pattern: -azure-bootstrap-identity$ + - template: azure/bootstrap-cluster-identity.yaml + documentIndex: 0 + equal: + path: spec.tenantID + value: tenant-id + - template: azure/bootstrap-cluster-identity.yaml + documentIndex: 0 + equal: + path: spec.clientID + value: client-id + - template: azure/bootstrap-cluster-identity.yaml + documentIndex: 1 + equal: + path: data.clientSecret + value: client-secret + decodeBase64: true + - template: azure/bootstrap-cluster-identity.yaml + documentIndex: 2 + equal: + path: spec.clientID + value: client-id + - template: azure/bootstrap-cluster-identity.yaml + documentIndex: 2 + equal: + path: spec.tenantID + value: tenant-id + - template: azure/bootstrap-cluster-identity.yaml + documentIndex: 3 + matchRegex: + path: spec.azureIdentity + pattern: test-NAMESPACE-RELEASE-NAME-azure-bootstrap-identity$ + - template: azure/cluster-workload-identity.yaml + hasDocuments: + count: 0 + - template: azure/control-plane.yaml + hasDocuments: + count: 1 + - template: azure/control-plane.yaml + documentIndex: 0 + matchRegex: + path: spec.identityRef.name + pattern: -azure-bootstrap-identity$ + - it: should not be created if bootstrapMode is false + set: + cluster.name: test + provider: azure + type: managed + cluster.azure.clusterIdentity.tenantID: tenant-id + cluster.azure.clusterIdentity.workloadIdentity.name: default + cluster.azure.clusterIdentity.workloadIdentity.clientID: client-id + cluster.azure.clusterIdentity.bootstrapMode: false + asserts: + - template: azure/bootstrap-cluster-identity.yaml + hasDocuments: + count: 0 + - template: azure/cluster-workload-identity.yaml + hasDocuments: + count: 1 + - template: azure/cluster-workload-identity.yaml + documentIndex: 0 + equal: + path: spec.clientID + value: client-id + - template: azure/cluster-workload-identity.yaml + documentIndex: 0 + equal: + path: spec.tenantID + value: tenant-id + - template: azure/control-plane.yaml + documentIndex: 0 + equal: + path: spec.identityRef.name + value: default diff --git a/bootstrap/helm/cluster-api-cluster/values.yaml b/bootstrap/helm/cluster-api-cluster/values.yaml new file mode 100644 index 000000000..43ff61eae --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/values.yaml @@ -0,0 +1,699 @@ +provider: "" # Can be aws, gcp, azure or kind +## managed or unmanaged, currently only managed is supported +type: managed + +cluster: + ## The name of the cluster + name: plural + ## The version of Kubernetes to deploy + kubernetesVersion: "" + ## The cidr blocks for pods + podCidrBlocks: + - 192.168.0.0/16 # TODO: shouldn't this also be getting propagated to things like what `.Values.cluster.aws.network.vpc.cidrBlock` is setting? + ## The cidr blocks for services + serviceCidrBlocks: [] # TODO: check if we should be setting this + + ################################## + ### AWS CLUSTER ### + ################################## + aws: + ## The region to deploy the cluster to + region: "" + ## The name of the ssh key to use for the cluster + sshKeyName: default + ## The cluster addons to deploy + addons: + - conflictResolution: overwrite + name: kube-proxy + version: v1.24.15-eksbuild.2 + - conflictResolution: overwrite + name: vpc-cni + version: v1.13.4-eksbuild.1 + - conflictResolution: overwrite + name: coredns + version: v1.9.3-eksbuild.6 + + network: + # vpc: + # id: "" + # cidrBlock: "" + # # ipv6: # NOTE: setting `ipv6: {}` will enable ipv6 and auto generate the cidr block. Needed for migration. + # # cidrBlock: "" + # # poolId: "" + # # egressOnlyInternetGatewayId: "" + # internetGatewayId: "" + # tags: {} + # availabilityZoneUsageLimit: 3 # TODO: is set to 3 by default + # availabilityZoneSelection: Ordered # TODO: How do we deal with people choosing ones manually in the init flow now? Should we only allow number input and always use ordered for the time being? Set by default to Ordered. Can be Ordered or Random + # subnets: [] + # # - id: "" + # # cidrBlock: "" + # # ipv6CidrBlock: "" + # # availabilityZone: "" + # # isPublic: false + # # isIpv6: false + # # routeTableId: "" + # # natGatewayId: "" + # # tags: {} + # cni: + # cniIngressRules: [] + # # - description: "" + # # fromPort: 0 + # # toPort: 0 + # # protocol: "" # TODO: find valid values. Can be tcp. + # securityGroupOverrides: {} + identityRef: {} + secondaryCidrBlock: "" + partition: "" + roleName: "" + roleAdditionalPolicies: [] + logging: + apiServer: false + audit: false + authenticator: false + controllerManager: false + scheduler: false + encryptionConfig: + provider: "" + resources: [] + additionalTags: {} + iamAuthenticatorConfig: + mapRoles: [] + # - rolearn: "" + # username: "" + # groups: [] + mapUsers: [] + # - userarn: "" + # username: "" + # groups: [] + endpointAccess: + public: true + publicCIDRs: [] + private: false + bastion: + enabled: false + disableIngressRules: false + allowedCIDRBlocks: [] + instanceType: "" + ami: "" + tokenMethod: "" # iam-authenticator + associateOIDCProvider: true + oidcIdentityProviderConfig: {} + # clientId: "" + # groupsClaim: "" + # groupsPrefix: "" + # identityProviderConfigName: "" + # issuerUrl: "" + # requiredClaims: {} + # usernameClaim: "" + # usernamePrefix: "" + # tags: {} + vpcCni: + disable: false + env: [] + # - name: "" + # value: "" + kubeProxy: + disable: false + + ################################### + ### AZURE CLUSTER ### + ################################### + azure: + clusterIdentity: + bootstrapMode: false + # Credentials for the cluster identity used to bootstrap cluster. + bootstrapCredentials: + # Service Principal client ID used during bootstrapping. + clientID: "" + # Service Principal password used during bootstrapping. + clientSecret: "" + # Settings for the workload identity used by the cluster after bootstrapping. + workloadIdentity: + # If the default AzureClusterIdentity should be created. + enabled: true + # Name of AzureClusterIdentity to be used when reconciling this cluster. + name: default + # Service Principal or User Assigned MSI Client ID. + clientID: "" + # Used to identify the namespaces the clusters are allowed to use the identity from. + # Namespaces can be selected either using an array of namespaces or with label selector. + # An empty allowedNamespaces object indicates that AzureClusters can use this identity from any namespace. + # If this object is nil, no namespaces will be allowed (default behaviour, if this field is not provided) + # A namespace should be either in the NamespaceList or match with Selector to use the identity. + # Make sure that the namespace this cluster is deployed in is allowed. + allowedNamespaces: {} + # Primary tenant ID for the cluster Identity. + tenantID: "" + # Name of AzureClusterIdentity to be used when reconciling this cluster. + # This field is only used when workloadIdentity is disabled and not used during cluster bootstrapping. + name: "" + # GUID of the Azure subscription to hold this cluster. + subscriptionID: "" + # String matching one of the canonical Azure region names. + # Examples: westus2, eastus. + location: "" + # Name of the Azure resource group for this AKS Cluster. + resourceGroupName: "" + # Name of the resource group containing cluster IaaS resources. + nodeResourceGroupName: "" + # Describes the vnet for the AKS cluster. Will be created if it does not exist. + virtualNetwork: + cidrBlock: 10.1.0.0/16 + name: "" + subnet: + cidrBlock: 10.1.0.0/18 + name: plural-subnet + # Network plugin used for building Kubernetes network. + # One of: azure, kubenet. + networkPlugin: azure + # Network policy used for building Kubernetes network. + # One of: azure, calico. + networkPolicy: azure + # Outbound configuration used by Nodes. + # One of: loadBalancer, managedNATGateway, userAssignedNATGateway, userDefinedRouting. + outboundType: "" + # String literal containing an SSH public key base64 encoded. + # Use empty value "" to autogenerate new key. Use "skip" value to not set the key. + sshPublicKey: "" + # DNSServiceIP is an IP address assigned to the Kubernetes DNS service. + # It must be within the Kubernetes service address range specified in serviceCidr. + dnsServiceIP: "" + # Identity configuration used by the AKS control plane. + identity: + # The identity type to use. + # One of: SystemAssigned, UserAssigned. + type: SystemAssigned + # SKU of the AKS to be provisioned. + sku: + tier: Paid + # SKU of the loadBalancer to be provisioned. + # One of: Basic, Standard. + loadBalancerSKU: Standard + # Azure Active Directory configuration to integrate with AKS for AAD authentication. + aadProfile: {} + # Profile of the cluster load balancer. + loadBalancerProfile: {} + # Access profile for AKS API server. + apiServerAccessProfile: {} + # Parameters to be applied to the cluster-autoscaler when enabled. + autoscalerProfile: + # Default is false. Changed to true as in old bootstrap. + balanceSimilarNodeGroups: "true" + # One of: least-waste, most-pods, priority, random. + expander: random + maxEmptyBulkDelete: "10" + maxGracefulTerminationSec: "600" + maxNodeProvisionTime: 15m + maxTotalUnreadyPercentage: "45" + newPodScaleUpDelay: 0s + okTotalUnreadyCount: "3" + scanInterval: 10s + scaleDownDelayAfterAdd: 10m + scaleDownDelayAfterDelete: 10s + scaleDownDelayAfterFailure: 3m + scaleDownUnneededTime: 10m + scaleDownUnreadyTime: 20m + # Default is 0.5. Changed to 0.7 as in old bootstrap. + scaleDownUtilizationThreshold: "0.7" + skipNodesWithLocalStorage: "false" + skipNodesWithSystemPods: "true" + # Profiles of managed cluster add-on. + addonProfiles: [] + + ################################### + ### GCP CLUSTER ### + ################################### + gcp: + # Project is the id of the project to deploy the cluster to. + project: "" + # Region represents the location (region or zone) in which the GKE cluster will be created. + # Examples: "europe-central2" TODO: add more examples + region: "" + # AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, + # in addition to the ones added by default. + additionalLabels: + managed-by: plural + # EnableAutopilot indicates whether to enable autopilot for this GKE cluster. + # + # Note: Autopilot enabled clusters are not supported at this time. + enableAutopilot: false + # EnableWorkloadIdentity allows enabling workload identity during cluster creation when + # EnableAutopilot is disabled. It allows workloads in your GKE clusters to impersonate + # Identity and Access Management (IAM) service accounts to access Google Cloud services. + # Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity + enableWorkloadIdentity: true + # ReleaseChannel is the release channel of the GKE cluster + # One of: unspecified, rapid, regular, stable + releaseChannel: unspecified + # AddonsConfig is a configuration for the addons that can be automatically spun up in the + # cluster, enabling additional functionality. + addonsConfig: + # HttpLoadBalancingEnabled tracks whether the HTTP Load Balancing controller is enabled in the cluster. + # When enabled, it runs a small pod in the cluster that manages the load balancers. + httpLoadBalancingEnabled: true + # HorizontalPodAutoscalingEnabled tracks whether the Horizontal Pod Autoscaling feature is enabled in the cluster. + # When enabled, it ensures that metrics are collected into Stackdriver Monitoring. + horizontalPodAutoscalingEnabled: true + # NetworkPolicyEnabled tracks whether the addon is enabled or not on the Master, + # it does not track whether network policy is enabled for the nodes. + networkPolicyEnabled: false + # GcpFilestoreCsiDriverEnabled tracks whether the GCP Filestore CSI driver is enabled for this cluster. + gcpFilestoreCsiDriverEnabled: true + # Network encapsulates all things related to the GCP network. + network: + name: "" + # AutoCreateSubnetworks: When set to true, the VPC network is created + # in "auto" mode. When set to false, the VPC network is created in + # "custom" mode. + # + # An auto mode VPC network starts with one subnet per region. Each + # subnet has a predetermined range as described in Auto mode VPC + # network IP ranges. + # + # Note: Only auto mode is supported at this time. + autoCreateSubnetworks: true + # The desired datapath provider for this cluster. + # One of: + # - UNSPECIFIED - default value + # - LEGACY_DATAPATH - uses the IPTables implementation based on kube-proxy + # - ADVANCED_DATAPATH - uses the eBPF based GKE Dataplane V2 with additional features + datapathProvider: ADVANCED_DATAPATH + subnets: + - name: plural-subnetwork + # CidrBlock is the range of internal addresses that are owned by this + # subnetwork. Provide this property when you create the subnetwork. For + # example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and + # non-overlapping within a network. Only IPv4 is supported. This field + # can be set only at resource creation time. + cidrBlock: 10.0.32.0/20 + # Description is an optional description associated with the resource. + description: "" + # SecondaryCidrBlocks defines secondary CIDR ranges, + # from which secondary IP ranges of a VM may be allocated + secondaryCidrBlocks: {} + # PrivateGoogleAccess defines whether VMs in this subnet can access + # Google services without assigning external IP addresses + privateGoogleAccess: true + # EnableFlowLogs: Whether to enable flow logging for this subnetwork. + # If this field is not explicitly set, it will not appear in get + # listings. If not set the default behavior is to disable flow logging. + enableFlowLogs: false + # Purpose: The purpose of the resource. + # If unspecified, the purpose defaults to PRIVATE_RFC_1918. + # The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER. + # One of: + # - INTERNAL_HTTPS_LOAD_BALANCER - Subnet reserved for Internal HTTP(S) Load Balancing. + # - PRIVATE - Regular user created or automatically created subnet. + # - PRIVATE_RFC_1918 - Regular user created or automatically created subnet. + # - PRIVATE_SERVICE_CONNECT - Subnetworks created for Private Service Connect in the producer network. + # - REGIONAL_MANAGED_PROXY - Subnetwork used for Regional Internal/External HTTP(S) Load Balancing. + purpose: PRIVATE_RFC_1918 + +workers: + defaults: + ######################################### + ### AWS WORKER DEFAULTS ### + ######################################### + aws: + replicas: 0 + labels: {} + annotations: + cluster.x-k8s.io/replicas-managed-by: external-autoscaler + isMultiAZ: false # if false, will create a node group per AZ + spec: + amiType: AL2_x86_64 # AL2_x86_64, AL2_x86_64_GPU, AL2_ARM_64 + amiVersion: "" + capacityType: onDemand # onDemand, spot + diskSize: 50 + instanceType: t3a.large + roleName: "" + scaling: + maxSize: 5 + minSize: 1 + availabilityZones: [] + subnetIDs: [] + labels: {} + taints: {} + updateConfig: + maxUnavailable: 1 + # maxSurge: 1 + additionalTags: {} + roleAdditionalPolicies: [] + ######################################### + ### AZURE WORKER DEFAULTS ### + ######################################### + azure: + replicas: 0 + labels: {} + annotations: + cluster.x-k8s.io/replicas-managed-by: external-autoscaler + isMultiAZ: false # if false, will create a node group per AZ + spec: + availabilityZones: + - "1" + - "2" + - "3" + enableNodePublicIP: false + maxPods: 110 + mode: User + nodeLabels: {} + nodePublicIPPrefixID: "" + osDiskSizeGB: 50 + osDiskType: Managed + osType: Linux + scaling: + maxSize: 5 + minSize: 1 + sku: Standard_D2s_v3 + additionalTags: {} + taints: {} + kubeletConfig: {} + linuxOSConfig: {} + ######################################### + ### GCP WORKER DEFAULTS ### + ######################################### + gcp: + replicas: 0 + labels: {} + annotations: + cluster.x-k8s.io/replicas-managed-by: external-autoscaler + isMultiAZ: false # if false, will create a node group per AZ # TODO: false currently unsupported so all node groups set this to true + spec: + scaling: + maxCount: 9 + minCount: 1 + management: + autoRepair: true + autoUpgrade: true + kubernetesLabels: + plural.sh/capacityType: ON_DEMAND + plural.sh/performanceType: BURST + kubernetesTaints: [] + additionalLabels: {} + providerIDList: [] + machineType: e2-standard-2 + diskSizeGb: 50 + diskType: pd-standard + spot: false + preemptible: false + imageType: COS_CONTAINERD + ######################################### + ### Docker WORKER DEFAULTS ### + ######################################### + kind: + replicas: 0 + ################################# + ### AWS WORKERS ### + ################################# + aws: + small-burst-spot: + isMultiAZ: true + spec: + labels: + plural.sh/capacityType: SPOT + plural.sh/performanceType: BURST + plural.sh/scalingGroup: small-burst-spot + additionalTags: { } # TODO: allow this to not be set + capacityType: spot + scaling: + maxSize: 27 + minSize: 0 + taints: + - effect: no-schedule + key: plural.sh/capacityType + value: SPOT + updateConfig: + maxUnavailable: 1 + medium-burst-spot: + isMultiAZ: true + spec: + labels: + plural.sh/capacityType: SPOT + plural.sh/performanceType: BURST + plural.sh/scalingGroup: medium-burst-spot + additionalTags: { } # TODO: allow this to not be set + capacityType: spot + instanceType: t3.xlarge + scaling: + maxSize: 27 + minSize: 0 + taints: + - effect: no-schedule + key: plural.sh/capacityType + value: SPOT + large-burst-spot: + isMultiAZ: true + spec: + labels: + plural.sh/capacityType: SPOT + plural.sh/performanceType: BURST + plural.sh/scalingGroup: large-burst-spot + additionalTags: { } # TODO: allow this to not be set + instanceType: t3.2xlarge + capacityType: spot + scaling: + maxSize: 27 + minSize: 0 + taints: + - effect: no-schedule + key: plural.sh/capacityType + value: SPOT + small-burst-on-demand: + replicas: 1 + spec: + labels: + plural.sh/capacityType: ON_DEMAND + plural.sh/performanceType: BURST + plural.sh/scalingGroup: small-burst-on-demand + additionalTags: { } # TODO: allow this to not be set + scaling: + maxSize: 1 + minSize: 1 + updateConfig: + maxUnavailable: 1 + medium-burst-on-demand: + spec: + labels: + plural.sh/capacityType: ON_DEMAND + plural.sh/performanceType: BURST + plural.sh/scalingGroup: medium-burst-on-demand + additionalTags: { } # TODO: allow this to not be set + instanceType: t3.xlarge + scaling: + maxSize: 27 + minSize: 0 + large-burst-on-demand: + spec: + labels: + plural.sh/capacityType: ON_DEMAND + plural.sh/performanceType: BURST + plural.sh/scalingGroup: medium-burst-on-demand + additionalTags: { } # TODO: allow this to not be set + instanceType: t3.2xlarge + scaling: + maxSize: 27 + minSize: 0 + ################################# + ### AZURE WORKERS ### + ################################# + azure: + lsod: + kubernetesVersion: v1.25.11 + spec: + additionalTags: # TODO: allow this to not be set + ScalingGroup: large-sustained-on-demand + enableNodePublicIP: false + maxPods: 110 + mode: User + nodeLabels: + plural.sh/capacityType: ON_DEMAND + plural.sh/performanceType: SUSTAINED + plural.sh/scalingGroup: large-sustained-on-demand + osDiskSizeGB: 50 + osDiskType: Managed + osType: Linux + scaling: + maxSize: 9 + minSize: 0 + sku: Standard_D8as_v5 + lsspot: + replicas: 0 + isMultiAZ: true + kubernetesVersion: v1.25.11 + spec: + additionalTags: # TODO: allow this to not be set + ScalingGroup: large-sustained-spot + enableNodePublicIP: false + maxPods: 110 + mode: User + nodeLabels: + plural.sh/capacityType: SPOT + plural.sh/performanceType: SUSTAINED + plural.sh/scalingGroup: large-sustained-spot + osDiskSizeGB: 50 + osDiskType: Managed + osType: Linux + scaleSetPriority: Spot + scaling: + maxSize: 9 + minSize: 0 + scaleDownMode: Delete + spotMaxPrice: -1 + sku: Standard_D8as_v5 + taints: + - effect: NoSchedule + key: plural.sh/capacityType + value: SPOT + - effect: NoSchedule + key: kubernetes.azure.com/scalesetpriority + value: spot + msod: + kubernetesVersion: v1.25.11 + spec: + additionalTags: # TODO: allow this to not be set + ScalingGroup: medium-sustained-on-demand + enableNodePublicIP: false + maxPods: 110 + mode: User + nodeLabels: + plural.sh/capacityType: ON_DEMAND + plural.sh/performanceType: SUSTAINED + plural.sh/scalingGroup: medium-sustained-on-demand + osDiskSizeGB: 50 + osDiskType: Managed + osType: Linux + scaling: + maxSize: 9 + minSize: 0 + sku: Standard_D4as_v5 + msspot: + isMultiAZ: true + kubernetesVersion: v1.25.11 + spec: + additionalTags: # TODO: allow this to not be set + ScalingGroup: medium-sustained-spot + enableNodePublicIP: false + maxPods: 110 + mode: User + nodeLabels: + plural.sh/capacityType: SPOT + plural.sh/performanceType: SUSTAINED + plural.sh/scalingGroup: medium-sustained-spot + osDiskSizeGB: 50 + osDiskType: Managed + osType: Linux + scaleSetPriority: Spot + scaling: + maxSize: 9 + minSize: 0 + scaleDownMode: Delete + spotMaxPrice: -1 + sku: Standard_D4as_v5 + taints: + - effect: NoSchedule + key: plural.sh/capacityType + value: SPOT + - effect: NoSchedule + key: kubernetes.azure.com/scalesetpriority + value: spot + ssod: + replicas: 1 + kubernetesVersion: v1.25.11 + spec: + additionalTags: # TODO: allow this to not be set + ScalingGroup: small-sustained-on-demand + enableNodePublicIP: false + maxPods: 110 + mode: System + nodeLabels: + plural.sh/capacityType: ON_DEMAND + plural.sh/performanceType: SUSTAINED + plural.sh/scalingGroup: small-sustained-on-demand + osDiskSizeGB: 50 + osDiskType: Managed + osType: Linux + scaling: + maxSize: 9 + minSize: 1 + sku: Standard_D2as_v5 + ssspot: + isMultiAZ: true + kubernetesVersion: v1.25.11 + spec: + additionalTags: # TODO: allow this to not be set + ScalingGroup: small-sustained-spot + enableNodePublicIP: false + maxPods: 110 + mode: User + nodeLabels: + plural.sh/capacityType: SPOT + plural.sh/performanceType: SUSTAINED + plural.sh/scalingGroup: small-sustained-spot + osDiskSizeGB: 50 + osDiskType: Managed + osType: Linux + scaleSetPriority: Spot + scaling: + maxSize: 9 + minSize: 0 + scaleDownMode: Delete + spotMaxPrice: -1 + sku: Standard_D2as_v5 + taints: + - effect: NoSchedule + key: plural.sh/capacityType + value: SPOT + - effect: NoSchedule + key: kubernetes.azure.com/scalesetpriority + value: spot + ################################# + ### GCP WORKERS ### + ################################# + gcp: + small-burst-on-demand: + replicas: 3 + isMultiAZ: true + spec: + scaling: + minCount: 1 + maxCount: 9 + management: + autoRepair: true + autoUpgrade: true + kubernetesLabels: + plural.sh/scalingGroup: small-burst-on-demand + additionalLabels: { } # TODO: allow this to not be set + machineType: e2-standard-2 + medium-burst-on-demand: + isMultiAZ: true + spec: + scaling: + minCount: 0 + maxCount: 9 + management: + autoRepair: true + autoUpgrade: true + kubernetesLabels: + plural.sh/scalingGroup: medium-burst-on-demand + additionalLabels: { } # TODO: allow this to not be set + machineType: e2-standard-4 + large-burst-on-demand: + isMultiAZ: true + spec: + scaling: + minCount: 0 + maxCount: 9 + management: + autoRepair: true + autoUpgrade: true + kubernetesLabels: + plural.sh/scalingGroup: large-burst-on-demand + additionalLabels: { } # TODO: allow this to not be set + machineType: e2-standard-8 + ################################# + ### Docker WORKERS ### + ################################# + kind: + small-burst-0: + replicas: 2 diff --git a/bootstrap/helm/cluster-api-cluster/values.yaml.tpl b/bootstrap/helm/cluster-api-cluster/values.yaml.tpl new file mode 100644 index 000000000..5e311a854 --- /dev/null +++ b/bootstrap/helm/cluster-api-cluster/values.yaml.tpl @@ -0,0 +1,61 @@ +{{ $isGcp := or (eq .Provider "google") (eq .Provider "gcp") }} +enabled: {{ .ClusterAPI }} +{{- if $isGcp }} +provider: gcp +{{- else }} +provider: {{ .Provider }} +{{- end }} +cluster: + name: {{ .Cluster }} + + {{- if eq .Provider "aws" }} + aws: + region: {{ .Region }} + iamAuthenticatorConfig: + mapRoles: + - rolearn: "arn:aws:iam::{{ .Project }}:role/{{ .Cluster }}-capa-controller" + username: capa-admin + groups: + - system:masters + {{- if .AvailabilityZones }} + network: + vpc: + availabilityZoneUsageLimit: {{ len .AvailabilityZones }} + {{- end }} + {{- end }} + + {{- if eq .Provider "azure" }} + azure: + clusterIdentity: + workloadIdentity: + clientID: {{ importValue "Terraform" "capz_assigned_identity_client_id" }} + tenantID: {{ .Context.TenantId }} + subscriptionID: {{ .Context.SubscriptionId }} + location: {{ .Region }} + resourceGroupName: {{ .Project }} + virtualNetwork: + name: {{ .Values.network_name | quote }} + {{- end }} + + {{- if $isGcp }} + gcp: + project: {{ .Project }} + region: {{ .Region }} + network: + name: {{ .Values.vpc_name | quote }} + {{- end }} + + {{- if eq .Provider "kind" }} + serviceCidrBlocks: + - 10.128.0.0/12 + {{- end }} + +{{- if eq .Provider "aws" }} +workers: + defaults: + aws: + spec: + {{- if .AvailabilityZones }} + availabilityZones: {{ toYaml .AvailabilityZones | nindent 8 }} + {{- end }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-control-plane/charts/cluster-api-control-plane-0.1.2.tgz b/bootstrap/helm/cluster-api-control-plane/charts/cluster-api-control-plane-0.1.2.tgz new file mode 100644 index 000000000..4f52727c5 Binary files /dev/null and b/bootstrap/helm/cluster-api-control-plane/charts/cluster-api-control-plane-0.1.2.tgz differ diff --git a/bootstrap/helm/cluster-api-core/charts/cluster-api-core-0.1.3.tgz b/bootstrap/helm/cluster-api-core/charts/cluster-api-core-0.1.3.tgz new file mode 100644 index 000000000..98b96abc6 Binary files /dev/null and b/bootstrap/helm/cluster-api-core/charts/cluster-api-core-0.1.3.tgz differ diff --git a/bootstrap/helm/cluster-api-operator/.helmignore b/bootstrap/helm/cluster-api-operator/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/bootstrap/helm/cluster-api-operator/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/bootstrap/helm/cluster-api-operator/Chart.lock b/bootstrap/helm/cluster-api-operator/Chart.lock new file mode 100644 index 000000000..50f8708ff --- /dev/null +++ b/bootstrap/helm/cluster-api-operator/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: cluster-api-operator + repository: https://kubernetes-sigs.github.io/cluster-api-operator + version: 0.2.0 +digest: sha256:c39f99bafb6548710529418988b5ec868b39091ed2d0173d4fab59ab7d05a98d +generated: "2023-05-31T11:06:51.180036+02:00" diff --git a/bootstrap/helm/cluster-api-operator/Chart.yaml b/bootstrap/helm/cluster-api-operator/Chart.yaml new file mode 100644 index 000000000..9803106c1 --- /dev/null +++ b/bootstrap/helm/cluster-api-operator/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +name: cluster-api-operator +description: A Helm chart for Kubernetes +type: application +version: 0.1.1 +appVersion: "0.2.0" +dependencies: +- name: cluster-api-operator + version: 0.2.0 + repository: https://kubernetes-sigs.github.io/cluster-api-operator diff --git a/bootstrap/helm/cluster-api-operator/README.md b/bootstrap/helm/cluster-api-operator/README.md new file mode 100644 index 000000000..a67b66911 --- /dev/null +++ b/bootstrap/helm/cluster-api-operator/README.md @@ -0,0 +1,3 @@ +# Cluster API Operator + +A helm chart that deploys the [Cluster API Operator](https://github.com/kubernetes-sigs/cluster-api-operator) diff --git a/bootstrap/helm/cluster-api-operator/charts/cluster-api-operator-0.2.0.tgz b/bootstrap/helm/cluster-api-operator/charts/cluster-api-operator-0.2.0.tgz new file mode 100644 index 000000000..7e8519749 Binary files /dev/null and b/bootstrap/helm/cluster-api-operator/charts/cluster-api-operator-0.2.0.tgz differ diff --git a/bootstrap/helm/cluster-api-operator/crds/bootstrapproviders.operator.cluster.x-k8s.io.yaml b/bootstrap/helm/cluster-api-operator/crds/bootstrapproviders.operator.cluster.x-k8s.io.yaml new file mode 100644 index 000000000..78209b3c1 --- /dev/null +++ b/bootstrap/helm/cluster-api-operator/crds/bootstrapproviders.operator.cluster.x-k8s.io.yaml @@ -0,0 +1,1475 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.1-0.20211110210727-ab52f76cc7d1 + meta.helm.sh/release-name: bootstrap + meta.helm.sh/release-namespace: bootstrap + labels: + app.kubernetes.io/managed-by: Helm + clusterctl.cluster.x-k8s.io/core: capi-operator + name: bootstrapproviders.operator.cluster.x-k8s.io +spec: + group: operator.cluster.x-k8s.io + names: + kind: BootstrapProvider + listKind: BootstrapProviderList + plural: bootstrapproviders + singular: bootstrapprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: BootstrapProvider is the Schema for the bootstrapproviders API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BootstrapProviderSpec defines the desired state of BootstrapProvider. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: ContainerSpec defines the properties available + to override for each container in a provider deployment such + as Image and Args to the container’s entrypoint. + properties: + args: + additionalProperties: + type: string + description: Args represents extra provider specific flags + that are not encoded as fields in this API. Explicit controller + manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead + of the container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Container Image Name + properties: + name: + description: Name allows to specify a name for the image. + type: string + repository: + description: Repository sets the container registry + to pull images from. + type: string + tag: + description: Tag allows to specify a tag for the image. + type: string + type: object + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true for + the pod to fit on a node. Selector which must match a node''s + labels for the pod to be scheduled on that node. More info: + https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + fetchConfig: + description: FetchConfig determines how the operator will fetch the + components and metadata for the provider. If nil, the operator will + try to fetch components according to default embedded fetch configuration + for the given kind and `ObjectMeta.Name`. For example, the infrastructure + name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + selector: + description: 'Selector to be used for fetching provider’s components + and metadata from ConfigMaps stored inside the cluster. Each + ConfigMap is expected to contain components and metadata for + a specific version only. Note: the name of the ConfigMap should + be set to the version or to override this add a label like the + following: provider.cluster.x-k8s.io/version=v1.4.3' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + url: + description: URL to be used for fetching the provider’s components + and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick + up desired version of the release from GitHub. + type: string + type: object + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + cacheNamespace: + description: "CacheNamespace if specified restricts the manager's + cache to watch objects in the desired namespace Defaults to + all namespaces \n Note: If a namespace is specified, controllers + can still Watch for a cluster-scoped resource (e.g Node). For + namespaced resources the cache will only hold objects from the + desired namespace." + type: string + controller: + description: Controller contains global configuration options + for controllers registered within this manager. + properties: + cacheSyncTimeout: + description: CacheSyncTimeout refers to the time limit set + to wait for syncing caches. Defaults to 2 minutes if not + set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: "GroupKindConcurrency is a map from a Kind to + the number of concurrent reconciliation allowed for that + controller. \n When a controller is registered within this + manager using the builder utilities, users have to specify + the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this + map, the concurrency for that controller is set to the number + specified. \n The key is expected to be consistent in form + with GroupKind.String(), e.g. ReplicaSet in apps group (regardless + of version) would be `ReplicaSet.apps`." + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates define provider specific feature flags + that will be passed in as container args to the provider's controller + manager. Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: GracefulShutdownTimeout is the duration given to + runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) To use + graceful shutdown without timeout, set to a negative duration, + e.G. time.Duration(-1) The graceful shutdown is skipped for + safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: HealthProbeBindAddress is the TCP address that + the controller should bind to for serving health probes + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: LeaderElection is the LeaderElection config to be + used when configuring the manager.Manager leader election + properties: + leaderElect: + description: leaderElect enables a leader election client + to gain leadership before executing the main loop. Enable + this when running replicated components for high availability. + type: boolean + leaseDuration: + description: leaseDuration is the duration that non-leader + candidates will wait after observing a leadership renewal + until attempting to acquire leadership of a led but unrenewed + leader slot. This is effectively the maximum duration that + a leader can be stopped before it is replaced by another + candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: renewDeadline is the interval between attempts + by the acting master to renew a leadership slot before it + stops leading. This must be less than or equal to the lease + duration. This is only applicable if leader election is + enabled. + type: string + resourceLock: + description: resourceLock indicates the resource object type + that will be used to lock during leader election cycles. + type: string + resourceName: + description: resourceName indicates the name of resource object + that will be used to lock during leader election cycles. + type: string + resourceNamespace: + description: resourceName indicates the namespace of resource + object that will be used to lock during leader election + cycles. + type: string + retryPeriod: + description: retryPeriod is the duration the clients should + wait between attempting acquisition and renewal of a leadership. + This is only applicable if leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: MaxConcurrentReconciles is the maximum number of + concurrent Reconciles which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: BindAddress is the TCP address that the controller + should bind to for serving prometheus metrics. It can be + set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: ProfilerAddress defines the bind address to expose + the pprof profiler (e.g. localhost:6060). Default empty, meaning + the profiler is disabled. Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: SyncPeriod determines the minimum frequency at which + watched resources are reconciled. A lower period will correct + entropy more quickly, but reduce responsiveness to change if + there are many watched resources. Change this value only if + you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all + controllers so that all controllers will not send list requests + simultaneously. + type: string + verbosity: + default: 1 + description: Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: CertDir is the directory that contains the server + key and certificate. if not set, webhook server would look + up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs. + The server key and certificate must be named tls.key and + tls.crt, respectively. + type: string + host: + description: Host is the hostname that the webhook server + binds to. It is used to set webhook.Server.Host. + type: string + port: + description: Port is the port that the webhook server serves + at. It is used to set webhook.Server.Port. + type: integer + type: object + type: object + secretName: + description: SecretName is the name of the Secret providing the configuration + variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider + components. The contents of the secret will be treated as immutable. + If changes need to be made, a new object can be created and the + name should be updated. The contents should be in the form of key:value. + This secret must be in the same namespace as the provider. + type: string + version: + description: Version indicates the provider version. + type: string + required: + - version + type: object + status: + description: BootstrapProviderStatus defines the observed state of BootstrapProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: Contract will contain the core provider contract that + the provider is abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/bootstrap/helm/cluster-api-operator/crds/controlplaneproviders.operator.cluster.x-k8s.io.yaml b/bootstrap/helm/cluster-api-operator/crds/controlplaneproviders.operator.cluster.x-k8s.io.yaml new file mode 100644 index 000000000..27e5dfce1 --- /dev/null +++ b/bootstrap/helm/cluster-api-operator/crds/controlplaneproviders.operator.cluster.x-k8s.io.yaml @@ -0,0 +1,1477 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.1-0.20211110210727-ab52f76cc7d1 + meta.helm.sh/release-name: bootstrap + meta.helm.sh/release-namespace: bootstrap + labels: + app.kubernetes.io/managed-by: Helm + clusterctl.cluster.x-k8s.io/core: capi-operator + name: controlplaneproviders.operator.cluster.x-k8s.io +spec: + group: operator.cluster.x-k8s.io + names: + kind: ControlPlaneProvider + listKind: ControlPlaneProviderList + plural: controlplaneproviders + singular: controlplaneprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ControlPlaneProvider is the Schema for the controlplaneproviders + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ControlPlaneProviderSpec defines the desired state of ControlPlaneProvider. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: ContainerSpec defines the properties available + to override for each container in a provider deployment such + as Image and Args to the container’s entrypoint. + properties: + args: + additionalProperties: + type: string + description: Args represents extra provider specific flags + that are not encoded as fields in this API. Explicit controller + manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead + of the container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Container Image Name + properties: + name: + description: Name allows to specify a name for the image. + type: string + repository: + description: Repository sets the container registry + to pull images from. + type: string + tag: + description: Tag allows to specify a tag for the image. + type: string + type: object + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true for + the pod to fit on a node. Selector which must match a node''s + labels for the pod to be scheduled on that node. More info: + https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + fetchConfig: + description: FetchConfig determines how the operator will fetch the + components and metadata for the provider. If nil, the operator will + try to fetch components according to default embedded fetch configuration + for the given kind and `ObjectMeta.Name`. For example, the infrastructure + name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + selector: + description: 'Selector to be used for fetching provider’s components + and metadata from ConfigMaps stored inside the cluster. Each + ConfigMap is expected to contain components and metadata for + a specific version only. Note: the name of the ConfigMap should + be set to the version or to override this add a label like the + following: provider.cluster.x-k8s.io/version=v1.4.3' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + url: + description: URL to be used for fetching the provider’s components + and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick + up desired version of the release from GitHub. + type: string + type: object + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + cacheNamespace: + description: "CacheNamespace if specified restricts the manager's + cache to watch objects in the desired namespace Defaults to + all namespaces \n Note: If a namespace is specified, controllers + can still Watch for a cluster-scoped resource (e.g Node). For + namespaced resources the cache will only hold objects from the + desired namespace." + type: string + controller: + description: Controller contains global configuration options + for controllers registered within this manager. + properties: + cacheSyncTimeout: + description: CacheSyncTimeout refers to the time limit set + to wait for syncing caches. Defaults to 2 minutes if not + set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: "GroupKindConcurrency is a map from a Kind to + the number of concurrent reconciliation allowed for that + controller. \n When a controller is registered within this + manager using the builder utilities, users have to specify + the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this + map, the concurrency for that controller is set to the number + specified. \n The key is expected to be consistent in form + with GroupKind.String(), e.g. ReplicaSet in apps group (regardless + of version) would be `ReplicaSet.apps`." + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates define provider specific feature flags + that will be passed in as container args to the provider's controller + manager. Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: GracefulShutdownTimeout is the duration given to + runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) To use + graceful shutdown without timeout, set to a negative duration, + e.G. time.Duration(-1) The graceful shutdown is skipped for + safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: HealthProbeBindAddress is the TCP address that + the controller should bind to for serving health probes + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: LeaderElection is the LeaderElection config to be + used when configuring the manager.Manager leader election + properties: + leaderElect: + description: leaderElect enables a leader election client + to gain leadership before executing the main loop. Enable + this when running replicated components for high availability. + type: boolean + leaseDuration: + description: leaseDuration is the duration that non-leader + candidates will wait after observing a leadership renewal + until attempting to acquire leadership of a led but unrenewed + leader slot. This is effectively the maximum duration that + a leader can be stopped before it is replaced by another + candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: renewDeadline is the interval between attempts + by the acting master to renew a leadership slot before it + stops leading. This must be less than or equal to the lease + duration. This is only applicable if leader election is + enabled. + type: string + resourceLock: + description: resourceLock indicates the resource object type + that will be used to lock during leader election cycles. + type: string + resourceName: + description: resourceName indicates the name of resource object + that will be used to lock during leader election cycles. + type: string + resourceNamespace: + description: resourceName indicates the namespace of resource + object that will be used to lock during leader election + cycles. + type: string + retryPeriod: + description: retryPeriod is the duration the clients should + wait between attempting acquisition and renewal of a leadership. + This is only applicable if leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: MaxConcurrentReconciles is the maximum number of + concurrent Reconciles which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: BindAddress is the TCP address that the controller + should bind to for serving prometheus metrics. It can be + set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: ProfilerAddress defines the bind address to expose + the pprof profiler (e.g. localhost:6060). Default empty, meaning + the profiler is disabled. Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: SyncPeriod determines the minimum frequency at which + watched resources are reconciled. A lower period will correct + entropy more quickly, but reduce responsiveness to change if + there are many watched resources. Change this value only if + you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all + controllers so that all controllers will not send list requests + simultaneously. + type: string + verbosity: + default: 1 + description: Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: CertDir is the directory that contains the server + key and certificate. if not set, webhook server would look + up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs. + The server key and certificate must be named tls.key and + tls.crt, respectively. + type: string + host: + description: Host is the hostname that the webhook server + binds to. It is used to set webhook.Server.Host. + type: string + port: + description: Port is the port that the webhook server serves + at. It is used to set webhook.Server.Port. + type: integer + type: object + type: object + secretName: + description: SecretName is the name of the Secret providing the configuration + variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider + components. The contents of the secret will be treated as immutable. + If changes need to be made, a new object can be created and the + name should be updated. The contents should be in the form of key:value. + This secret must be in the same namespace as the provider. + type: string + version: + description: Version indicates the provider version. + type: string + required: + - version + type: object + status: + description: ControlPlaneProviderStatus defines the observed state of + ControlPlaneProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: Contract will contain the core provider contract that + the provider is abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/bootstrap/helm/cluster-api-operator/crds/coreproviders.operator.cluster.x-k8s.io.yaml b/bootstrap/helm/cluster-api-operator/crds/coreproviders.operator.cluster.x-k8s.io.yaml new file mode 100644 index 000000000..5e2ffb712 --- /dev/null +++ b/bootstrap/helm/cluster-api-operator/crds/coreproviders.operator.cluster.x-k8s.io.yaml @@ -0,0 +1,1475 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.1-0.20211110210727-ab52f76cc7d1 + meta.helm.sh/release-name: bootstrap + meta.helm.sh/release-namespace: bootstrap + labels: + app.kubernetes.io/managed-by: Helm + clusterctl.cluster.x-k8s.io/core: capi-operator + name: coreproviders.operator.cluster.x-k8s.io +spec: + group: operator.cluster.x-k8s.io + names: + kind: CoreProvider + listKind: CoreProviderList + plural: coreproviders + singular: coreprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: CoreProvider is the Schema for the coreproviders API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CoreProviderSpec defines the desired state of CoreProvider. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: ContainerSpec defines the properties available + to override for each container in a provider deployment such + as Image and Args to the container’s entrypoint. + properties: + args: + additionalProperties: + type: string + description: Args represents extra provider specific flags + that are not encoded as fields in this API. Explicit controller + manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead + of the container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Container Image Name + properties: + name: + description: Name allows to specify a name for the image. + type: string + repository: + description: Repository sets the container registry + to pull images from. + type: string + tag: + description: Tag allows to specify a tag for the image. + type: string + type: object + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true for + the pod to fit on a node. Selector which must match a node''s + labels for the pod to be scheduled on that node. More info: + https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + fetchConfig: + description: FetchConfig determines how the operator will fetch the + components and metadata for the provider. If nil, the operator will + try to fetch components according to default embedded fetch configuration + for the given kind and `ObjectMeta.Name`. For example, the infrastructure + name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + selector: + description: 'Selector to be used for fetching provider’s components + and metadata from ConfigMaps stored inside the cluster. Each + ConfigMap is expected to contain components and metadata for + a specific version only. Note: the name of the ConfigMap should + be set to the version or to override this add a label like the + following: provider.cluster.x-k8s.io/version=v1.4.3' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + url: + description: URL to be used for fetching the provider’s components + and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick + up desired version of the release from GitHub. + type: string + type: object + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + cacheNamespace: + description: "CacheNamespace if specified restricts the manager's + cache to watch objects in the desired namespace Defaults to + all namespaces \n Note: If a namespace is specified, controllers + can still Watch for a cluster-scoped resource (e.g Node). For + namespaced resources the cache will only hold objects from the + desired namespace." + type: string + controller: + description: Controller contains global configuration options + for controllers registered within this manager. + properties: + cacheSyncTimeout: + description: CacheSyncTimeout refers to the time limit set + to wait for syncing caches. Defaults to 2 minutes if not + set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: "GroupKindConcurrency is a map from a Kind to + the number of concurrent reconciliation allowed for that + controller. \n When a controller is registered within this + manager using the builder utilities, users have to specify + the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this + map, the concurrency for that controller is set to the number + specified. \n The key is expected to be consistent in form + with GroupKind.String(), e.g. ReplicaSet in apps group (regardless + of version) would be `ReplicaSet.apps`." + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates define provider specific feature flags + that will be passed in as container args to the provider's controller + manager. Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: GracefulShutdownTimeout is the duration given to + runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) To use + graceful shutdown without timeout, set to a negative duration, + e.G. time.Duration(-1) The graceful shutdown is skipped for + safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: HealthProbeBindAddress is the TCP address that + the controller should bind to for serving health probes + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: LeaderElection is the LeaderElection config to be + used when configuring the manager.Manager leader election + properties: + leaderElect: + description: leaderElect enables a leader election client + to gain leadership before executing the main loop. Enable + this when running replicated components for high availability. + type: boolean + leaseDuration: + description: leaseDuration is the duration that non-leader + candidates will wait after observing a leadership renewal + until attempting to acquire leadership of a led but unrenewed + leader slot. This is effectively the maximum duration that + a leader can be stopped before it is replaced by another + candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: renewDeadline is the interval between attempts + by the acting master to renew a leadership slot before it + stops leading. This must be less than or equal to the lease + duration. This is only applicable if leader election is + enabled. + type: string + resourceLock: + description: resourceLock indicates the resource object type + that will be used to lock during leader election cycles. + type: string + resourceName: + description: resourceName indicates the name of resource object + that will be used to lock during leader election cycles. + type: string + resourceNamespace: + description: resourceName indicates the namespace of resource + object that will be used to lock during leader election + cycles. + type: string + retryPeriod: + description: retryPeriod is the duration the clients should + wait between attempting acquisition and renewal of a leadership. + This is only applicable if leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: MaxConcurrentReconciles is the maximum number of + concurrent Reconciles which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: BindAddress is the TCP address that the controller + should bind to for serving prometheus metrics. It can be + set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: ProfilerAddress defines the bind address to expose + the pprof profiler (e.g. localhost:6060). Default empty, meaning + the profiler is disabled. Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: SyncPeriod determines the minimum frequency at which + watched resources are reconciled. A lower period will correct + entropy more quickly, but reduce responsiveness to change if + there are many watched resources. Change this value only if + you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all + controllers so that all controllers will not send list requests + simultaneously. + type: string + verbosity: + default: 1 + description: Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: CertDir is the directory that contains the server + key and certificate. if not set, webhook server would look + up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs. + The server key and certificate must be named tls.key and + tls.crt, respectively. + type: string + host: + description: Host is the hostname that the webhook server + binds to. It is used to set webhook.Server.Host. + type: string + port: + description: Port is the port that the webhook server serves + at. It is used to set webhook.Server.Port. + type: integer + type: object + type: object + secretName: + description: SecretName is the name of the Secret providing the configuration + variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider + components. The contents of the secret will be treated as immutable. + If changes need to be made, a new object can be created and the + name should be updated. The contents should be in the form of key:value. + This secret must be in the same namespace as the provider. + type: string + version: + description: Version indicates the provider version. + type: string + required: + - version + type: object + status: + description: CoreProviderStatus defines the observed state of CoreProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: Contract will contain the core provider contract that + the provider is abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/bootstrap/helm/cluster-api-operator/crds/nfrastructureproviders.operator.cluster.x-k8s.io.yaml b/bootstrap/helm/cluster-api-operator/crds/nfrastructureproviders.operator.cluster.x-k8s.io.yaml new file mode 100644 index 000000000..ba0e175fb --- /dev/null +++ b/bootstrap/helm/cluster-api-operator/crds/nfrastructureproviders.operator.cluster.x-k8s.io.yaml @@ -0,0 +1,1477 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.1-0.20211110210727-ab52f76cc7d1 + meta.helm.sh/release-name: bootstrap + meta.helm.sh/release-namespace: bootstrap + labels: + app.kubernetes.io/managed-by: Helm + clusterctl.cluster.x-k8s.io/core: capi-operator + name: infrastructureproviders.operator.cluster.x-k8s.io +spec: + group: operator.cluster.x-k8s.io + names: + kind: InfrastructureProvider + listKind: InfrastructureProviderList + plural: infrastructureproviders + singular: infrastructureprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: InfrastructureProvider is the Schema for the infrastructureproviders + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: InfrastructureProviderSpec defines the desired state of InfrastructureProvider. + properties: + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: ContainerSpec defines the properties available + to override for each container in a provider deployment such + as Image and Args to the container’s entrypoint. + properties: + args: + additionalProperties: + type: string + description: Args represents extra provider specific flags + that are not encoded as fields in this API. Explicit controller + manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead + of the container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Container Image Name + properties: + name: + description: Name allows to specify a name for the image. + type: string + repository: + description: Repository sets the container registry + to pull images from. + type: string + tag: + description: Tag allows to specify a tag for the image. + type: string + type: object + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true for + the pod to fit on a node. Selector which must match a node''s + labels for the pod to be scheduled on that node. More info: + https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + fetchConfig: + description: FetchConfig determines how the operator will fetch the + components and metadata for the provider. If nil, the operator will + try to fetch components according to default embedded fetch configuration + for the given kind and `ObjectMeta.Name`. For example, the infrastructure + name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + selector: + description: 'Selector to be used for fetching provider’s components + and metadata from ConfigMaps stored inside the cluster. Each + ConfigMap is expected to contain components and metadata for + a specific version only. Note: the name of the ConfigMap should + be set to the version or to override this add a label like the + following: provider.cluster.x-k8s.io/version=v1.4.3' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + url: + description: URL to be used for fetching the provider’s components + and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick + up desired version of the release from GitHub. + type: string + type: object + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + cacheNamespace: + description: "CacheNamespace if specified restricts the manager's + cache to watch objects in the desired namespace Defaults to + all namespaces \n Note: If a namespace is specified, controllers + can still Watch for a cluster-scoped resource (e.g Node). For + namespaced resources the cache will only hold objects from the + desired namespace." + type: string + controller: + description: Controller contains global configuration options + for controllers registered within this manager. + properties: + cacheSyncTimeout: + description: CacheSyncTimeout refers to the time limit set + to wait for syncing caches. Defaults to 2 minutes if not + set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: "GroupKindConcurrency is a map from a Kind to + the number of concurrent reconciliation allowed for that + controller. \n When a controller is registered within this + manager using the builder utilities, users have to specify + the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this + map, the concurrency for that controller is set to the number + specified. \n The key is expected to be consistent in form + with GroupKind.String(), e.g. ReplicaSet in apps group (regardless + of version) would be `ReplicaSet.apps`." + type: object + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates define provider specific feature flags + that will be passed in as container args to the provider's controller + manager. Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: GracefulShutdownTimeout is the duration given to + runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) To use + graceful shutdown without timeout, set to a negative duration, + e.G. time.Duration(-1) The graceful shutdown is skipped for + safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: HealthProbeBindAddress is the TCP address that + the controller should bind to for serving health probes + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: LeaderElection is the LeaderElection config to be + used when configuring the manager.Manager leader election + properties: + leaderElect: + description: leaderElect enables a leader election client + to gain leadership before executing the main loop. Enable + this when running replicated components for high availability. + type: boolean + leaseDuration: + description: leaseDuration is the duration that non-leader + candidates will wait after observing a leadership renewal + until attempting to acquire leadership of a led but unrenewed + leader slot. This is effectively the maximum duration that + a leader can be stopped before it is replaced by another + candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: renewDeadline is the interval between attempts + by the acting master to renew a leadership slot before it + stops leading. This must be less than or equal to the lease + duration. This is only applicable if leader election is + enabled. + type: string + resourceLock: + description: resourceLock indicates the resource object type + that will be used to lock during leader election cycles. + type: string + resourceName: + description: resourceName indicates the name of resource object + that will be used to lock during leader election cycles. + type: string + resourceNamespace: + description: resourceName indicates the namespace of resource + object that will be used to lock during leader election + cycles. + type: string + retryPeriod: + description: retryPeriod is the duration the clients should + wait between attempting acquisition and renewal of a leadership. + This is only applicable if leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: MaxConcurrentReconciles is the maximum number of + concurrent Reconciles which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: BindAddress is the TCP address that the controller + should bind to for serving prometheus metrics. It can be + set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: ProfilerAddress defines the bind address to expose + the pprof profiler (e.g. localhost:6060). Default empty, meaning + the profiler is disabled. Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: SyncPeriod determines the minimum frequency at which + watched resources are reconciled. A lower period will correct + entropy more quickly, but reduce responsiveness to change if + there are many watched resources. Change this value only if + you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all + controllers so that all controllers will not send list requests + simultaneously. + type: string + verbosity: + default: 1 + description: Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: CertDir is the directory that contains the server + key and certificate. if not set, webhook server would look + up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs. + The server key and certificate must be named tls.key and + tls.crt, respectively. + type: string + host: + description: Host is the hostname that the webhook server + binds to. It is used to set webhook.Server.Host. + type: string + port: + description: Port is the port that the webhook server serves + at. It is used to set webhook.Server.Port. + type: integer + type: object + type: object + secretName: + description: SecretName is the name of the Secret providing the configuration + variables for the current provider instance, like e.g. credentials. + Such configurations will be used when creating or upgrading provider + components. The contents of the secret will be treated as immutable. + If changes need to be made, a new object can be created and the + name should be updated. The contents should be in the form of key:value. + This secret must be in the same namespace as the provider. + type: string + version: + description: Version indicates the provider version. + type: string + required: + - version + type: object + status: + description: InfrastructureProviderStatus defines the observed state of + InfrastructureProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: Contract will contain the core provider contract that + the provider is abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/bootstrap/helm/cluster-api-operator/deps.yaml b/bootstrap/helm/cluster-api-operator/deps.yaml new file mode 100644 index 000000000..1191f5439 --- /dev/null +++ b/bootstrap/helm/cluster-api-operator/deps.yaml @@ -0,0 +1,7 @@ +apiVersion: plural.sh/v1alpha1 +kind: Dependencies +metadata: + application: true + description: installs the cluster api operator +spec: + dependencies: [] diff --git a/bootstrap/helm/cluster-api-operator/templates/_helpers.tpl b/bootstrap/helm/cluster-api-operator/templates/_helpers.tpl new file mode 100644 index 000000000..36e0c4d49 --- /dev/null +++ b/bootstrap/helm/cluster-api-operator/templates/_helpers.tpl @@ -0,0 +1,99 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cluster-api-operator-plural.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cluster-api-operator-plural.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cluster-api-operator-plural.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cluster-api-operator-plural.labels" -}} +helm.sh/chart: {{ include "cluster-api-operator-plural.chart" . }} +{{ include "cluster-api-operator-plural.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cluster-api-operator-plural.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cluster-api-operator-plural.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cluster-api-operator-plural.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "cluster-api-operator-plural.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Create the name of the secret to use +*/}} +{{- define "cluster-api-operator-plural.secretName" -}} +{{- if .Values.secret.create }} +{{- default (include "cluster-api-operator-plural.fullname" .) .Values.secret.name }} +{{- else }} +{{- default "default" .Values.secret.name }} +{{- end }} +{{- end }} + +{{/* +Create the aws credentials file +*/}} +{{- define "cluster-api-operator-plural.awsCredentialsFile" -}} +{{- if .Values.infrastructureProvider.aws.enabled -}} +[default] +aws_access_key_id = {{ .Values.infrastructureProvider.aws.bootstrapCredentials.AWS_ACCESS_KEY_ID }} +aws_secret_access_key = {{ .Values.infrastructureProvider.aws.bootstrapCredentials.AWS_SECRET_ACCESS_KEY }} +region = {{ .Values.infrastructureProvider.aws.secretData.AWS_REGION }} +{{- if .Values.infrastructureProvider.aws.bootstrapCredentials.AWS_SESSION_TOKEN }} +aws_session_token = {{ .Values.infrastructureProvider.aws.bootstrapCredentials.AWS_SESSION_TOKEN }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Return the b64 encoded aws credentials file depending on if bootstrap credentials should be used +*/}} +{{- define "cluster-api-operator-plural.awsCredentialsValue" -}} +{{- if .Values.secret.bootstrap -}} +{{- include "cluster-api-operator-plural.awsCredentialsFile" . | b64enc | quote -}} +{{- else -}} +{{ print "\"\"" | b64enc }} +{{- end -}} +{{- end -}} diff --git a/bootstrap/helm/cluster-api-operator/templates/bootstrap-provider.yaml b/bootstrap/helm/cluster-api-operator/templates/bootstrap-provider.yaml new file mode 100644 index 000000000..09683a89b --- /dev/null +++ b/bootstrap/helm/cluster-api-operator/templates/bootstrap-provider.yaml @@ -0,0 +1,6 @@ +apiVersion: operator.cluster.x-k8s.io/v1alpha1 +kind: BootstrapProvider +metadata: + name: kubeadm +spec: + version: {{ .Values.kubeadm.bootstrap.version }} diff --git a/bootstrap/helm/cluster-api-operator/templates/control-plane-provider.yaml b/bootstrap/helm/cluster-api-operator/templates/control-plane-provider.yaml new file mode 100644 index 000000000..6f8aafe24 --- /dev/null +++ b/bootstrap/helm/cluster-api-operator/templates/control-plane-provider.yaml @@ -0,0 +1,6 @@ +apiVersion: operator.cluster.x-k8s.io/v1alpha1 +kind: ControlPlaneProvider +metadata: + name: kubeadm +spec: + version: {{ .Values.kubeadm.controlPlane.version }} diff --git a/bootstrap/helm/cluster-api-operator/templates/core-provider.yaml b/bootstrap/helm/cluster-api-operator/templates/core-provider.yaml new file mode 100644 index 000000000..de3495612 --- /dev/null +++ b/bootstrap/helm/cluster-api-operator/templates/core-provider.yaml @@ -0,0 +1,6 @@ +apiVersion: operator.cluster.x-k8s.io/v1alpha1 +kind: CoreProvider +metadata: + name: cluster-api +spec: + version: {{ .Values.core.version }} diff --git a/bootstrap/helm/cluster-api-operator/templates/infrastructure-provider-aws.yaml b/bootstrap/helm/cluster-api-operator/templates/infrastructure-provider-aws.yaml new file mode 100644 index 000000000..f4fb49492 --- /dev/null +++ b/bootstrap/helm/cluster-api-operator/templates/infrastructure-provider-aws.yaml @@ -0,0 +1,21 @@ +{{- if .Values.infrastructureProvider.aws.enabled -}} +apiVersion: operator.cluster.x-k8s.io/v1alpha1 +kind: InfrastructureProvider +metadata: + name: aws +spec: + deployment: + containers: + - args: + awscluster-concurrency: '12' + awsmachine-concurrency: '11' + name: manager + manager: + health: {} + metrics: {} + syncPeriod: 30s + verbosity: 1 + webhook: {} + secretName: {{ include "cluster-api-operator-plural.secretName" . }} + version: {{ .Values.infrastructureProvider.aws.version }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-operator/templates/secret.yaml b/bootstrap/helm/cluster-api-operator/templates/secret.yaml new file mode 100644 index 000000000..95406180b --- /dev/null +++ b/bootstrap/helm/cluster-api-operator/templates/secret.yaml @@ -0,0 +1,22 @@ +{{- if .Values.secret.create -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "cluster-api-operator-plural.secretName" . }} +type: Opaque +data: + {{- range $key, $value := .Values.secret.data }} + {{ $key }}: {{ $value | b64enc }} + {{- end }} + {{- if .Values.infrastructureProvider.aws.enabled }} + AWS_B64ENCODED_CREDENTIALS: {{ include "cluster-api-operator-plural.awsCredentialsValue" . }} + {{- range $key, $value := .Values.infrastructureProvider.aws.secretData }} + {{ $key }}: {{ $value | b64enc }} + {{- end }} + {{- if not .Values.secret.bootstrap }} + {{- range $key, $value := .Values.infrastructureProvider.aws.credentials }} + {{ $key }}: {{ $value | b64enc }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-operator/templates/wait-for-provider.yaml b/bootstrap/helm/cluster-api-operator/templates/wait-for-provider.yaml new file mode 100644 index 000000000..f81bf3437 --- /dev/null +++ b/bootstrap/helm/cluster-api-operator/templates/wait-for-provider.yaml @@ -0,0 +1,31 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: wait-for-providers + annotations: + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-delete-policy: hook-succeeded +spec: + template: + spec: + containers: + - name: wait-for-core-provider + image: bitnami/kubectl:1.25.8 + imagePullPolicy: {{ .Values.imagePullPolicy }} + args: ["wait", "--for=condition=ready", "-n", {{ .Release.Namespace }}, "--timeout", "10m", "CoreProvider", "cluster-api"] + - name: wait-for-controlPlane-provider + image: bitnami/kubectl:1.25.8 + imagePullPolicy: {{ .Values.imagePullPolicy }} + args: ["wait", "--for=condition=ready", "-n", {{ .Release.Namespace }}, "--timeout", "10m", "ControlPlaneProvider", "kubeadm"] + - name: wait-for-bootstrap-provider + image: bitnami/kubectl:1.25.8 + imagePullPolicy: {{ .Values.imagePullPolicy }} + args: ["wait", "--for=condition=ready", "-n", {{ .Release.Namespace }}, "--timeout", "10m", "BootstrapProvider", "kubeadm"] + {{- if .Values.infrastructureProvider.aws.enabled }} + - name: wait-for-infra-provider + image: bitnami/kubectl:1.25.8 + imagePullPolicy: {{ .Values.imagePullPolicy }} + args: ["wait", "--for=condition=ready", "-n", {{ .Release.Namespace }}, "--timeout", "10m", "InfrastructureProvider", "aws"] + {{- end }} + restartPolicy: Never +# TODO: have this job wait for the providers to be ready diff --git a/bootstrap/helm/cluster-api-operator/values.yaml b/bootstrap/helm/cluster-api-operator/values.yaml new file mode 100644 index 000000000..228f4f4d3 --- /dev/null +++ b/bootstrap/helm/cluster-api-operator/values.yaml @@ -0,0 +1,32 @@ +core: + version: v1.4.3 + +kubeadm: + controlPlane: + version: v1.4.3 + bootstrap: + version: v1.4.3 + +infrastructureProvider: + aws: + enabled: false + version: v2.1.2 + secretData: + CAPA_EKS_ADD_ROLES: "true" + CAPA_EKS_IAM: "true" + AWS_REGION: us-east-1 + bootstrapCredentials: + AWS_ACCESS_KEY_ID: "" + AWS_SECRET_ACCESS_KEY: "" + AWS_SESSION_TOKEN: "" + credentials: + AWS_CONTROLLER_IAM_ROLE: "" + + +secret: + create: true + name: "" + bootstrap: false + data: + EXP_MACHINE_POOL: "true" + EXP_EXTERNAL_RESOURCE_GC: "true" diff --git a/bootstrap/helm/cluster-api-operator/values.yaml.tpl b/bootstrap/helm/cluster-api-operator/values.yaml.tpl new file mode 100644 index 000000000..3752460bf --- /dev/null +++ b/bootstrap/helm/cluster-api-operator/values.yaml.tpl @@ -0,0 +1,13 @@ +{{- if eq .Provider "aws" }} +infrastructureProvider: + aws: + enabled: true + secretData: + AWS_REGION: {{ .Region }} + bootstrapCredentials: + AWS_ACCESS_KEY_ID: {{ .Context.AccessKey | quote }} + AWS_SECRET_ACCESS_KEY: {{ .Context.SecretAccessKey | quote }} + AWS_SESSION_TOKEN: {{ .Context.SessionToken | quote }} + credentials: + AWS_CONTROLLER_IAM_ROLE: {{ importValue "Terraform" "capa_iam_role_arn" }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-provider-aws/.helmignore b/bootstrap/helm/cluster-api-provider-aws/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-aws/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/bootstrap/helm/cluster-api-provider-aws/Chart.lock b/bootstrap/helm/cluster-api-provider-aws/Chart.lock new file mode 100644 index 000000000..f8a8c7a8d --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-aws/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: cluster-api-provider-aws + repository: https://pluralsh.github.io/capi-helm-charts + version: 0.1.9 +digest: sha256:c1ef36b6f6c60b9bedbd8fdfef4858e1135bbe7ad49fe511e8adc1347e633063 +generated: "2023-09-01T13:53:22.234271+02:00" diff --git a/bootstrap/helm/cluster-api-provider-aws/Chart.yaml b/bootstrap/helm/cluster-api-provider-aws/Chart.yaml new file mode 100644 index 000000000..8b2d64b0b --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-aws/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +name: cluster-api-provider-aws +description: A Helm chart for Kubernetes +type: application +version: 0.1.4 +appVersion: "v2.2.1" +dependencies: +- name: cluster-api-provider-aws + version: 0.1.9 + repository: https://pluralsh.github.io/capi-helm-charts diff --git a/bootstrap/helm/cluster-api-provider-aws/README.md b/bootstrap/helm/cluster-api-provider-aws/README.md new file mode 100644 index 000000000..a2f21819a --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-aws/README.md @@ -0,0 +1,3 @@ +# Cluster API Provider AWS + +A helm chart that deploys the Cluster API Provider for AWS diff --git a/bootstrap/helm/cluster-api-provider-aws/charts/cluster-api-provider-aws-0.1.9.tgz b/bootstrap/helm/cluster-api-provider-aws/charts/cluster-api-provider-aws-0.1.9.tgz new file mode 100644 index 000000000..39d21c000 Binary files /dev/null and b/bootstrap/helm/cluster-api-provider-aws/charts/cluster-api-provider-aws-0.1.9.tgz differ diff --git a/bootstrap/helm/cluster-api-provider-aws/deps.yaml b/bootstrap/helm/cluster-api-provider-aws/deps.yaml new file mode 100644 index 000000000..b7d40bccd --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-aws/deps.yaml @@ -0,0 +1,7 @@ +apiVersion: plural.sh/v1alpha1 +kind: Dependencies +metadata: + application: true + description: installs the cluster api provider aws +spec: + dependencies: [] diff --git a/bootstrap/helm/cluster-api-provider-aws/templates/_helpers.tpl b/bootstrap/helm/cluster-api-provider-aws/templates/_helpers.tpl new file mode 100644 index 000000000..d75b43dd8 --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-aws/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cluster-api-provider-aws-plural.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cluster-api-provider-aws-plural.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cluster-api-provider-aws-plural.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cluster-api-provider-aws-plural.labels" -}} +helm.sh/chart: {{ include "cluster-api-provider-aws-plural.chart" . }} +{{ include "cluster-api-provider-aws-plural.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cluster-api-provider-aws-plural.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cluster-api-provider-aws-plural.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cluster-api-provider-aws-plural.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "cluster-api-provider-aws-plural.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-provider-aws/templates/job.yaml b/bootstrap/helm/cluster-api-provider-aws/templates/job.yaml new file mode 100644 index 000000000..879c41d1d --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-aws/templates/job.yaml @@ -0,0 +1,64 @@ +{{- if .Values.job.enabled -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "cluster-api-provider-aws-plural.fullname" . }}-wait-for-provider + labels: + {{- include "cluster-api-provider-aws-plural.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.job.annotations | nindent 4 }} +spec: + template: + spec: + containers: + - name: wait-for-provider + image: {{ .Values.job.image.repository }}:{{ .Values.job.image.tag }} + imagePullPolicy: {{ .Values.job.image.pullPolicy }} + command: ["kubectl"] + args: ["wait", "--for=condition=Available", "--timeout=600s", "deployment/{{ include "cluster-api-provider-aws.fullname" (index .Subcharts "cluster-api-provider-aws") }}-controller-manager", "-n", "{{ .Release.namespace }}"] + restartPolicy: Never + serviceAccountName: {{ include "cluster-api-provider-aws-plural.fullname" . }}-wait-for-provider + backoffLimit: 4 +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "cluster-api-provider-aws-plural.fullname" . }}-wait-for-provider + labels: + {{- include "cluster-api-provider-aws-plural.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.job.annotations | nindent 4 }} +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] +- apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "cluster-api-provider-aws-plural.fullname" . }}-wait-for-provider + labels: + {{- include "cluster-api-provider-aws-plural.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.job.annotations | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "cluster-api-provider-aws-plural.fullname" . }}-wait-for-provider + namespace: {{ .Release.namespace }} +roleRef: + kind: Role + name: {{ include "cluster-api-provider-aws-plural.fullname" . }}-wait-for-provider + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "cluster-api-provider-aws-plural.fullname" . }}-wait-for-provider + labels: + {{- include "cluster-api-provider-aws-plural.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.job.annotations | nindent 4 }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-provider-aws/values.yaml b/bootstrap/helm/cluster-api-provider-aws/values.yaml new file mode 100644 index 000000000..276dba016 --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-aws/values.yaml @@ -0,0 +1,30 @@ +cluster-api-provider-aws: + controllerManager: + manager: + image: + repository: registry.k8s.io/cluster-api-aws/cluster-api-aws-controller + tag: v2.2.1 + configVariables: + awsControllerIamRole: '' + capaEksAddRoles: true + capaEksIam: true + exprimental: + externalResourceGc: true + machinePool: true + managerBootstrapCredentials: + AWS_ACCESS_KEY_ID: "" + AWS_SECRET_ACCESS_KEY: "" + AWS_REGION: "" + AWS_SESSION_TOKEN: "" + bootstrapMode: false + +job: + enabled: true + annotations: + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-weight: "-5" + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + image: + repository: bitnami/kubectl + tag: 1.25.8 + pullPolicy: IfNotPresent diff --git a/bootstrap/helm/cluster-api-provider-aws/values.yaml.tpl b/bootstrap/helm/cluster-api-provider-aws/values.yaml.tpl new file mode 100644 index 000000000..469243283 --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-aws/values.yaml.tpl @@ -0,0 +1,3 @@ +cluster-api-provider-aws: + configVariables: + awsControllerIamRole: "arn:aws:iam::{{ .Project }}:role/{{ .Cluster }}-capa-controller" diff --git a/bootstrap/helm/cluster-api-provider-docker/charts/cluster-api-provider-docker-0.1.0.tgz b/bootstrap/helm/cluster-api-provider-docker/charts/cluster-api-provider-docker-0.1.0.tgz new file mode 100644 index 000000000..142f0bd67 Binary files /dev/null and b/bootstrap/helm/cluster-api-provider-docker/charts/cluster-api-provider-docker-0.1.0.tgz differ diff --git a/bootstrap/helm/cluster-api-provider-docker/values.yaml b/bootstrap/helm/cluster-api-provider-docker/values.yaml index 2d3096ef6..e4e5aa49f 100644 --- a/bootstrap/helm/cluster-api-provider-docker/values.yaml +++ b/bootstrap/helm/cluster-api-provider-docker/values.yaml @@ -2,7 +2,6 @@ cluster-api-provider-docker: configVariables: exprimental: machinePool: true - job: enabled: true annotations: diff --git a/bootstrap/helm/cluster-api-provider-gcp/.helmignore b/bootstrap/helm/cluster-api-provider-gcp/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-gcp/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/bootstrap/helm/cluster-api-provider-gcp/Chart.lock b/bootstrap/helm/cluster-api-provider-gcp/Chart.lock new file mode 100644 index 000000000..015b1361e --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-gcp/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: cluster-api-provider-gcp + repository: https://pluralsh.github.io/capi-helm-charts + version: 0.1.4 +digest: sha256:4a5070742fa6e34bf27a5ea29d590a5c86cdac50f56522b1b79671181907da82 +generated: "2023-08-23T17:30:41.21781934+02:00" diff --git a/bootstrap/helm/cluster-api-provider-gcp/Chart.yaml b/bootstrap/helm/cluster-api-provider-gcp/Chart.yaml new file mode 100644 index 000000000..e4fdd3588 --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-gcp/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +name: cluster-api-provider-gcp +description: A Helm chart for Kubernetes +type: application +version: 0.1.10 +appVersion: v1.4.3 +dependencies: + - name: cluster-api-provider-gcp + version: 0.1.4 + repository: https://pluralsh.github.io/capi-helm-charts diff --git a/bootstrap/helm/cluster-api-provider-gcp/README.md b/bootstrap/helm/cluster-api-provider-gcp/README.md new file mode 100644 index 000000000..b25d117f6 --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-gcp/README.md @@ -0,0 +1,3 @@ +# Cluster API Provider GCP + +A helm chart that deploys the Cluster API Provider for GCP diff --git a/bootstrap/helm/cluster-api-provider-gcp/charts/cluster-api-provider-gcp-0.1.4.tgz b/bootstrap/helm/cluster-api-provider-gcp/charts/cluster-api-provider-gcp-0.1.4.tgz new file mode 100644 index 000000000..e095ebf06 Binary files /dev/null and b/bootstrap/helm/cluster-api-provider-gcp/charts/cluster-api-provider-gcp-0.1.4.tgz differ diff --git a/bootstrap/helm/cluster-api-provider-gcp/deps.yaml b/bootstrap/helm/cluster-api-provider-gcp/deps.yaml new file mode 100644 index 000000000..03054048c --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-gcp/deps.yaml @@ -0,0 +1,7 @@ +apiVersion: plural.sh/v1alpha1 +kind: Dependencies +metadata: + application: true + description: installs the cluster api provider gcp +spec: + dependencies: [] diff --git a/bootstrap/helm/cluster-api-provider-gcp/scripts/Makefile b/bootstrap/helm/cluster-api-provider-gcp/scripts/Makefile new file mode 100644 index 000000000..3ac457f75 --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-gcp/scripts/Makefile @@ -0,0 +1,21 @@ +GCP_VERSION=v1.4.1 + +gcp: +# Clean current CRDs + rm -rf ../templates/*-crd.yaml tmp/ *.yaml + mkdir tmp + wget https://github.com/pluralsh/cluster-api-provider-gcp/releases/download/${GCP_VERSION}/infrastructure-components.yaml +# This rewrites the data to stringData in the secret + yq 'select(.kind == "Secret") | .data."credentials.json" = ""' infrastructure-components.yaml > tmp.yaml +# This removes the Secret from the yaml + yq 'del( select(.kind == "Secret"))' infrastructure-components.yaml > tmp2.yaml + +# This combines the yaml files back together + yq eval-all tmp.yaml tmp2.yaml > infrastructure-components.yaml + + cat infrastructure-components.yaml | helmify -generate-defaults -image-pull-secrets tmp/cluster-api-provider-gcp + rm infrastructure-components.yaml tmp.yaml tmp2.yaml + yq -i ".appVersion=\"${GCP_VERSION}\"" ../Chart.yaml + + mv tmp/cluster-api-provider-gcp/templates/*-crd.yaml ../templates/ + rm -rf tmp/ diff --git a/bootstrap/helm/cluster-api-provider-gcp/templates/_helpers.tpl b/bootstrap/helm/cluster-api-provider-gcp/templates/_helpers.tpl new file mode 100644 index 000000000..e6afac2ba --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-gcp/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cluster-api-provider-gcp-plural.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cluster-api-provider-gcp-plural.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cluster-api-provider-gcp-plural.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cluster-api-provider-gcp-plural.labels" -}} +helm.sh/chart: {{ include "cluster-api-provider-gcp-plural.chart" . }} +{{ include "cluster-api-provider-gcp-plural.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cluster-api-provider-gcp-plural.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cluster-api-provider-gcp-plural.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cluster-api-provider-gcp-plural.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "cluster-api-provider-gcp-plural.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-provider-gcp/templates/gcpcluster-crd.yaml b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpcluster-crd.yaml new file mode 100644 index 000000000..c1feccb19 --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpcluster-crd.yaml @@ -0,0 +1,597 @@ +{{- if .Values.crds.create -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: gcpclusters.infrastructure.cluster.x-k8s.io + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "cluster-api-provider-gcp.fullname" . }}-serving-cert' + controller-gen.kubebuilder.io/version: v0.11.3 + labels: + clusterctl.cluster.x-k8s.io: "" + cluster.x-k8s.io/provider: infrastructure-gcp + cluster.x-k8s.io/v1beta1: v1beta1 + {{- include "cluster-api-provider-gcp.labels" . | nindent 4 }} +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: '{{ include "cluster-api-provider-gcp.fullname" . }}-webhook-service' + namespace: '{{ .Release.Namespace }}' + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: GCPCluster + listKind: GCPClusterList + plural: gcpclusters + singular: gcpcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this GCPCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Cluster infrastructure is ready for GCE instances + jsonPath: .status.ready + name: Ready + type: string + - description: GCP network the cluster is using + jsonPath: .spec.network.name + name: Network + type: string + - description: API Endpoint + jsonPath: .status.apiEndpoints[0] + name: Endpoint + priority: 1 + type: string + name: v1alpha3 + schema: + openAPIV3Schema: + description: GCPCluster is the Schema for the gcpclusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPClusterSpec defines the desired state of GCPCluster. + properties: + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the ones added by default. + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + failureDomains: + description: FailureDomains is an optional field which is used to assign selected availability zones to a cluster FailureDomains if empty, defaults to all the zones in the selected region and if specified would override the default zones. + items: + type: string + type: array + network: + description: NetworkSpec encapsulates all things related to GCP network. + properties: + autoCreateSubnetworks: + description: "AutoCreateSubnetworks: When set to true, the VPC network is created in \"auto\" mode. When set to false, the VPC network is created in \"custom\" mode. \n An auto mode VPC network starts with one subnet per region. Each subnet has a predetermined range as described in Auto mode VPC network IP ranges. \n Defaults to true." + type: boolean + loadBalancerBackendPort: + description: Allow for configuration of load balancer backend (useful for changing apiserver port) + format: int32 + type: integer + name: + description: Name is the name of the network to be used. + type: string + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an GCP Subnet. + properties: + cidrBlock: + description: CidrBlock is the range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. This field can be set only at resource creation time. + type: string + description: + description: Description is an optional description associated with the resource. + type: string + name: + description: Name defines a unique identifier to reference this resource. + type: string + privateGoogleAccess: + description: PrivateGoogleAccess defines whether VMs in this subnet can access Google services without assigning external IP addresses + type: boolean + region: + description: Region is the name of the region where the Subnetwork resides. + type: string + routeTableId: + description: 'EnableFlowLogs: Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is to disable flow logging.' + type: boolean + secondaryCidrBlocks: + additionalProperties: + type: string + description: SecondaryCidrBlocks defines secondary CIDR ranges, from which secondary IP ranges of a VM may be allocated + type: object + type: object + type: array + type: object + project: + description: Project is the name of the project to deploy the cluster to. + type: string + region: + description: The GCP Region the cluster lives in. + type: string + required: + - project + - region + type: object + status: + description: GCPClusterStatus defines the observed state of GCPCluster. + properties: + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure domains. It allows controllers to understand how many failure domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of FailureDomains. + type: object + network: + description: Network encapsulates GCP networking resources. + properties: + apiServerBackendService: + description: APIServerBackendService is the full reference to the backend service created for the API Server. + type: string + apiServerForwardingRule: + description: APIServerForwardingRule is the full reference to the forwarding rule created for the API Server. + type: string + apiServerHealthCheck: + description: APIServerHealthCheck is the full reference to the health check created for the API Server. + type: string + apiServerInstanceGroups: + additionalProperties: + type: string + description: APIServerInstanceGroups is a map from zone to the full reference to the instance groups created for the control plane nodes created in the same zone. + type: object + apiServerIpAddress: + description: APIServerAddress is the IPV4 global address assigned to the load balancer created for the API Server. + type: string + apiServerTargetProxy: + description: APIServerTargetProxy is the full reference to the target proxy created for the API Server. + type: string + firewallRules: + additionalProperties: + type: string + description: FirewallRules is a map from the name of the rule to its full reference. + type: object + router: + description: Router is the full reference to the router created within the network it'll contain the cloud nat gateway + type: string + selfLink: + description: SelfLink is the link to the Network used for this cluster. + type: string + type: object + ready: + description: Bastion Instance `json:"bastion,omitempty"` + type: boolean + required: + - ready + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster to which this GCPCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Cluster infrastructure is ready for GCE instances + jsonPath: .status.ready + name: Ready + type: string + - description: GCP network the cluster is using + jsonPath: .spec.network.name + name: Network + type: string + - description: API Endpoint + jsonPath: .status.apiEndpoints[0] + name: Endpoint + priority: 1 + type: string + name: v1alpha4 + schema: + openAPIV3Schema: + description: GCPCluster is the Schema for the gcpclusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPClusterSpec defines the desired state of GCPCluster. + properties: + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the ones added by default. + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + failureDomains: + description: FailureDomains is an optional field which is used to assign selected availability zones to a cluster FailureDomains if empty, defaults to all the zones in the selected region and if specified would override the default zones. + items: + type: string + type: array + network: + description: NetworkSpec encapsulates all things related to GCP network. + properties: + autoCreateSubnetworks: + description: "AutoCreateSubnetworks: When set to true, the VPC network is created in \"auto\" mode. When set to false, the VPC network is created in \"custom\" mode. \n An auto mode VPC network starts with one subnet per region. Each subnet has a predetermined range as described in Auto mode VPC network IP ranges. \n Defaults to true." + type: boolean + loadBalancerBackendPort: + description: Allow for configuration of load balancer backend (useful for changing apiserver port) + format: int32 + type: integer + name: + description: Name is the name of the network to be used. + type: string + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an GCP Subnet. + properties: + cidrBlock: + description: CidrBlock is the range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. This field can be set only at resource creation time. + type: string + description: + description: Description is an optional description associated with the resource. + type: string + name: + description: Name defines a unique identifier to reference this resource. + type: string + privateGoogleAccess: + description: PrivateGoogleAccess defines whether VMs in this subnet can access Google services without assigning external IP addresses + type: boolean + region: + description: Region is the name of the region where the Subnetwork resides. + type: string + routeTableId: + description: 'EnableFlowLogs: Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is to disable flow logging.' + type: boolean + secondaryCidrBlocks: + additionalProperties: + type: string + description: SecondaryCidrBlocks defines secondary CIDR ranges, from which secondary IP ranges of a VM may be allocated + type: object + type: object + type: array + type: object + project: + description: Project is the name of the project to deploy the cluster to. + type: string + region: + description: The GCP Region the cluster lives in. + type: string + required: + - project + - region + type: object + status: + description: GCPClusterStatus defines the observed state of GCPCluster. + properties: + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure domains. It allows controllers to understand how many failure domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of FailureDomains. + type: object + network: + description: Network encapsulates GCP networking resources. + properties: + apiServerBackendService: + description: APIServerBackendService is the full reference to the backend service created for the API Server. + type: string + apiServerForwardingRule: + description: APIServerForwardingRule is the full reference to the forwarding rule created for the API Server. + type: string + apiServerHealthCheck: + description: APIServerHealthCheck is the full reference to the health check created for the API Server. + type: string + apiServerInstanceGroups: + additionalProperties: + type: string + description: APIServerInstanceGroups is a map from zone to the full reference to the instance groups created for the control plane nodes created in the same zone. + type: object + apiServerIpAddress: + description: APIServerAddress is the IPV4 global address assigned to the load balancer created for the API Server. + type: string + apiServerTargetProxy: + description: APIServerTargetProxy is the full reference to the target proxy created for the API Server. + type: string + firewallRules: + additionalProperties: + type: string + description: FirewallRules is a map from the name of the rule to its full reference. + type: object + router: + description: Router is the full reference to the router created within the network it'll contain the cloud nat gateway + type: string + selfLink: + description: SelfLink is the link to the Network used for this cluster. + type: string + type: object + ready: + description: Bastion Instance `json:"bastion,omitempty"` + type: boolean + required: + - ready + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster to which this GCPCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Cluster infrastructure is ready for GCE instances + jsonPath: .status.ready + name: Ready + type: string + - description: GCP network the cluster is using + jsonPath: .spec.network.name + name: Network + type: string + - description: API Endpoint + jsonPath: .status.apiEndpoints[0] + name: Endpoint + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: GCPCluster is the Schema for the gcpclusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPClusterSpec defines the desired state of GCPCluster. + properties: + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the ones added by default. + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + credentialsRef: + description: CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning this cluster. If not supplied then the credentials of the controller will be used. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + required: + - name + - namespace + type: object + failureDomains: + description: FailureDomains is an optional field which is used to assign selected availability zones to a cluster FailureDomains if empty, defaults to all the zones in the selected region and if specified would override the default zones. + items: + type: string + type: array + network: + description: NetworkSpec encapsulates all things related to GCP network. + properties: + autoCreateSubnetworks: + description: "AutoCreateSubnetworks: When set to true, the VPC network is created in \"auto\" mode. When set to false, the VPC network is created in \"custom\" mode. \n An auto mode VPC network starts with one subnet per region. Each subnet has a predetermined range as described in Auto mode VPC network IP ranges. \n Defaults to true." + type: boolean + datapathProvider: + description: The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation (DatapathProviderLegacyDatapath). + type: string + loadBalancerBackendPort: + description: Allow for configuration of load balancer backend (useful for changing apiserver port) + format: int32 + type: integer + name: + description: Name is the name of the network to be used. + type: string + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an GCP Subnet. + properties: + cidrBlock: + description: CidrBlock is the range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. This field can be set only at resource creation time. + type: string + description: + description: Description is an optional description associated with the resource. + type: string + enableFlowLogs: + description: 'EnableFlowLogs: Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is to disable flow logging.' + type: boolean + name: + description: Name defines a unique identifier to reference this resource. + type: string + privateGoogleAccess: + description: PrivateGoogleAccess defines whether VMs in this subnet can access Google services without assigning external IP addresses + type: boolean + purpose: + default: PRIVATE_RFC_1918 + description: "Purpose: The purpose of the resource. If unspecified, the purpose defaults to PRIVATE_RFC_1918. The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER. \n Possible values: \"INTERNAL_HTTPS_LOAD_BALANCER\" - Subnet reserved for Internal HTTP(S) Load Balancing. \"PRIVATE\" - Regular user created or automatically created subnet. \"PRIVATE_RFC_1918\" - Regular user created or automatically created subnet. \"PRIVATE_SERVICE_CONNECT\" - Subnetworks created for Private Service Connect in the producer network. \"REGIONAL_MANAGED_PROXY\" - Subnetwork used for Regional Internal/External HTTP(S) Load Balancing." + enum: + - INTERNAL_HTTPS_LOAD_BALANCER + - PRIVATE_RFC_1918 + - PRIVATE + - PRIVATE_SERVICE_CONNECT + - REGIONAL_MANAGED_PROXY + type: string + region: + description: Region is the name of the region where the Subnetwork resides. + type: string + secondaryCidrBlocks: + additionalProperties: + type: string + description: SecondaryCidrBlocks defines secondary CIDR ranges, from which secondary IP ranges of a VM may be allocated + type: object + type: object + type: array + type: object + project: + description: Project is the name of the project to deploy the cluster to. + type: string + region: + description: The GCP Region the cluster lives in. + type: string + required: + - project + - region + type: object + status: + description: GCPClusterStatus defines the observed state of GCPCluster. + properties: + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure domains. It allows controllers to understand how many failure domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of FailureDomains. + type: object + network: + description: Network encapsulates GCP networking resources. + properties: + apiServerBackendService: + description: APIServerBackendService is the full reference to the backend service created for the API Server. + type: string + apiServerForwardingRule: + description: APIServerForwardingRule is the full reference to the forwarding rule created for the API Server. + type: string + apiServerHealthCheck: + description: APIServerHealthCheck is the full reference to the health check created for the API Server. + type: string + apiServerInstanceGroups: + additionalProperties: + type: string + description: APIServerInstanceGroups is a map from zone to the full reference to the instance groups created for the control plane nodes created in the same zone. + type: object + apiServerIpAddress: + description: APIServerAddress is the IPV4 global address assigned to the load balancer created for the API Server. + type: string + apiServerTargetProxy: + description: APIServerTargetProxy is the full reference to the target proxy created for the API Server. + type: string + firewallRules: + additionalProperties: + type: string + description: FirewallRules is a map from the name of the rule to its full reference. + type: object + router: + description: Router is the full reference to the router created within the network it'll contain the cloud nat gateway + type: string + selfLink: + description: SelfLink is the link to the Network used for this cluster. + type: string + type: object + ready: + description: Bastion Instance `json:"bastion,omitempty"` + type: boolean + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end -}} \ No newline at end of file diff --git a/bootstrap/helm/cluster-api-provider-gcp/templates/gcpclustertemplate-crd.yaml b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpclustertemplate-crd.yaml new file mode 100644 index 000000000..c7e1694cb --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpclustertemplate-crd.yaml @@ -0,0 +1,303 @@ +{{- if .Values.crds.create -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: gcpclustertemplates.infrastructure.cluster.x-k8s.io + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "cluster-api-provider-gcp.fullname" . }}-serving-cert' + controller-gen.kubebuilder.io/version: v0.11.3 + labels: + clusterctl.cluster.x-k8s.io: "" + cluster.x-k8s.io/provider: infrastructure-gcp + cluster.x-k8s.io/v1beta1: v1beta1 + {{- include "cluster-api-provider-gcp.labels" . | nindent 4 }} +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: '{{ include "cluster-api-provider-gcp.fullname" . }}-webhook-service' + namespace: '{{ .Release.Namespace }}' + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: GCPClusterTemplate + listKind: GCPClusterTemplateList + plural: gcpclustertemplates + shortNames: + - gcpct + singular: gcpclustertemplate + scope: Namespaced + versions: + - name: v1alpha4 + schema: + openAPIV3Schema: + description: GCPClusterTemplate is the Schema for the gcpclustertemplates API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPClusterTemplateSpec defines the desired state of GCPClusterTemplate. + properties: + template: + description: GCPClusterTemplateResource contains spec for GCPClusterSpec. + properties: + spec: + description: GCPClusterSpec defines the desired state of GCPCluster. + properties: + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the ones added by default. + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + failureDomains: + description: FailureDomains is an optional field which is used to assign selected availability zones to a cluster FailureDomains if empty, defaults to all the zones in the selected region and if specified would override the default zones. + items: + type: string + type: array + network: + description: NetworkSpec encapsulates all things related to GCP network. + properties: + autoCreateSubnetworks: + description: "AutoCreateSubnetworks: When set to true, the VPC network is created in \"auto\" mode. When set to false, the VPC network is created in \"custom\" mode. \n An auto mode VPC network starts with one subnet per region. Each subnet has a predetermined range as described in Auto mode VPC network IP ranges. \n Defaults to true." + type: boolean + loadBalancerBackendPort: + description: Allow for configuration of load balancer backend (useful for changing apiserver port) + format: int32 + type: integer + name: + description: Name is the name of the network to be used. + type: string + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an GCP Subnet. + properties: + cidrBlock: + description: CidrBlock is the range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. This field can be set only at resource creation time. + type: string + description: + description: Description is an optional description associated with the resource. + type: string + name: + description: Name defines a unique identifier to reference this resource. + type: string + privateGoogleAccess: + description: PrivateGoogleAccess defines whether VMs in this subnet can access Google services without assigning external IP addresses + type: boolean + region: + description: Region is the name of the region where the Subnetwork resides. + type: string + routeTableId: + description: 'EnableFlowLogs: Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is to disable flow logging.' + type: boolean + secondaryCidrBlocks: + additionalProperties: + type: string + description: SecondaryCidrBlocks defines secondary CIDR ranges, from which secondary IP ranges of a VM may be allocated + type: object + type: object + type: array + type: object + project: + description: Project is the name of the project to deploy the cluster to. + type: string + region: + description: The GCP Region the cluster lives in. + type: string + required: + - project + - region + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: false + - name: v1beta1 + schema: + openAPIV3Schema: + description: GCPClusterTemplate is the Schema for the gcpclustertemplates API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPClusterTemplateSpec defines the desired state of GCPClusterTemplate. + properties: + template: + description: GCPClusterTemplateResource contains spec for GCPClusterSpec. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: GCPClusterSpec defines the desired state of GCPCluster. + properties: + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the ones added by default. + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + credentialsRef: + description: CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning this cluster. If not supplied then the credentials of the controller will be used. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + required: + - name + - namespace + type: object + failureDomains: + description: FailureDomains is an optional field which is used to assign selected availability zones to a cluster FailureDomains if empty, defaults to all the zones in the selected region and if specified would override the default zones. + items: + type: string + type: array + network: + description: NetworkSpec encapsulates all things related to GCP network. + properties: + autoCreateSubnetworks: + description: "AutoCreateSubnetworks: When set to true, the VPC network is created in \"auto\" mode. When set to false, the VPC network is created in \"custom\" mode. \n An auto mode VPC network starts with one subnet per region. Each subnet has a predetermined range as described in Auto mode VPC network IP ranges. \n Defaults to true." + type: boolean + datapathProvider: + description: The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation (DatapathProviderLegacyDatapath). + type: string + loadBalancerBackendPort: + description: Allow for configuration of load balancer backend (useful for changing apiserver port) + format: int32 + type: integer + name: + description: Name is the name of the network to be used. + type: string + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an GCP Subnet. + properties: + cidrBlock: + description: CidrBlock is the range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. This field can be set only at resource creation time. + type: string + description: + description: Description is an optional description associated with the resource. + type: string + enableFlowLogs: + description: 'EnableFlowLogs: Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is to disable flow logging.' + type: boolean + name: + description: Name defines a unique identifier to reference this resource. + type: string + privateGoogleAccess: + description: PrivateGoogleAccess defines whether VMs in this subnet can access Google services without assigning external IP addresses + type: boolean + purpose: + default: PRIVATE_RFC_1918 + description: "Purpose: The purpose of the resource. If unspecified, the purpose defaults to PRIVATE_RFC_1918. The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER. \n Possible values: \"INTERNAL_HTTPS_LOAD_BALANCER\" - Subnet reserved for Internal HTTP(S) Load Balancing. \"PRIVATE\" - Regular user created or automatically created subnet. \"PRIVATE_RFC_1918\" - Regular user created or automatically created subnet. \"PRIVATE_SERVICE_CONNECT\" - Subnetworks created for Private Service Connect in the producer network. \"REGIONAL_MANAGED_PROXY\" - Subnetwork used for Regional Internal/External HTTP(S) Load Balancing." + enum: + - INTERNAL_HTTPS_LOAD_BALANCER + - PRIVATE_RFC_1918 + - PRIVATE + - PRIVATE_SERVICE_CONNECT + - REGIONAL_MANAGED_PROXY + type: string + region: + description: Region is the name of the region where the Subnetwork resides. + type: string + secondaryCidrBlocks: + additionalProperties: + type: string + description: SecondaryCidrBlocks defines secondary CIDR ranges, from which secondary IP ranges of a VM may be allocated + type: object + type: object + type: array + type: object + project: + description: Project is the name of the project to deploy the cluster to. + type: string + region: + description: The GCP Region the cluster lives in. + type: string + required: + - project + - region + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end -}} \ No newline at end of file diff --git a/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmachine-crd.yaml b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmachine-crd.yaml new file mode 100644 index 000000000..b4654dcb6 --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmachine-crd.yaml @@ -0,0 +1,561 @@ +{{- if .Values.crds.create -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: gcpmachines.infrastructure.cluster.x-k8s.io + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "cluster-api-provider-gcp.fullname" . }}-serving-cert' + controller-gen.kubebuilder.io/version: v0.11.3 + labels: + clusterctl.cluster.x-k8s.io: "" + cluster.x-k8s.io/provider: infrastructure-gcp + cluster.x-k8s.io/v1beta1: v1beta1 + {{- include "cluster-api-provider-gcp.labels" . | nindent 4 }} +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: '{{ include "cluster-api-provider-gcp.fullname" . }}-webhook-service' + namespace: '{{ .Release.Namespace }}' + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: GCPMachine + listKind: GCPMachineList + plural: gcpmachines + singular: gcpmachine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this GCPMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: GCE instance state + jsonPath: .status.instanceState + name: State + type: string + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: GCE instance ID + jsonPath: .spec.providerID + name: InstanceID + type: string + - description: Machine object which owns with this GCPMachine + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + type: string + name: v1alpha3 + schema: + openAPIV3Schema: + description: GCPMachine is the Schema for the gcpmachines API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPMachineSpec defines the desired state of GCPMachine. + properties: + additionalDisks: + description: AdditionalDisks are optional non-boot attached disks. + items: + description: AttachedDiskSpec degined GCP machine disk. + properties: + deviceType: + description: 'DeviceType is a device type of the attached disk. Supported types of non-root attached volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk 3. "local-ssd" - Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd). Default is "pd-standard".' + type: string + size: + description: Size is the size of the disk in GBs. Defaults to 30GB. For "local-ssd" size is always 375GB. + format: int64 + type: integer + type: object + type: array + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to add to an instance, in addition to the ones added by default by the GCP provider. If both the GCPCluster and the GCPMachine specify the same tag name with different values, the GCPMachine's value takes precedence. + type: object + additionalMetadata: + description: AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the GCP provider. + items: + description: MetadataItem defines a single piece of metadata associated with an instance. + properties: + key: + description: Key is the identifier for the metadata entry. + type: string + value: + description: Value is the value of the metadata entry. + type: string + required: + - key + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + additionalNetworkTags: + description: AdditionalNetworkTags is a list of network tags that should be applied to the instance. These tags are set in addition to any network tags defined at the cluster level or in the actuator. + items: + type: string + type: array + image: + description: Image is the full reference to a valid image to be used for this machine. Takes precedence over ImageFamily. + type: string + imageFamily: + description: ImageFamily is the full reference to a valid image family to be used for this machine. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. Example: n1.standard-2' + type: string + preemptible: + description: Preemptible defines if instance is preemptible + type: boolean + providerID: + description: ProviderID is the unique identifier as specified by the cloud provider. + type: string + publicIP: + description: PublicIP specifies whether the instance should get a public IP. Set this to true if you don't have a NAT instances or Cloud Nat setup. + type: boolean + rootDeviceSize: + description: RootDeviceSize is the size of the root volume in GB. Defaults to 30. + format: int64 + type: integer + rootDeviceType: + description: 'RootDeviceType is the type of the root volume. Supported types of root volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk Default is "pd-standard".' + type: string + serviceAccounts: + description: 'ServiceAccount specifies the service account email and which scopes to assign to the machine. Defaults to: email: "default", scope: []{compute.CloudPlatformScope}' + properties: + email: + description: 'Email: Email address of the service account.' + type: string + scopes: + description: 'Scopes: The list of scopes to be made available for this service account.' + items: + type: string + type: array + type: object + subnet: + description: Subnet is a reference to the subnetwork to use for this instance. If not specified, the first subnetwork retrieved from the Cluster Region and Network is picked. + type: string + required: + - instanceType + type: object + status: + description: GCPMachineStatus defines the observed state of GCPMachine. + properties: + addresses: + description: Addresses contains the GCP instance associated addresses. + items: + description: NodeAddress contains information for the node's address. + properties: + address: + description: The node address. + type: string + type: + description: Node address type, one of Hostname, ExternalIP or InternalIP. + type: string + required: + - address + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output." + type: string + instanceState: + description: InstanceStatus is the status of the GCP instance for this machine. + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster to which this GCPMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: GCE instance state + jsonPath: .status.instanceState + name: State + type: string + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: GCE instance ID + jsonPath: .spec.providerID + name: InstanceID + type: string + - description: Machine object which owns with this GCPMachine + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + type: string + name: v1alpha4 + schema: + openAPIV3Schema: + description: GCPMachine is the Schema for the gcpmachines API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPMachineSpec defines the desired state of GCPMachine. + properties: + additionalDisks: + description: AdditionalDisks are optional non-boot attached disks. + items: + description: AttachedDiskSpec degined GCP machine disk. + properties: + deviceType: + description: 'DeviceType is a device type of the attached disk. Supported types of non-root attached volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk 3. "local-ssd" - Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd). Default is "pd-standard".' + type: string + size: + description: Size is the size of the disk in GBs. Defaults to 30GB. For "local-ssd" size is always 375GB. + format: int64 + type: integer + type: object + type: array + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to add to an instance, in addition to the ones added by default by the GCP provider. If both the GCPCluster and the GCPMachine specify the same tag name with different values, the GCPMachine's value takes precedence. + type: object + additionalMetadata: + description: AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the GCP provider. + items: + description: MetadataItem defines a single piece of metadata associated with an instance. + properties: + key: + description: Key is the identifier for the metadata entry. + type: string + value: + description: Value is the value of the metadata entry. + type: string + required: + - key + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + additionalNetworkTags: + description: AdditionalNetworkTags is a list of network tags that should be applied to the instance. These tags are set in addition to any network tags defined at the cluster level or in the actuator. + items: + type: string + type: array + image: + description: Image is the full reference to a valid image to be used for this machine. Takes precedence over ImageFamily. + type: string + imageFamily: + description: ImageFamily is the full reference to a valid image family to be used for this machine. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. Example: n1.standard-2' + type: string + preemptible: + description: Preemptible defines if instance is preemptible + type: boolean + providerID: + description: ProviderID is the unique identifier as specified by the cloud provider. + type: string + publicIP: + description: PublicIP specifies whether the instance should get a public IP. Set this to true if you don't have a NAT instances or Cloud Nat setup. + type: boolean + rootDeviceSize: + description: RootDeviceSize is the size of the root volume in GB. Defaults to 30. + format: int64 + type: integer + rootDeviceType: + description: 'RootDeviceType is the type of the root volume. Supported types of root volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk Default is "pd-standard".' + type: string + serviceAccounts: + description: 'ServiceAccount specifies the service account email and which scopes to assign to the machine. Defaults to: email: "default", scope: []{compute.CloudPlatformScope}' + properties: + email: + description: 'Email: Email address of the service account.' + type: string + scopes: + description: 'Scopes: The list of scopes to be made available for this service account.' + items: + type: string + type: array + type: object + subnet: + description: Subnet is a reference to the subnetwork to use for this instance. If not specified, the first subnetwork retrieved from the Cluster Region and Network is picked. + type: string + required: + - instanceType + type: object + status: + description: GCPMachineStatus defines the observed state of GCPMachine. + properties: + addresses: + description: Addresses contains the GCP instance associated addresses. + items: + description: NodeAddress contains information for the node's address. + properties: + address: + description: The node address. + type: string + type: + description: Node address type, one of Hostname, ExternalIP or InternalIP. + type: string + required: + - address + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output." + type: string + instanceState: + description: InstanceStatus is the status of the GCP instance for this machine. + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster to which this GCPMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: GCE instance state + jsonPath: .status.instanceState + name: State + type: string + - description: Machine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: GCE instance ID + jsonPath: .spec.providerID + name: InstanceID + type: string + - description: Machine object which owns with this GCPMachine + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: GCPMachine is the Schema for the gcpmachines API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPMachineSpec defines the desired state of GCPMachine. + properties: + additionalDisks: + description: AdditionalDisks are optional non-boot attached disks. + items: + description: AttachedDiskSpec degined GCP machine disk. + properties: + deviceType: + description: 'DeviceType is a device type of the attached disk. Supported types of non-root attached volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk 3. "local-ssd" - Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd). Default is "pd-standard".' + type: string + size: + description: Size is the size of the disk in GBs. Defaults to 30GB. For "local-ssd" size is always 375GB. + format: int64 + type: integer + type: object + type: array + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to add to an instance, in addition to the ones added by default by the GCP provider. If both the GCPCluster and the GCPMachine specify the same tag name with different values, the GCPMachine's value takes precedence. + type: object + additionalMetadata: + description: AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the GCP provider. + items: + description: MetadataItem defines a single piece of metadata associated with an instance. + properties: + key: + description: Key is the identifier for the metadata entry. + type: string + value: + description: Value is the value of the metadata entry. + type: string + required: + - key + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + additionalNetworkTags: + description: AdditionalNetworkTags is a list of network tags that should be applied to the instance. These tags are set in addition to any network tags defined at the cluster level or in the actuator. + items: + type: string + type: array + confidentialCompute: + description: ConfidentialCompute Defines whether the instance should have confidential compute enabled. If enabled OnHostMaintenance is required to be set to "Terminate". If omitted, the platform chooses a default, which is subject to change over time, currently that default is false. + enum: + - Enabled + - Disabled + type: string + image: + description: Image is the full reference to a valid image to be used for this machine. Takes precedence over ImageFamily. + type: string + imageFamily: + description: ImageFamily is the full reference to a valid image family to be used for this machine. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. Example: n1.standard-2' + type: string + ipForwarding: + default: Enabled + description: IPForwarding Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes. Defaults to enabled. + enum: + - Enabled + - Disabled + type: string + onHostMaintenance: + description: OnHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. If omitted, the platform chooses a default, which is subject to change over time, currently that default is "Migrate". + enum: + - Migrate + - Terminate + type: string + preemptible: + description: Preemptible defines if instance is preemptible + type: boolean + providerID: + description: ProviderID is the unique identifier as specified by the cloud provider. + type: string + publicIP: + description: PublicIP specifies whether the instance should get a public IP. Set this to true if you don't have a NAT instances or Cloud Nat setup. + type: boolean + rootDeviceSize: + description: RootDeviceSize is the size of the root volume in GB. Defaults to 30. + format: int64 + type: integer + rootDeviceType: + description: 'RootDeviceType is the type of the root volume. Supported types of root volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk Default is "pd-standard".' + type: string + serviceAccounts: + description: 'ServiceAccount specifies the service account email and which scopes to assign to the machine. Defaults to: email: "default", scope: []{compute.CloudPlatformScope}' + properties: + email: + description: 'Email: Email address of the service account.' + type: string + scopes: + description: 'Scopes: The list of scopes to be made available for this service account.' + items: + type: string + type: array + type: object + shieldedInstanceConfig: + description: ShieldedInstanceConfig is the Shielded VM configuration for this machine + properties: + integrityMonitoring: + description: IntegrityMonitoring determines whether the instance should have integrity monitoring that verify the runtime boot integrity. Compares the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled. + enum: + - Enabled + - Disabled + type: string + secureBoot: + description: SecureBoot Defines whether the instance should have secure boot enabled. Secure Boot verify the digital signature of all boot components, and halting the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled. + enum: + - Enabled + - Disabled + type: string + virtualizedTrustedPlatformModule: + description: VirtualizedTrustedPlatformModule enable virtualized trusted platform module measurements to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled. + enum: + - Enabled + - Disabled + type: string + type: object + subnet: + description: Subnet is a reference to the subnetwork to use for this instance. If not specified, the first subnetwork retrieved from the Cluster Region and Network is picked. + type: string + required: + - instanceType + type: object + status: + description: GCPMachineStatus defines the observed state of GCPMachine. + properties: + addresses: + description: Addresses contains the GCP instance associated addresses. + items: + description: NodeAddress contains information for the node's address. + properties: + address: + description: The node address. + type: string + type: + description: Node address type, one of Hostname, ExternalIP or InternalIP. + type: string + required: + - address + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output." + type: string + instanceState: + description: InstanceStatus is the status of the GCP instance for this machine. + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end -}} \ No newline at end of file diff --git a/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmachinetemplate-crd.yaml b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmachinetemplate-crd.yaml new file mode 100644 index 000000000..23ae05f74 --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmachinetemplate-crd.yaml @@ -0,0 +1,446 @@ +{{- if .Values.crds.create -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: gcpmachinetemplates.infrastructure.cluster.x-k8s.io + annotations: + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "cluster-api-provider-gcp.fullname" . }}-serving-cert' + controller-gen.kubebuilder.io/version: v0.11.3 + labels: + clusterctl.cluster.x-k8s.io: "" + cluster.x-k8s.io/provider: infrastructure-gcp + cluster.x-k8s.io/v1beta1: v1beta1 + {{- include "cluster-api-provider-gcp.labels" . | nindent 4 }} +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: '{{ include "cluster-api-provider-gcp.fullname" . }}-webhook-service' + namespace: '{{ .Release.Namespace }}' + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: GCPMachineTemplate + listKind: GCPMachineTemplateList + plural: gcpmachinetemplates + singular: gcpmachinetemplate + scope: Namespaced + versions: + - name: v1alpha3 + schema: + openAPIV3Schema: + description: GCPMachineTemplate is the Schema for the gcpmachinetemplates API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPMachineTemplateSpec defines the desired state of GCPMachineTemplate. + properties: + template: + description: GCPMachineTemplateResource describes the data needed to create am GCPMachine from a template. + properties: + spec: + description: Spec is the specification of the desired behavior of the machine. + properties: + additionalDisks: + description: AdditionalDisks are optional non-boot attached disks. + items: + description: AttachedDiskSpec degined GCP machine disk. + properties: + deviceType: + description: 'DeviceType is a device type of the attached disk. Supported types of non-root attached volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk 3. "local-ssd" - Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd). Default is "pd-standard".' + type: string + size: + description: Size is the size of the disk in GBs. Defaults to 30GB. For "local-ssd" size is always 375GB. + format: int64 + type: integer + type: object + type: array + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to add to an instance, in addition to the ones added by default by the GCP provider. If both the GCPCluster and the GCPMachine specify the same tag name with different values, the GCPMachine's value takes precedence. + type: object + additionalMetadata: + description: AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the GCP provider. + items: + description: MetadataItem defines a single piece of metadata associated with an instance. + properties: + key: + description: Key is the identifier for the metadata entry. + type: string + value: + description: Value is the value of the metadata entry. + type: string + required: + - key + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + additionalNetworkTags: + description: AdditionalNetworkTags is a list of network tags that should be applied to the instance. These tags are set in addition to any network tags defined at the cluster level or in the actuator. + items: + type: string + type: array + image: + description: Image is the full reference to a valid image to be used for this machine. Takes precedence over ImageFamily. + type: string + imageFamily: + description: ImageFamily is the full reference to a valid image family to be used for this machine. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. Example: n1.standard-2' + type: string + preemptible: + description: Preemptible defines if instance is preemptible + type: boolean + providerID: + description: ProviderID is the unique identifier as specified by the cloud provider. + type: string + publicIP: + description: PublicIP specifies whether the instance should get a public IP. Set this to true if you don't have a NAT instances or Cloud Nat setup. + type: boolean + rootDeviceSize: + description: RootDeviceSize is the size of the root volume in GB. Defaults to 30. + format: int64 + type: integer + rootDeviceType: + description: 'RootDeviceType is the type of the root volume. Supported types of root volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk Default is "pd-standard".' + type: string + serviceAccounts: + description: 'ServiceAccount specifies the service account email and which scopes to assign to the machine. Defaults to: email: "default", scope: []{compute.CloudPlatformScope}' + properties: + email: + description: 'Email: Email address of the service account.' + type: string + scopes: + description: 'Scopes: The list of scopes to be made available for this service account.' + items: + type: string + type: array + type: object + subnet: + description: Subnet is a reference to the subnetwork to use for this instance. If not specified, the first subnetwork retrieved from the Cluster Region and Network is picked. + type: string + required: + - instanceType + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: false + - name: v1alpha4 + schema: + openAPIV3Schema: + description: GCPMachineTemplate is the Schema for the gcpmachinetemplates API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPMachineTemplateSpec defines the desired state of GCPMachineTemplate. + properties: + template: + description: GCPMachineTemplateResource describes the data needed to create am GCPMachine from a template. + properties: + spec: + description: Spec is the specification of the desired behavior of the machine. + properties: + additionalDisks: + description: AdditionalDisks are optional non-boot attached disks. + items: + description: AttachedDiskSpec degined GCP machine disk. + properties: + deviceType: + description: 'DeviceType is a device type of the attached disk. Supported types of non-root attached volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk 3. "local-ssd" - Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd). Default is "pd-standard".' + type: string + size: + description: Size is the size of the disk in GBs. Defaults to 30GB. For "local-ssd" size is always 375GB. + format: int64 + type: integer + type: object + type: array + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to add to an instance, in addition to the ones added by default by the GCP provider. If both the GCPCluster and the GCPMachine specify the same tag name with different values, the GCPMachine's value takes precedence. + type: object + additionalMetadata: + description: AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the GCP provider. + items: + description: MetadataItem defines a single piece of metadata associated with an instance. + properties: + key: + description: Key is the identifier for the metadata entry. + type: string + value: + description: Value is the value of the metadata entry. + type: string + required: + - key + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + additionalNetworkTags: + description: AdditionalNetworkTags is a list of network tags that should be applied to the instance. These tags are set in addition to any network tags defined at the cluster level or in the actuator. + items: + type: string + type: array + image: + description: Image is the full reference to a valid image to be used for this machine. Takes precedence over ImageFamily. + type: string + imageFamily: + description: ImageFamily is the full reference to a valid image family to be used for this machine. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. Example: n1.standard-2' + type: string + preemptible: + description: Preemptible defines if instance is preemptible + type: boolean + providerID: + description: ProviderID is the unique identifier as specified by the cloud provider. + type: string + publicIP: + description: PublicIP specifies whether the instance should get a public IP. Set this to true if you don't have a NAT instances or Cloud Nat setup. + type: boolean + rootDeviceSize: + description: RootDeviceSize is the size of the root volume in GB. Defaults to 30. + format: int64 + type: integer + rootDeviceType: + description: 'RootDeviceType is the type of the root volume. Supported types of root volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk Default is "pd-standard".' + type: string + serviceAccounts: + description: 'ServiceAccount specifies the service account email and which scopes to assign to the machine. Defaults to: email: "default", scope: []{compute.CloudPlatformScope}' + properties: + email: + description: 'Email: Email address of the service account.' + type: string + scopes: + description: 'Scopes: The list of scopes to be made available for this service account.' + items: + type: string + type: array + type: object + subnet: + description: Subnet is a reference to the subnetwork to use for this instance. If not specified, the first subnetwork retrieved from the Cluster Region and Network is picked. + type: string + required: + - instanceType + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: false + - name: v1beta1 + schema: + openAPIV3Schema: + description: GCPMachineTemplate is the Schema for the gcpmachinetemplates API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPMachineTemplateSpec defines the desired state of GCPMachineTemplate. + properties: + template: + description: GCPMachineTemplateResource describes the data needed to create am GCPMachine from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Spec is the specification of the desired behavior of the machine. + properties: + additionalDisks: + description: AdditionalDisks are optional non-boot attached disks. + items: + description: AttachedDiskSpec degined GCP machine disk. + properties: + deviceType: + description: 'DeviceType is a device type of the attached disk. Supported types of non-root attached volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk 3. "local-ssd" - Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd). Default is "pd-standard".' + type: string + size: + description: Size is the size of the disk in GBs. Defaults to 30GB. For "local-ssd" size is always 375GB. + format: int64 + type: integer + type: object + type: array + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to add to an instance, in addition to the ones added by default by the GCP provider. If both the GCPCluster and the GCPMachine specify the same tag name with different values, the GCPMachine's value takes precedence. + type: object + additionalMetadata: + description: AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the GCP provider. + items: + description: MetadataItem defines a single piece of metadata associated with an instance. + properties: + key: + description: Key is the identifier for the metadata entry. + type: string + value: + description: Value is the value of the metadata entry. + type: string + required: + - key + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + additionalNetworkTags: + description: AdditionalNetworkTags is a list of network tags that should be applied to the instance. These tags are set in addition to any network tags defined at the cluster level or in the actuator. + items: + type: string + type: array + confidentialCompute: + description: ConfidentialCompute Defines whether the instance should have confidential compute enabled. If enabled OnHostMaintenance is required to be set to "Terminate". If omitted, the platform chooses a default, which is subject to change over time, currently that default is false. + enum: + - Enabled + - Disabled + type: string + image: + description: Image is the full reference to a valid image to be used for this machine. Takes precedence over ImageFamily. + type: string + imageFamily: + description: ImageFamily is the full reference to a valid image family to be used for this machine. + type: string + instanceType: + description: 'InstanceType is the type of instance to create. Example: n1.standard-2' + type: string + ipForwarding: + default: Enabled + description: IPForwarding Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes. Defaults to enabled. + enum: + - Enabled + - Disabled + type: string + onHostMaintenance: + description: OnHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. If omitted, the platform chooses a default, which is subject to change over time, currently that default is "Migrate". + enum: + - Migrate + - Terminate + type: string + preemptible: + description: Preemptible defines if instance is preemptible + type: boolean + providerID: + description: ProviderID is the unique identifier as specified by the cloud provider. + type: string + publicIP: + description: PublicIP specifies whether the instance should get a public IP. Set this to true if you don't have a NAT instances or Cloud Nat setup. + type: boolean + rootDeviceSize: + description: RootDeviceSize is the size of the root volume in GB. Defaults to 30. + format: int64 + type: integer + rootDeviceType: + description: 'RootDeviceType is the type of the root volume. Supported types of root volumes: 1. "pd-standard" - Standard (HDD) persistent disk 2. "pd-ssd" - SSD persistent disk Default is "pd-standard".' + type: string + serviceAccounts: + description: 'ServiceAccount specifies the service account email and which scopes to assign to the machine. Defaults to: email: "default", scope: []{compute.CloudPlatformScope}' + properties: + email: + description: 'Email: Email address of the service account.' + type: string + scopes: + description: 'Scopes: The list of scopes to be made available for this service account.' + items: + type: string + type: array + type: object + shieldedInstanceConfig: + description: ShieldedInstanceConfig is the Shielded VM configuration for this machine + properties: + integrityMonitoring: + description: IntegrityMonitoring determines whether the instance should have integrity monitoring that verify the runtime boot integrity. Compares the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled. + enum: + - Enabled + - Disabled + type: string + secureBoot: + description: SecureBoot Defines whether the instance should have secure boot enabled. Secure Boot verify the digital signature of all boot components, and halting the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled. + enum: + - Enabled + - Disabled + type: string + virtualizedTrustedPlatformModule: + description: VirtualizedTrustedPlatformModule enable virtualized trusted platform module measurements to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled. + enum: + - Enabled + - Disabled + type: string + type: object + subnet: + description: Subnet is a reference to the subnetwork to use for this instance. If not specified, the first subnetwork retrieved from the Cluster Region and Network is picked. + type: string + required: + - instanceType + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end -}} \ No newline at end of file diff --git a/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedcluster-crd.yaml b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedcluster-crd.yaml new file mode 100644 index 000000000..d807013f3 --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedcluster-crd.yaml @@ -0,0 +1,274 @@ +{{- if .Values.crds.create -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: gcpmanagedclusters.infrastructure.cluster.x-k8s.io + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + labels: + clusterctl.cluster.x-k8s.io: "" + cluster.x-k8s.io/provider: infrastructure-gcp + cluster.x-k8s.io/v1beta1: v1beta1 + {{- include "cluster-api-provider-gcp.labels" . | nindent 4 }} +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: GCPManagedCluster + listKind: GCPManagedClusterList + plural: gcpmanagedclusters + shortNames: + - gcpmc + singular: gcpmanagedcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this GCPCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Cluster infrastructure is ready for GCE instances + jsonPath: .status.ready + name: Ready + type: string + - description: GCP network the cluster is using + jsonPath: .spec.network.name + name: Network + type: string + - description: API Endpoint + jsonPath: .status.apiEndpoints[0] + name: Endpoint + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: GCPManagedCluster is the Schema for the gcpmanagedclusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPManagedClusterSpec defines the desired state of GCPManagedCluster. + properties: + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the ones added by default. + type: object + addonsConfig: + description: AddonsConfig is a configuration for the various addons available to run in the cluster. + properties: + gcpFilestoreCsiDriverEnabled: + description: GcpFilestoreCsiDriverEnabled track whether the GCP Filestore CSI driver is enabled for this cluster. + type: boolean + horizontalPodAutoscalingEnabled: + description: HorizontalPodAutoscalingEnabled tracks whether the Horizontal Pod Autoscaling feature is enabled in the cluster. When enabled, it ensures that metrics are collected into Stackdriver Monitoring. + type: boolean + httpLoadBalancingEnabled: + description: HttpLoadBalancingEnabled tracks whether the HTTP Load Balancing controller is enabled in the cluster. When enabled, it runs a small pod in the cluster that manages the load balancers. + type: boolean + networkPolicyEnabled: + description: NetworkPolicyEnabled tracks whether the addon is enabled or not on the Master, it does not track whether network policy is enabled for the nodes. + type: boolean + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + credentialsRef: + description: CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning this cluster. If not supplied then the credentials of the controller will be used. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + required: + - name + - namespace + type: object + network: + description: NetworkSpec encapsulates all things related to the GCP network. + properties: + autoCreateSubnetworks: + description: "AutoCreateSubnetworks: When set to true, the VPC network is created in \"auto\" mode. When set to false, the VPC network is created in \"custom\" mode. \n An auto mode VPC network starts with one subnet per region. Each subnet has a predetermined range as described in Auto mode VPC network IP ranges. \n Defaults to true." + type: boolean + datapathProvider: + description: The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation (DatapathProviderLegacyDatapath). + type: string + loadBalancerBackendPort: + description: Allow for configuration of load balancer backend (useful for changing apiserver port) + format: int32 + type: integer + name: + description: Name is the name of the network to be used. + type: string + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an GCP Subnet. + properties: + cidrBlock: + description: CidrBlock is the range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. This field can be set only at resource creation time. + type: string + description: + description: Description is an optional description associated with the resource. + type: string + enableFlowLogs: + description: 'EnableFlowLogs: Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is to disable flow logging.' + type: boolean + name: + description: Name defines a unique identifier to reference this resource. + type: string + privateGoogleAccess: + description: PrivateGoogleAccess defines whether VMs in this subnet can access Google services without assigning external IP addresses + type: boolean + purpose: + default: PRIVATE_RFC_1918 + description: "Purpose: The purpose of the resource. If unspecified, the purpose defaults to PRIVATE_RFC_1918. The enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER. \n Possible values: \"INTERNAL_HTTPS_LOAD_BALANCER\" - Subnet reserved for Internal HTTP(S) Load Balancing. \"PRIVATE\" - Regular user created or automatically created subnet. \"PRIVATE_RFC_1918\" - Regular user created or automatically created subnet. \"PRIVATE_SERVICE_CONNECT\" - Subnetworks created for Private Service Connect in the producer network. \"REGIONAL_MANAGED_PROXY\" - Subnetwork used for Regional Internal/External HTTP(S) Load Balancing." + enum: + - INTERNAL_HTTPS_LOAD_BALANCER + - PRIVATE_RFC_1918 + - PRIVATE + - PRIVATE_SERVICE_CONNECT + - REGIONAL_MANAGED_PROXY + type: string + region: + description: Region is the name of the region where the Subnetwork resides. + type: string + secondaryCidrBlocks: + additionalProperties: + type: string + description: SecondaryCidrBlocks defines secondary CIDR ranges, from which secondary IP ranges of a VM may be allocated + type: object + type: object + type: array + type: object + project: + description: Project is the name of the project to deploy the cluster to. + type: string + region: + description: The GCP Region the cluster lives in. + type: string + required: + - project + - region + type: object + status: + description: GCPManagedClusterStatus defines the observed state of GCPManagedCluster. + properties: + conditions: + description: Conditions specifies the conditions for the managed control plane + items: + description: Condition defines an observation of a Cluster API resource operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. + type: string + severity: + description: Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure domains. It allows controllers to understand how many failure domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains is a slice of FailureDomains. + type: object + network: + description: Network encapsulates GCP networking resources. + properties: + apiServerBackendService: + description: APIServerBackendService is the full reference to the backend service created for the API Server. + type: string + apiServerForwardingRule: + description: APIServerForwardingRule is the full reference to the forwarding rule created for the API Server. + type: string + apiServerHealthCheck: + description: APIServerHealthCheck is the full reference to the health check created for the API Server. + type: string + apiServerInstanceGroups: + additionalProperties: + type: string + description: APIServerInstanceGroups is a map from zone to the full reference to the instance groups created for the control plane nodes created in the same zone. + type: object + apiServerIpAddress: + description: APIServerAddress is the IPV4 global address assigned to the load balancer created for the API Server. + type: string + apiServerTargetProxy: + description: APIServerTargetProxy is the full reference to the target proxy created for the API Server. + type: string + firewallRules: + additionalProperties: + type: string + description: FirewallRules is a map from the name of the rule to its full reference. + type: object + router: + description: Router is the full reference to the router created within the network it'll contain the cloud nat gateway + type: string + selfLink: + description: SelfLink is the link to the Network used for this cluster. + type: string + type: object + ready: + type: boolean + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end -}} \ No newline at end of file diff --git a/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedcontrolplane-crd.yaml b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedcontrolplane-crd.yaml new file mode 100644 index 000000000..6e38d22f4 --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedcontrolplane-crd.yaml @@ -0,0 +1,160 @@ +{{- if .Values.crds.create -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: gcpmanagedcontrolplanes.infrastructure.cluster.x-k8s.io + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + labels: + clusterctl.cluster.x-k8s.io: "" + cluster.x-k8s.io/provider: infrastructure-gcp + cluster.x-k8s.io/v1beta1: v1beta1 + {{- include "cluster-api-provider-gcp.labels" . | nindent 4 }} +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: GCPManagedControlPlane + listKind: GCPManagedControlPlaneList + plural: gcpmanagedcontrolplanes + shortNames: + - gcpmcp + singular: gcpmanagedcontrolplane + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this GCPManagedControlPlane belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Control plane is ready + jsonPath: .status.ready + name: Ready + type: string + - description: The current Kubernetes version + jsonPath: .status.currentVersion + name: CurrentVersion + type: string + - description: API Endpoint + jsonPath: .spec.endpoint + name: Endpoint + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: GCPManagedControlPlane is the Schema for the gcpmanagedcontrolplanes API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPManagedControlPlaneSpec defines the desired state of GCPManagedControlPlane. + properties: + clusterName: + description: ClusterName allows you to specify the name of the GKE cluster. If you don't specify a name then a default name will be created based on the namespace and name of the managed control plane. + type: string + controlPlaneVersion: + description: ControlPlaneVersion represents the control plane version of the GKE cluster. If not specified, the default version currently supported by GKE will be used. + type: string + enableAutopilot: + description: EnableAutopilot indicates whether to enable autopilot for this GKE cluster. + type: boolean + enableWorkloadIdentity: + description: 'EnableWorkloadIdentity allows enabling workload identity during cluster creation when EnableAutopilot is disabled. It allows workloads in your GKE clusters to impersonate Identity and Access Management (IAM) service accounts to access Google Cloud services. Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity' + type: boolean + endpoint: + description: Endpoint represents the endpoint used to communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + location: + description: Location represents the location (region or zone) in which the GKE cluster will be created. + type: string + project: + description: Project is the name of the project to deploy the cluster to. + type: string + releaseChannel: + description: ReleaseChannel represents the release channel of the GKE cluster. + enum: + - rapid + - regular + - stable + type: string + required: + - location + - project + type: object + status: + description: GCPManagedControlPlaneStatus defines the observed state of GCPManagedControlPlane. + properties: + conditions: + description: Conditions specifies the conditions for the managed control plane + items: + description: Condition defines an observation of a Cluster API resource operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. + type: string + severity: + description: Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + currentVersion: + description: CurrentVersion shows the current version of the GKE control plane. + type: string + initialized: + description: Initialized is true when the control plane is available for initial contact. This may occur before the control plane is fully ready. + type: boolean + ready: + default: false + description: Ready denotes that the GCPManagedControlPlane API Server is ready to receive requests. + type: boolean + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end -}} \ No newline at end of file diff --git a/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedmachinepool-crd.yaml b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedmachinepool-crd.yaml new file mode 100644 index 000000000..f72afd38e --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-gcp/templates/gcpmanagedmachinepool-crd.yaml @@ -0,0 +1,183 @@ +{{- if .Values.crds.create -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: gcpmanagedmachinepools.infrastructure.cluster.x-k8s.io + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + labels: + clusterctl.cluster.x-k8s.io: "" + cluster.x-k8s.io/provider: infrastructure-gcp + cluster.x-k8s.io/v1beta1: v1beta1 + {{- include "cluster-api-provider-gcp.labels" . | nindent 4 }} +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: GCPManagedMachinePool + listKind: GCPManagedMachinePoolList + plural: gcpmanagedmachinepools + shortNames: + - gcpmmp + singular: gcpmanagedmachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.mode + name: Mode + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: GCPManagedMachinePool is the Schema for the gcpmanagedmachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPManagedMachinePoolSpec defines the desired state of GCPManagedMachinePool. + properties: + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the ones added by default. + type: object + diskSizeGb: + description: "Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. \n If unspecified, the default disk size is 100GB." + format: int32 + type: integer + diskType: + description: "Type of the disk attached to each node (e.g. 'pd-standard', 'pd-ssd' or 'pd-balanced') \n If unspecified, the default disk type is 'pd-standard'" + type: string + imageType: + description: ImageType is the image type to use for this node. Note that for a given image type, the latest version of it will be used. Please see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images for available image types. + type: string + kubernetesLabels: + additionalProperties: + type: string + description: KubernetesLabels specifies the labels to apply to the nodes of the node pool. + type: object + kubernetesTaints: + description: KubernetesTaints specifies the taints to apply to the nodes of the node pool. + items: + description: Taint represents a Kubernetes taint. + properties: + effect: + description: Effect specifies the effect for the taint. + enum: + - NoSchedule + - NoExecute + - PreferNoSchedule + type: string + key: + description: Key is the key of the taint + type: string + value: + description: Value is the value of the taint + type: string + required: + - effect + - key + - value + type: object + type: array + machineType: + description: "The name of a Google Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types) \n If unspecified, the default machine type is `e2-medium`." + type: string + management: + description: Management configuration for this NodePool. + properties: + autoRepair: + description: AutoRepair is a flag that specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered. + type: boolean + autoUpgrade: + description: AutoUpgrade is a flag that specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes. + type: boolean + type: object + nodePoolName: + description: NodePoolName specifies the name of the GKE node pool corresponding to this MachinePool. If you don't specify a name then a default name will be created based on the namespace and name of the managed machine pool. + type: string + preemptible: + description: 'Whether the nodes are created as preemptible VM instances. See: https://cloud.google.com/compute/docs/instances/preemptible for more information about preemptible VM instances.' + type: boolean + providerIDList: + description: ProviderIDList are the provider IDs of instances in the managed instance group corresponding to the nodegroup represented by this machine pool + items: + type: string + type: array + scaling: + description: Scaling specifies scaling for the node pool + properties: + maxCount: + description: MaxCount is a maximum number of nodes for one location in the NodePool. Must be >= maxCount. There has to be enough quota to scale up the cluster. + format: int32 + type: integer + minCount: + description: MinCount is a minimum number of nodes for one location in the NodePool. Must be >= 1 and <= maxCount. + format: int32 + type: integer + type: object + spot: + description: Spot flag for enabling Spot VM, which is a rebrand of the existing preemptible flag. + type: boolean + type: object + status: + description: GCPManagedMachinePoolStatus defines the observed state of GCPManagedMachinePool. + properties: + conditions: + description: Conditions specifies the cpnditions for the managed machine pool + items: + description: Condition defines an observation of a Cluster API resource operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. + type: string + severity: + description: Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + ready: + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end -}} \ No newline at end of file diff --git a/bootstrap/helm/cluster-api-provider-gcp/templates/job.yaml b/bootstrap/helm/cluster-api-provider-gcp/templates/job.yaml new file mode 100644 index 000000000..09395b9ff --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-gcp/templates/job.yaml @@ -0,0 +1,64 @@ +{{- if .Values.job.enabled -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "cluster-api-provider-gcp-plural.fullname" . }}-wait-for-provider + labels: + {{- include "cluster-api-provider-gcp-plural.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.job.annotations | nindent 4 }} +spec: + template: + spec: + containers: + - name: wait-for-provider + image: {{ .Values.job.image.repository }}:{{ .Values.job.image.tag }} + imagePullPolicy: {{ .Values.job.image.pullPolicy }} + command: ["kubectl"] + args: ["wait", "--for=condition=Available", "--timeout=600s", "deployment/{{ include "cluster-api-provider-gcp.fullname" (index .Subcharts "cluster-api-provider-gcp") }}-controller-manager", "-n", "{{ .Release.namespace }}"] + restartPolicy: Never + serviceAccountName: {{ include "cluster-api-provider-gcp-plural.fullname" . }}-wait-for-provider + backoffLimit: 4 +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "cluster-api-provider-gcp-plural.fullname" . }}-wait-for-provider + labels: + {{- include "cluster-api-provider-gcp-plural.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.job.annotations | nindent 4 }} +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] +- apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "cluster-api-provider-gcp-plural.fullname" . }}-wait-for-provider + labels: + {{- include "cluster-api-provider-gcp-plural.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.job.annotations | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "cluster-api-provider-gcp-plural.fullname" . }}-wait-for-provider + namespace: {{ .Release.namespace }} +roleRef: + kind: Role + name: {{ include "cluster-api-provider-gcp-plural.fullname" . }}-wait-for-provider + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "cluster-api-provider-gcp-plural.fullname" . }}-wait-for-provider + labels: + {{- include "cluster-api-provider-gcp-plural.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.job.annotations | nindent 4 }} +{{- end }} diff --git a/bootstrap/helm/cluster-api-provider-gcp/values.yaml b/bootstrap/helm/cluster-api-provider-gcp/values.yaml new file mode 100644 index 000000000..94f8da743 --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-gcp/values.yaml @@ -0,0 +1,26 @@ +crds: + create: true + +cluster-api-provider-gcp: + crds: + create: false + configVariables: + exprimental: + capgGke: true + controllerManager: + manager: + image: + repository: ghcr.io/pluralsh/cluster-api-gcp-controller + tag: v1.4.3 + bootstrapMode: false + +job: + enabled: true + annotations: + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-weight: "-5" + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + image: + repository: bitnami/kubectl + tag: 1.25.8 + pullPolicy: IfNotPresent diff --git a/bootstrap/helm/cluster-api-provider-gcp/values.yaml.tpl b/bootstrap/helm/cluster-api-provider-gcp/values.yaml.tpl new file mode 100644 index 000000000..4c2860c25 --- /dev/null +++ b/bootstrap/helm/cluster-api-provider-gcp/values.yaml.tpl @@ -0,0 +1,4 @@ +cluster-api-provider-gcp: + serviceAccount: + annotations: + iam.gke.io/gcp-service-account: {{ importValue "Terraform" "capi_sa_workload_identity_email" }} \ No newline at end of file diff --git a/bootstrap/plural/recipes/aws-cluster-api-simple-test.yaml b/bootstrap/plural/recipes/aws-cluster-api-simple-test.yaml new file mode 100644 index 000000000..b5d7ce192 --- /dev/null +++ b/bootstrap/plural/recipes/aws-cluster-api-simple-test.yaml @@ -0,0 +1,35 @@ +name: aws-cluster-api-simple-test +description: Creates an eks cluster and installs the bootstrap chart +provider: AWS +primary: false +private: true +dependencies: [] +sections: + - name: bootstrap + configuration: + - name: vpc_name + documentation: Arbitary name for the virtual private cloud to place your cluster in, eg "plural" + type: STRING + validation: + type: REGEX + regex: '[a-z][\-a-z0-9]{0,61}[a-z0-9]' + message: must begin with a lowercase letter, and can only contain lowercase letters, numbers or hyphens after + items: + - type: TERRAFORM + name: aws-bootstrap-cluster-api + - type: HELM + name: bootstrap + - type: HELM + name: plural-certmanager-webhook + # - type: HELM + # name: cluster-api-operator + - type: HELM + name: cluster-api-core + - type: HELM + name: cluster-api-bootstrap + - type: HELM + name: cluster-api-control-plane + - type: HELM + name: cluster-api-provider-aws + - type: HELM + name: cluster-api-cluster diff --git a/bootstrap/plural/recipes/azure-cluster-api-simple-test.yaml b/bootstrap/plural/recipes/azure-cluster-api-simple-test.yaml new file mode 100644 index 000000000..3663ac323 --- /dev/null +++ b/bootstrap/plural/recipes/azure-cluster-api-simple-test.yaml @@ -0,0 +1,37 @@ +name: azure-cluster-api-simple-test +description: Creates an AKS cluster and installs the bootstrap chart +provider: AZURE +primary: false +private: true +dependencies: [] +sections: + - name: bootstrap + configuration: + - name: network_name + documentation: Arbitary name for the network to place your cluster in, eg "plural" + type: STRING + validation: + type: REGEX + regex: '[a-z][\-a-z0-9]{0,61}[a-z0-9]' + message: must begin with a lowercase letter, and can only contain lowercase letters, numbers or hyphens after + items: + - type: TERRAFORM + name: azure-bootstrap-cluster-api + - type: HELM + name: bootstrap + - type: HELM + name: azure-identity + - type: HELM + name: plural-certmanager-webhook + - type: HELM + name: cluster-api-core + - type: HELM + name: cluster-api-bootstrap + - type: HELM + name: cluster-api-control-plane + - type: HELM + name: cluster-api-provider-azure + - type: HELM + name: cluster-api-cluster + - type: HELM + name: azure-workload-identity diff --git a/bootstrap/plural/recipes/docker-cluster-api-simple-test.yaml b/bootstrap/plural/recipes/docker-cluster-api-simple-test.yaml new file mode 100644 index 000000000..3f1d36d9b --- /dev/null +++ b/bootstrap/plural/recipes/docker-cluster-api-simple-test.yaml @@ -0,0 +1,26 @@ +name: docker-cluster-api-simple-test +description: Creates an Docker cluster and installs the bootstrap chart +provider: KIND +primary: false +private: true +dependencies: [] +sections: + - name: bootstrap + configuration: [] + items: + - type: TERRAFORM + name: kind-bootstrap-cluster-api + - type: HELM + name: bootstrap + - type: HELM + name: plural-certmanager-webhook + - type: HELM + name: cluster-api-core + - type: HELM + name: cluster-api-bootstrap + - type: HELM + name: cluster-api-control-plane + - type: HELM + name: cluster-api-provider-docker + - type: HELM + name: cluster-api-cluster diff --git a/bootstrap/plural/recipes/gcp-cluster-api-simple-test.yaml b/bootstrap/plural/recipes/gcp-cluster-api-simple-test.yaml new file mode 100644 index 000000000..c5134b4f2 --- /dev/null +++ b/bootstrap/plural/recipes/gcp-cluster-api-simple-test.yaml @@ -0,0 +1,33 @@ +name: gcp-cluster-api-simple-test +description: Creates an eks cluster and installs the bootstrap chart +provider: GCP +primary: false +private: true +dependencies: [] +sections: + - name: bootstrap + configuration: + - name: vpc_name + documentation: Arbitrary name for the network to place your cluster in, eg "plural" + type: STRING + validation: + type: REGEX + regex: '[a-z][\-a-z0-9]{0,61}[a-z0-9]' + message: must begin with a lowercase letter, and can only contain lowercase letters, numbers or hyphens after + items: + - type: TERRAFORM + name: gcp-bootstrap-cluster-api + - type: HELM + name: bootstrap + - type: HELM + name: plural-certmanager-webhook + - type: HELM + name: cluster-api-core + - type: HELM + name: cluster-api-bootstrap + - type: HELM + name: cluster-api-control-plane + - type: HELM + name: cluster-api-provider-gcp + - type: HELM + name: cluster-api-cluster diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/aws-lb-controller.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/aws-lb-controller.tf new file mode 100644 index 000000000..a45301848 --- /dev/null +++ b/bootstrap/terraform/aws-bootstrap-cluster-api/aws-lb-controller.tf @@ -0,0 +1,261 @@ +module "assumable_role_alb" { + count = var.enable_aws_lb_controller ? 1 : 0 + + source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" + version = "3.14.0" + create_role = true + role_name = "${var.cluster_name}-alb" + provider_url = replace(local.cluster_oidc_issuer_url, "https://", "") + role_policy_arns = [aws_iam_policy.alb[0].arn] + oidc_fully_qualified_subjects = ["system:serviceaccount:${var.namespace}:${var.alb_serviceaccount}"] +} + +resource "aws_iam_policy" "alb" { + count = var.enable_aws_lb_controller ? 1 : 0 + + name_prefix = "alb-contrller" + description = "aws load balancer controller policy for cluster ${local.cluster_id}" + policy = <<-POLICY + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeTags", + "ec2:GetCoipPoolUsage", + "ec2:DescribeCoipPools", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTags" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "iam:ListServerCertificates", + "iam:GetServerCertificate", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL", + "shield:GetSubscriptionState", + "shield:DescribeProtection", + "shield:CreateProtection", + "shield:DeleteProtection" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateSecurityGroup" + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteRule" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "true", + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "StringEquals": { + "elasticloadbalancing:CreateAction": [ + "CreateTargetGroup", + "CreateLoadBalancer" + ] + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets" + ], + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule" + ], + "Resource": "*" + } + ] + } + POLICY +} \ No newline at end of file diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/capa-sa.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/capa-sa.tf new file mode 100644 index 000000000..96cc73726 --- /dev/null +++ b/bootstrap/terraform/aws-bootstrap-cluster-api/capa-sa.tf @@ -0,0 +1,369 @@ +module "asummable_role_capa" { + # count = var.enable_cluster_capa ? 1 : 0 + + source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" + version = "3.14.0" + create_role = true + role_name = "${var.cluster_name}-capa-controller" + provider_url = replace(local.cluster_oidc_issuer_url, "https://", "") + role_policy_arns = [aws_iam_policy.capa_controller.arn, aws_iam_policy.capa_controller_eks.arn] + oidc_fully_qualified_subjects = ["system:serviceaccount:${var.namespace}:${var.capa_serviceaccount}", "system:serviceaccount:${var.namespace}:${var.capi_serviceaccount}"] +} + +resource "aws_iam_policy" "capa_controller" { + # count = var.enable_cluster_capa ? 1 : 0 + + name_prefix = "cluster-capa" + description = "EKS cluster api provider aws policy for cluster ${var.cluster_name}" + policy = data.aws_iam_policy_document.capa_controller.json +} + +resource "aws_iam_policy" "capa_controller_eks" { + # count = var.enable_cluster_capa ? 1 : 0 + + name_prefix = "cluster-capa" + description = "EKS cluster api provider aws policy for cluster ${var.cluster_name}" + policy = data.aws_iam_policy_document.capa_controller_eks.json +} + +data "aws_iam_policy_document" "capa_controller" { + statement { + sid = "" + effect = "Allow" + resources = ["*"] + + actions = [ + "ec2:AttachNetworkInterface", + "ec2:DetachNetworkInterface", + "ec2:AllocateAddress", + "ec2:AssignIpv6Addresses", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses", + "ec2:AssociateRouteTable", + "ec2:AttachInternetGateway", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateInternetGateway", + "ec2:CreateEgressOnlyInternetGateway", + "ec2:CreateNatGateway", + "ec2:CreateNetworkInterface", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSecurityGroup", + "ec2:CreateSubnet", + "ec2:CreateTags", + "ec2:CreateVpc", + "ec2:ModifyVpcAttribute", + "ec2:DeleteInternetGateway", + "ec2:DeleteEgressOnlyInternetGateway", + "ec2:DeleteNatGateway", + "ec2:DeleteRouteTable", + "ec2:ReplaceRoute", + "ec2:DeleteSecurityGroup", + "ec2:DeleteSubnet", + "ec2:DeleteTags", + "ec2:DeleteVpc", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInternetGateways", + "ec2:DescribeEgressOnlyInternetGateways", + "ec2:DescribeInstanceTypes", + "ec2:DescribeImages", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVolumes", + "ec2:DescribeTags", + "ec2:DetachInternetGateway", + "ec2:DisassociateRouteTable", + "ec2:DisassociateAddress", + "ec2:ModifyInstanceAttribute", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:ModifySubnetAttribute", + "ec2:ReleaseAddress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RunInstances", + "ec2:TerminateInstances", + "tag:GetResources", + "elasticloadbalancing:AddTags", + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:ConfigureHealthCheck", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:RemoveTags", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeInstanceRefreshes", + "ec2:CreateLaunchTemplate", + "ec2:CreateLaunchTemplateVersion", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DeleteLaunchTemplate", + "ec2:DeleteLaunchTemplateVersions", + "ec2:DescribeKeyPairs", + "ec2:ModifyInstanceMetadataOptions", + ] + } + + statement { + sid = "" + effect = "Allow" + resources = ["arn:*:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/*"] + + actions = [ + "autoscaling:CreateAutoScalingGroup", + "autoscaling:UpdateAutoScalingGroup", + "autoscaling:CreateOrUpdateTags", + "autoscaling:StartInstanceRefresh", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteTags", + ] + } + + statement { + sid = "" + effect = "Allow" + resources = ["arn:*:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"] + actions = ["iam:CreateServiceLinkedRole"] + + condition { + test = "StringLike" + variable = "iam:AWSServiceName" + values = ["autoscaling.amazonaws.com"] + } + } + + statement { + sid = "" + effect = "Allow" + resources = ["arn:*:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing"] + actions = ["iam:CreateServiceLinkedRole"] + + condition { + test = "StringLike" + variable = "iam:AWSServiceName" + values = ["elasticloadbalancing.amazonaws.com"] + } + } + + statement { + sid = "" + effect = "Allow" + resources = ["arn:*:iam::*:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot"] + actions = ["iam:CreateServiceLinkedRole"] + + condition { + test = "StringLike" + variable = "iam:AWSServiceName" + values = ["spot.amazonaws.com"] + } + } + + statement { + sid = "" + effect = "Allow" + resources = ["arn:*:iam::*:role/*.cluster-api-provider-aws.sigs.k8s.io"] + actions = ["iam:PassRole"] + } + + statement { + sid = "" + effect = "Allow" + resources = ["arn:*:secretsmanager:*:*:secret:aws.cluster.x-k8s.io/*"] + + actions = [ + "secretsmanager:CreateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:TagResource", + ] + } +} + +data "aws_iam_policy_document" "capa_controller_eks" { + + statement { + sid = "" + effect = "Allow" + resources = ["arn:*:ssm:*:*:parameter/aws/service/eks/optimized-ami/*"] + actions = ["ssm:GetParameter"] + } + + statement { + sid = "" + effect = "Allow" + resources = ["arn:*:iam::*:role/aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS"] + actions = ["iam:CreateServiceLinkedRole"] + + condition { + test = "StringLike" + variable = "iam:AWSServiceName" + values = ["eks.amazonaws.com"] + } + } + + statement { + sid = "" + effect = "Allow" + resources = ["arn:*:iam::*:role/aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup"] + actions = ["iam:CreateServiceLinkedRole"] + + condition { + test = "StringLike" + variable = "iam:AWSServiceName" + values = ["eks-nodegroup.amazonaws.com"] + } + } + + statement { + sid = "" + effect = "Allow" + resources = ["arn:aws:iam::*:role/aws-service-role/eks-fargate-pods.amazonaws.com/AWSServiceRoleForAmazonEKSForFargate"] + actions = ["iam:CreateServiceLinkedRole"] + + condition { + test = "StringLike" + variable = "iam:AWSServiceName" + values = ["eks-fargate.amazonaws.com"] + } + } + + statement { + sid = "" + effect = "Allow" + resources = ["*"] + + actions = [ + "iam:ListOpenIDConnectProviders", + "iam:GetOpenIDConnectProvider", + "iam:CreateOpenIDConnectProvider", + "iam:AddClientIDToOpenIDConnectProvider", + "iam:UpdateOpenIDConnectProviderThumbprint", + "iam:DeleteOpenIDConnectProvider", + "iam:TagOpenIDConnectProvider", + ] + } + + statement { + sid = "" + effect = "Allow" + resources = ["arn:*:iam::*:role/*"] + + actions = [ + "iam:GetRole", + "iam:ListAttachedRolePolicies", + "iam:DetachRolePolicy", + "iam:DeleteRole", + "iam:CreateRole", + "iam:TagRole", + "iam:AttachRolePolicy", + ] + } + + statement { + sid = "" + effect = "Allow" + resources = [ + "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", + "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", + "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", + "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", + ] + actions = ["iam:GetPolicy"] + } + + statement { + sid = "" + effect = "Allow" + + resources = [ + "arn:*:eks:*:*:cluster/*", + "arn:*:eks:*:*:nodegroup/*/*/*", + ] + + actions = [ + "eks:DescribeCluster", + "eks:ListClusters", + "eks:CreateCluster", + "eks:TagResource", + "eks:UpdateClusterVersion", + "eks:DeleteCluster", + "eks:UpdateClusterConfig", + "eks:UntagResource", + "eks:UpdateNodegroupVersion", + "eks:DescribeNodegroup", + "eks:DeleteNodegroup", + "eks:UpdateNodegroupConfig", + "eks:CreateNodegroup", + "eks:AssociateEncryptionConfig", + "eks:ListIdentityProviderConfigs", + "eks:AssociateIdentityProviderConfig", + "eks:DescribeIdentityProviderConfig", + "eks:DisassociateIdentityProviderConfig", + ] + } + + statement { + sid = "" + effect = "Allow" + resources = ["*"] + + actions = [ + "ec2:AssociateVpcCidrBlock", + "ec2:DisassociateVpcCidrBlock", + "eks:ListAddons", + "eks:CreateAddon", + "eks:DescribeAddonVersions", + "eks:DescribeAddon", + "eks:DeleteAddon", + "eks:UpdateAddon", + "eks:TagResource", + "eks:DescribeFargateProfile", + "eks:CreateFargateProfile", + "eks:DeleteFargateProfile", + ] + } + + statement { + sid = "" + effect = "Allow" + resources = ["*"] + actions = ["iam:PassRole"] + + condition { + test = "StringEquals" + variable = "iam:PassedToService" + values = ["eks.amazonaws.com"] + } + } + + statement { + sid = "" + effect = "Allow" + resources = ["*"] + + actions = [ + "kms:CreateGrant", + "kms:DescribeKey", + ] + + condition { + test = "ForAnyValue:StringLike" + variable = "kms:ResourceAliases" + values = ["alias/cluster-api-provider-aws-*"] + } + } +} diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/certmanager.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/certmanager.tf new file mode 100644 index 000000000..0d5657279 --- /dev/null +++ b/bootstrap/terraform/aws-bootstrap-cluster-api/certmanager.tf @@ -0,0 +1,39 @@ +module "assumable_role_certmanager" { + source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" + version = "3.14.0" + create_role = true + role_name = "${var.cluster_name}-certmanager" + provider_url = replace(local.cluster_oidc_issuer_url, "https://", "") + role_policy_arns = [aws_iam_policy.certmanager.arn] + oidc_fully_qualified_subjects = ["system:serviceaccount:${var.namespace}:${var.certmanager_serviceaccount}"] +} + +resource "aws_iam_policy" "certmanager" { + name_prefix = "certmanager" + description = "certmanager permissions for ${local.cluster_id}" + policy = <<-POLICY + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "route53:GetChange", + "Resource": "arn:aws:route53:::change/*" + }, + { + "Effect": "Allow", + "Action": [ + "route53:ChangeResourceRecordSets", + "route53:ListResourceRecordSets" + ], + "Resource": "arn:aws:route53:::hostedzone/*" + }, + { + "Effect": "Allow", + "Action": "route53:ListHostedZonesByName", + "Resource": "*" + } + ] + } + POLICY +} \ No newline at end of file diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/data.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/data.tf new file mode 100644 index 000000000..0e2ce8dbf --- /dev/null +++ b/bootstrap/terraform/aws-bootstrap-cluster-api/data.tf @@ -0,0 +1 @@ +data "aws_partition" "current" {} diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/deps.yaml b/bootstrap/terraform/aws-bootstrap-cluster-api/deps.yaml index 23b38d48e..45d2baba6 100644 --- a/bootstrap/terraform/aws-bootstrap-cluster-api/deps.yaml +++ b/bootstrap/terraform/aws-bootstrap-cluster-api/deps.yaml @@ -1,11 +1,27 @@ apiVersion: plural.sh/v1alpha1 kind: Dependencies metadata: - description: Creates an EKS cluster and prepares it for bootstrapping - version: 0.1.1 + description: Creates an EKS cluster and prepares it for bootstrapping + version: 0.1.6 spec: - breaking: true dependencies: [] providers: - aws - + outputs: + capa_iam_role_arn: capa_iam_role_arn + endpoint: cluster_endpoint + cluster_private_subnets: cluster_private_subnets + cluster_worker_private_subnets: cluster_worker_private_subnets + cluster_public_subnets: cluster_public_subnets + cluster_private_subnet_ids: cluster_private_subnet_ids + cluster_worker_private_subnet_ids: cluster_worker_private_subnet_ids + cluster_public_subnet_ids: cluster_public_subnet_ids + worker_role_arn: worker_role_arn + node_groups: node_groups + cluster_oidc_issuer_url: cluster_oidc_issuer_url + vpc: vpc + cluster: cluster + cluster_service_ipv4_cidr: cluster_service_ipv4_cidr + vpc_cidr: vpc_cidr + provider_wirings: + cluster: module.aws-bootstrap-cluster-api.cluster_name diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/ebs-csi-driver.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/ebs-csi-driver.tf new file mode 100644 index 000000000..f622f8259 --- /dev/null +++ b/bootstrap/terraform/aws-bootstrap-cluster-api/ebs-csi-driver.tf @@ -0,0 +1,178 @@ +module "assumable_role_ebs_csi" { + count = var.enable_ebs_csi_driver ? 1 : 0 + + source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" + version = "3.14.0" + create_role = true + role_name = "${var.cluster_name}-ebs-csi" + provider_url = replace(local.cluster_oidc_issuer_url, "https://", "") + role_policy_arns = [aws_iam_policy.ebs_csi[0].arn] + oidc_fully_qualified_subjects = ["system:serviceaccount:${var.namespace}:${var.ebs_csi_serviceaccount}"] +} + +resource "aws_iam_policy" "ebs_csi" { + count = var.enable_ebs_csi_driver ? 1 : 0 + + name_prefix = "ebs-csi" + description = "EKS EBS CSI policy for cluster ${local.cluster_id}" + policy = data.aws_iam_policy_document.ebs_csi.json +} + +data "aws_iam_policy_document" "ebs_csi" { + statement { + sid = "ebsCSIAll" + effect = "Allow" + resources = ["*"] + + actions = [ + "ec2:CreateSnapshot", + "ec2:AttachVolume", + "ec2:DetachVolume", + "ec2:ModifyVolume", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInstances", + "ec2:DescribeSnapshots", + "ec2:DescribeTags", + "ec2:DescribeVolumes", + "ec2:DescribeVolumesModifications", + ] + } + + statement { + sid = "ebsCSICreateTags" + effect = "Allow" + + resources = [ + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:snapshot/*", + ] + + actions = ["ec2:CreateTags"] + + condition { + test = "StringEquals" + variable = "ec2:CreateAction" + + values = [ + "CreateVolume", + "CreateSnapshot", + ] + } + } + + statement { + sid = "ebsCSIDeleteTags" + effect = "Allow" + + resources = [ + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:snapshot/*", + ] + + actions = ["ec2:DeleteTags"] + } + + statement { + sid = "ebsCSICreateVolume1" + effect = "Allow" + resources = ["*"] + actions = ["ec2:CreateVolume"] + + condition { + test = "StringLike" + variable = "aws:RequestTag/ebs.csi.aws.com/cluster" + values = ["true"] + } + } + + statement { + sid = "ebsCSICreateVolume2" + effect = "Allow" + resources = ["*"] + actions = ["ec2:CreateVolume"] + + condition { + test = "StringLike" + variable = "aws:RequestTag/CSIVolumeName" + values = ["*"] + } + } + + statement { + sid = "ebsCSICreateVolume3" + effect = "Allow" + resources = ["*"] + actions = ["ec2:CreateVolume"] + + condition { + test = "StringLike" + variable = "aws:RequestTag/kubernetes.io/cluster/*" + values = ["owned"] + } + } + + statement { + sid = "ebsCSIDeleteVolume1" + effect = "Allow" + resources = ["*"] + actions = ["ec2:DeleteVolume"] + + condition { + test = "StringLike" + variable = "ec2:ResourceTag/ebs.csi.aws.com/cluster" + values = ["true"] + } + } + + statement { + sid = "ebsCSIDeleteVolume2" + effect = "Allow" + resources = ["*"] + actions = ["ec2:DeleteVolume"] + + condition { + test = "StringLike" + variable = "ec2:ResourceTag/CSIVolumeName" + values = ["*"] + } + } + + statement { + sid = "ebsCSIDeleteVolume3" + effect = "Allow" + resources = ["*"] + actions = ["ec2:DeleteVolume"] + + condition { + test = "StringLike" + variable = "ec2:ResourceTag/kubernetes.io/cluster/*" + values = ["owned"] + } + } + + statement { + sid = "ebsCSIDeleteSnapshot1" + effect = "Allow" + resources = ["*"] + actions = ["ec2:DeleteSnapshot"] + + condition { + test = "StringLike" + variable = "ec2:ResourceTag/CSIVolumeSnapshotName" + values = ["*"] + } + } + + statement { + sid = "ebsCSIDeleteSnapshot2" + effect = "Allow" + resources = ["*"] + actions = ["ec2:DeleteSnapshot"] + + condition { + test = "StringLike" + variable = "ec2:ResourceTag/ebs.csi.aws.com/cluster" + values = ["true"] + } + } +} diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/existing.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/existing.tf new file mode 100644 index 000000000..eef978d70 --- /dev/null +++ b/bootstrap/terraform/aws-bootstrap-cluster-api/existing.tf @@ -0,0 +1,24 @@ +data "aws_eks_cluster" "cluster" { + count = var.create_cluster ? 0 : 1 + name = var.cluster_name +} + +data "aws_vpc" "vpc" { + count = var.create_cluster ? 0 : 1 + id = local.vpc_id +} + +data "aws_subnet" "worker_private_subnets" { + count = length(local.worker_private_subnet_ids) + id = local.worker_private_subnet_ids[count.index] +} + +data "aws_subnet" "private_subnets" { + count = length(local.private_subnet_ids) + id = local.private_subnet_ids[count.index] +} + +data "aws_subnet" "public_subnets" { + count = length(local.public_subnet_ids) + id = local.public_subnet_ids[count.index] +} diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/irsa-autoscaler.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/irsa-autoscaler.tf new file mode 100644 index 000000000..cd6fdf192 --- /dev/null +++ b/bootstrap/terraform/aws-bootstrap-cluster-api/irsa-autoscaler.tf @@ -0,0 +1,63 @@ +module "asummable_role_autoscaler" { + count = var.enable_cluster_autoscaler ? 1 : 0 + + source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" + version = "3.14.0" + create_role = true + role_name = "${var.cluster_name}-cluster-autoscaler" + provider_url = replace(local.cluster_oidc_issuer_url, "https://", "") + role_policy_arns = [aws_iam_policy.cluster_autoscaler[0].arn] + oidc_fully_qualified_subjects = ["system:serviceaccount:${var.namespace}:${var.autoscaler_serviceaccount}"] +} + +resource "aws_iam_policy" "cluster_autoscaler" { + count = var.enable_cluster_autoscaler ? 1 : 0 + + name_prefix = "cluster-autoscaler" + description = "EKS cluster-autoscaler policy for cluster ${local.cluster_id}" + policy = data.aws_iam_policy_document.cluster_autoscaler.json +} + +data "aws_iam_policy_document" "cluster_autoscaler" { + statement { + sid = "clusterAutoscalerAll" + effect = "Allow" + + actions = [ + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeTags", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeInstanceTypes", + "eks:DescribeNodegroup", + ] + + resources = ["*"] + } + + statement { + sid = "clusterAutoscalerOwn" + effect = "Allow" + + actions = [ + "autoscaling:SetDesiredCapacity", + "autoscaling:TerminateInstanceInAutoScalingGroup", + "autoscaling:UpdateAutoScalingGroup", + ] + + resources = ["*"] + + condition { + test = "StringEquals" + variable = "autoscaling:ResourceTag/kubernetes.io/cluster/${local.cluster_id}" + values = ["owned"] + } + + condition { + test = "StringEquals" + variable = "autoscaling:ResourceTag/k8s.io/cluster-autoscaler/enabled" + values = ["true"] + } + } +} \ No newline at end of file diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/irsa-externaldns.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/irsa-externaldns.tf new file mode 100644 index 000000000..527d9b9bd --- /dev/null +++ b/bootstrap/terraform/aws-bootstrap-cluster-api/irsa-externaldns.tf @@ -0,0 +1,40 @@ +module "assumable_role_externaldns" { + source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" + version = "3.14.0" + create_role = true + role_name = "${var.cluster_name}-externaldns" + provider_url = replace(local.cluster_oidc_issuer_url, "https://", "") + role_policy_arns = [aws_iam_policy.externaldns.arn] + oidc_fully_qualified_subjects = ["system:serviceaccount:${var.namespace}:${var.externaldns_serviceaccount}"] +} + +resource "aws_iam_policy" "externaldns" { + name_prefix = "externaldns" + description = "externaldns policy for cluster ${local.cluster_id}" + policy = data.aws_iam_policy_document.externaldns.json +} + +data "aws_iam_policy_document" "externaldns" { + statement { + sid = "externaldnsedit" + effect = "Allow" + + actions = [ + "route53:ChangeResourceRecordSets" + ] + + resources = ["arn:aws:route53:::hostedzone/*"] + } + + statement { + sid = "externaldnslist" + effect = "Allow" + + actions = [ + "route53:ListHostedZones", + "route53:ListResourceRecordSets" + ] + + resources = ["*"] + } +} \ No newline at end of file diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/irsa.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/irsa.tf new file mode 100644 index 000000000..33e5d4c9c --- /dev/null +++ b/bootstrap/terraform/aws-bootstrap-cluster-api/irsa.tf @@ -0,0 +1,6 @@ +resource "aws_iam_openid_connect_provider" "oidc_provider" { + count = var.enable_irsa ? 0 : 1 + client_id_list = [local.sts_principal] + thumbprint_list = [var.eks_oidc_root_ca_thumbprint] + url = local.cluster_oidc_issuer_url +} diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/locals.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/locals.tf new file mode 100644 index 000000000..7634fb7f9 --- /dev/null +++ b/bootstrap/terraform/aws-bootstrap-cluster-api/locals.tf @@ -0,0 +1,12 @@ +locals { + sts_principal = "sts.${data.aws_partition.current.dns_suffix}" + create_vpc = var.create_cluster && var.create_vpc ? true : false + private_subnet_ids = var.create_cluster ? module.vpc[0].private_subnets_ids : var.private_subnet_ids + public_subnet_ids = var.create_cluster ? module.vpc[0].public_subnets_ids : var.public_subnet_ids + worker_private_subnet_ids = var.create_cluster ? module.vpc[0].worker_private_subnets_ids : var.worker_private_subnet_ids + vpc_id = var.create_cluster ? module.vpc[0].vpc_id : data.aws_eks_cluster.cluster[0].vpc_config[0].vpc_id + cluster_id = var.create_cluster ? module.cluster[0].cluster_id : data.aws_eks_cluster.cluster[0].id + cluster_config = try(var.create_cluster ? module.cluster[0].config_map_aws_auth : tomap(false), {}) + cluster_oidc_issuer_url = var.create_cluster ? module.cluster[0].cluster_oidc_issuer_url : data.aws_eks_cluster.cluster[0].identity[0].oidc.0.issuer + cluster_endpoint = var.create_cluster ? module.cluster[0].cluster_endpoint : data.aws_eks_cluster.cluster[0].endpoint +} diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/main.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/main.tf index 8a588bcdd..ec6329fd8 100644 --- a/bootstrap/terraform/aws-bootstrap-cluster-api/main.tf +++ b/bootstrap/terraform/aws-bootstrap-cluster-api/main.tf @@ -1,7 +1,158 @@ -provider "aws" { - region = var.aws_region +data "aws_availability_zones" "available" {} + +data "aws_caller_identity" "current" {} + +module "vpc" { + count = var.create_cluster ? 1:0 + + source = "github.com/pluralsh/terraform-aws-vpc?ref=worker_subnet" + name = var.vpc_name + cidr = var.vpc_cidr + azs = data.aws_availability_zones.available.names + public_subnets = var.public_subnets + private_subnets = var.private_subnets + worker_private_subnets = var.worker_private_subnets + enable_dns_hostnames = true + enable_ipv6 = true + create_vpc = local.create_vpc + + database_subnets = var.database_subnets + + enable_nat_gateway = true + single_nat_gateway = false + + public_subnet_tags = { + "kubernetes.io/cluster/${var.cluster_name}" = "shared" + "kubernetes.io/role/elb" = "1" + } + + private_subnet_tags = { + "kubernetes.io/cluster/${var.cluster_name}" = "shared" + "kubernetes.io/role/internal-elb" = "1" + } + + worker_private_subnet_tags = { + "kubernetes.io/cluster/${var.cluster_name}" = "shared" + "kubernetes.io/role/internal-elb" = "1" + } } -data "aws_eks_cluster" "cluster" { - name = var.cluster_name -} \ No newline at end of file +module "cluster" { + count = var.create_cluster ? 1:0 + + source = "github.com/pluralsh/terraform-aws-eks?ref=output-service-cidr" + cluster_name = var.cluster_name + cluster_version = var.kubernetes_version + private_subnets = local.private_subnet_ids + public_subnets = local.public_subnet_ids + worker_private_subnets = local.worker_private_subnet_ids + vpc_id = local.vpc_id + enable_irsa = true + write_kubeconfig = false + create_eks = var.create_cluster + cluster_enabled_log_types = var.cluster_enabled_log_types + cluster_log_retention_in_days = var.cluster_log_retention_in_days + cluster_log_kms_key_id = var.cluster_log_kms_key_id + + node_groups_defaults = {} + + node_groups = {} + + map_users = var.map_users + map_roles = concat(var.map_roles, var.manual_roles) +} + +module "single_az_node_groups" { + count = var.create_cluster ? 1:0 + + source = "github.com/pluralsh/module-library//terraform/eks-node-groups/single-az-node-groups?ref=20e64863ffc5e361045db8e6b81b9d244a55809e" + cluster_name = var.cluster_name + default_iam_role_arn = module.cluster[0].worker_iam_role_arn + tags = {} + node_groups_defaults = var.node_groups_defaults + + node_groups = try(var.create_cluster ? var.single_az_node_groups : tomap(false), {}) + set_desired_size = false + private_subnets = var.create_cluster ? module.vpc[0].worker_private_subnets : [] + + ng_depends_on = [ + local.cluster_config + ] +} + +module "multi_az_node_groups" { + count = var.create_cluster ? 1:0 + + source = "github.com/pluralsh/module-library//terraform/eks-node-groups/multi-az-node-groups?ref=20e64863ffc5e361045db8e6b81b9d244a55809e" + cluster_name = var.cluster_name + default_iam_role_arn = one(module.cluster[*].worker_iam_role_arn) + tags = {} + node_groups_defaults = var.node_groups_defaults + + node_groups = try(var.create_cluster ? var.multi_az_node_groups : tomap(false), {}) + set_desired_size = false + private_subnet_ids = local.worker_private_subnet_ids + + ng_depends_on = [ + local.cluster_config + ] +} + +resource "aws_eks_addon" "vpc_cni" { + count = var.create_cluster ? 1 : 0 + cluster_name = local.cluster_id + addon_name = "vpc-cni" + addon_version = var.vpc_cni_addon_version + resolve_conflicts = "OVERWRITE" + tags = { + "eks_addon" = "vpc-cni" + } + depends_on = [ + module.single_az_node_groups.node_groups, + module.multi_az_node_groups.node_groups, + ] +} + +resource "aws_eks_addon" "core_dns" { + count = var.create_cluster ? 1 : 0 + cluster_name = local.cluster_id + addon_name = "coredns" + addon_version = var.core_dns_addon_version + resolve_conflicts = "OVERWRITE" + tags = { + "eks_addon" = "coredns" + } + depends_on = [ + module.single_az_node_groups.node_groups, + module.multi_az_node_groups.node_groups, + ] +} + +resource "aws_eks_addon" "kube_proxy" { + count = var.create_cluster ? 1 : 0 + cluster_name = local.cluster_id + addon_name = "kube-proxy" + addon_version = var.kube_proxy_addon_version + resolve_conflicts = "OVERWRITE" + tags = { + "eks_addon" = "kube-proxy" + } + depends_on = [ + module.single_az_node_groups.node_groups, + module.multi_az_node_groups.node_groups, + ] +} + +resource "kubernetes_namespace" "bootstrap" { + count = var.create_cluster ? 1:0 + + metadata { + name = "bootstrap" + labels = { + "app.kubernetes.io/managed-by" = "plural" + "app.plural.sh/name" = "bootstrap" + } + } + + depends_on = [ local.cluster_id ] +} diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/output.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/output.tf new file mode 100644 index 000000000..9d0b6d8ac --- /dev/null +++ b/bootstrap/terraform/aws-bootstrap-cluster-api/output.tf @@ -0,0 +1,66 @@ + +output "cluster_name" { + value = local.cluster_id +} + +output "cluster_endpoint" { + value = local.cluster_endpoint +} + +output "cluster_oidc_issuer_url" { + value = local.cluster_oidc_issuer_url +} + +output "cluster_private_subnets" { + value = data.aws_subnet.private_subnets +} + +output "cluster_worker_private_subnets" { + value = data.aws_subnet.worker_private_subnets +} + +output "cluster_public_subnets" { + value = data.aws_subnet.public_subnets +} + +output "cluster_private_subnet_ids" { + value = local.private_subnet_ids +} + +output "cluster_worker_private_subnet_ids" { + value = local.worker_private_subnet_ids +} + +output "cluster_public_subnet_ids" { + value = local.public_subnet_ids +} + +output "worker_role_arn" { + value = var.create_cluster ? module.cluster[0].worker_iam_role_arn : "" +} + +output "node_groups" { + value = try(var.create_cluster ?[for d in merge(module.single_az_node_groups[0].node_groups, module.multi_az_node_groups[0].node_groups): d]: tomap(false), {}) +} + +output "vpc" { + value = try(var.create_cluster ? module.vpc[0] : tomap(false), data.aws_vpc.vpc[0]) +} + +output "vpc_cidr" { + value = var.create_cluster ? module.vpc[0].vpc_cidr_block : data.aws_vpc.vpc[0].cidr_block +} + + +output "cluster" { + value = try(var.create_cluster ? module.cluster[0] : tomap(false), data.aws_eks_cluster.cluster[0]) +} + +output "cluster_service_ipv4_cidr" { + value = var.create_cluster ? module.cluster[0].cluster_service_ipv4_cidr : data.aws_eks_cluster.cluster[0].kubernetes_network_config[0].service_ipv4_cidr +} + +output "capa_iam_role_arn" { + description = "ARN of IAM role that allows access to the Harbor S3 buckets." + value = module.asummable_role_capa.this_iam_role_arn +} \ No newline at end of file diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/s3-vpc-endpoint.tf b/bootstrap/terraform/aws-bootstrap-cluster-api/s3-vpc-endpoint.tf new file mode 100644 index 000000000..2a25a331c --- /dev/null +++ b/bootstrap/terraform/aws-bootstrap-cluster-api/s3-vpc-endpoint.tf @@ -0,0 +1,12 @@ +data "aws_route_table" "worker_private_subnets_route_table" { + count = var.enable_vpc_s3_endpoint && length(local.worker_private_subnet_ids) > 0 ? length(local.worker_private_subnet_ids) : 0 + subnet_id = local.worker_private_subnet_ids[count.index] +} + +resource "aws_vpc_endpoint" "s3" { + count = var.enable_vpc_s3_endpoint && length(local.worker_private_subnet_ids) > 0 ? 1 : 0 + vpc_id = local.vpc_id + service_name = "com.amazonaws.${var.aws_region}.s3" + auto_accept = true + route_table_ids = data.aws_route_table.worker_private_subnets_route_table[*].id +} \ No newline at end of file diff --git a/bootstrap/terraform/aws-bootstrap-cluster-api/terraform.tfvars b/bootstrap/terraform/aws-bootstrap-cluster-api/terraform.tfvars index 95fdccd3c..037036bdf 100644 --- a/bootstrap/terraform/aws-bootstrap-cluster-api/terraform.tfvars +++ b/bootstrap/terraform/aws-bootstrap-cluster-api/terraform.tfvars @@ -1,2 +1,43 @@ +vpc_name = {{ .Values.vpc_name | quote }} +cluster_name = {{ .Cluster | quote }} +{{- if eq .ClusterAPI true }} +create_cluster = false +{{- end }} + +map_roles = [ + { + rolearn = "arn:aws:iam::{{ .Project }}:role/{{ .Cluster }}-console" + username = "console" + groups = ["system:masters"] + } +] + + +{{- if .Values.database_subnets }} +database_subnets = yamldecode(< val if idx != 0} + + kubernetes_cluster_id = one(module.aks[*].aks_id) + + name = each.value.name + priority = each.value.priority + enable_auto_scaling = each.value.enable_auto_scaling + zones = each.value.availability_zones + mode = each.value.mode + orchestrator_version = var.kubernetes_version + node_count = each.value.node_count + min_count = each.value.min_count + max_count = each.value.max_count + spot_max_price = each.value.spot_max_price + eviction_policy = each.value.eviction_policy + vnet_subnet_id = one(module.network[*].vnet_subnets[0]) + vm_size = each.value.vm_size + os_disk_type = each.value.os_disk_type + os_disk_size_gb = each.value.os_disk_size_gb + max_pods = each.value.max_pods + + node_labels = each.value.node_labels + node_taints = each.value.node_taints + tags = merge(each.value.tags, var.tags) +} + +resource "azurerm_role_assignment" "aks-network-identity-ssi" { + scope = var.cluster_api ? one(data.azurerm_virtual_network.vnet[*].id) : one(module.network[*].vnet_id) + role_definition_name = "Network Contributor" + principal_id = var.cluster_api ? one(data.azurerm_kubernetes_cluster.cluster[*].identity[0].principal_id) : one(module.aks[*].system_assigned_identity[0].principal_id) + + depends_on = [data.azurerm_virtual_network.vnet, data.azurerm_kubernetes_cluster.cluster, module.aks, module.network] +} + +resource "azurerm_role_assignment" "aks-managed-identity" { + count = var.cluster_api ? 0 : 1 + + scope = data.azurerm_resource_group.group.id + role_definition_name = "Managed Identity Operator" + principal_id = one(module.aks[*].kubelet_identity[0].object_id) + + depends_on = [module.aks] +} + +resource "azurerm_role_assignment" "aks-network-identity-kubelet" { + count = var.cluster_api ? 0 : 1 + + scope = one(module.network[*].vnet_id) + role_definition_name = "Network Contributor" + principal_id = one(module.aks[*].kubelet_identity[0].object_id) + + depends_on = [module.aks, module.network] +} + +resource "azurerm_role_assignment" "aks-vm-contributor" { + count = var.cluster_api ? 0 : 1 + + scope = data.azurerm_resource_group.group.id + role_definition_name = "Virtual Machine Contributor" + principal_id = one(module.aks[*].kubelet_identity[0].object_id) + + depends_on = [module.aks] +} + +resource "azurerm_role_assignment" "aks-node-managed-identity" { + count = var.cluster_api ? 0 : 1 + + scope = data.azurerm_resource_group.node_group.id + role_definition_name = "Managed Identity Operator" + principal_id = one(module.aks[*].kubelet_identity[0].object_id) + + depends_on = [module.aks] +} + +resource "azurerm_role_assignment" "aks-node-vm-contributor" { + count = var.cluster_api ? 0 : 1 + + scope = data.azurerm_resource_group.node_group.id + role_definition_name = "Virtual Machine Contributor" + principal_id = one(module.aks[*].kubelet_identity[0].object_id) + + depends_on = [module.aks] +} + +resource "azurerm_user_assigned_identity" "capz" { + location = data.azurerm_resource_group.group.location + name = "${var.name}-capz" + resource_group_name = data.azurerm_resource_group.group.name +} + +resource "azurerm_role_assignment" "rg-contributor" { + scope = data.azurerm_resource_group.group.id + role_definition_name = "Contributor" + principal_id = azurerm_user_assigned_identity.capz.principal_id +} + +resource "azurerm_role_assignment" "node-rg-contributor" { + scope = data.azurerm_resource_group.node_group.id + role_definition_name = "Contributor" + principal_id = azurerm_user_assigned_identity.capz.principal_id +} + +resource "azurerm_federated_identity_credential" "capz" { + name = "${var.name}-capz-federated-identity" + resource_group_name = data.azurerm_resource_group.group.name + audience = ["api://AzureADTokenExchange"] + issuer = var.cluster_api ? one(data.azurerm_kubernetes_cluster.cluster[*].oidc_issuer_url) : one(module.aks[*].oidc_issuer_url) + parent_id = azurerm_user_assigned_identity.capz.id + subject = "system:serviceaccount:${var.namespace}:bootstrap-cluster-api-provider-azure" +} + +resource "kubernetes_namespace" "bootstrap" { + count = var.cluster_api ? 0 : 1 + + metadata { + name = var.namespace + + labels = { + "app.kubernetes.io/managed-by" = "plural" + "app.plural.sh/name" = "bootstrap" + } + } + + depends_on = [module.aks.host] +} diff --git a/bootstrap/terraform/azure-bootstrap-cluster-api/moved.tf b/bootstrap/terraform/azure-bootstrap-cluster-api/moved.tf new file mode 100644 index 000000000..09f41d181 --- /dev/null +++ b/bootstrap/terraform/azure-bootstrap-cluster-api/moved.tf @@ -0,0 +1,34 @@ +moved { + from = module.network + to = module.network[0] +} + +moved { + from = module.aks + to = module.aks[0] +} + +moved { + from = azurerm_role_assignment.aks-managed-identity + to = azurerm_role_assignment.aks-managed-identity[0] +} + +moved { + from = azurerm_role_assignment.aks-network-identity-kubelet + to = azurerm_role_assignment.aks-network-identity-kubelet[0] +} + +moved { + from = azurerm_role_assignment.aks-vm-contributor + to = azurerm_role_assignment.aks-vm-contributor[0] +} + +moved { + from = azurerm_role_assignment.aks-node-vm-contributor + to = azurerm_role_assignment.aks-node-vm-contributor[0] +} + +moved { + from = kubernetes_namespace.bootstrap + to = kubernetes_namespace.bootstrap[0] +} diff --git a/bootstrap/terraform/azure-bootstrap-cluster-api/outputs.tf b/bootstrap/terraform/azure-bootstrap-cluster-api/outputs.tf new file mode 100644 index 000000000..efe752e56 --- /dev/null +++ b/bootstrap/terraform/azure-bootstrap-cluster-api/outputs.tf @@ -0,0 +1,33 @@ +output "cluster" { + value = var.cluster_api ? merge(one(data.azurerm_kubernetes_cluster.cluster[*]), { + host=one(data.azurerm_kubernetes_cluster.cluster[*]).kube_config.0.host, + client_certificate=one(data.azurerm_kubernetes_cluster.cluster[*]).kube_config.0.client_certificate, + client_key=one(data.azurerm_kubernetes_cluster.cluster[*]).kube_config.0.client_key, + cluster_ca_certificate=one(data.azurerm_kubernetes_cluster.cluster[*]).kube_config.0.cluster_ca_certificate + }) : one(module.aks[*]) + sensitive = true +} + +output "kubelet_msi_id" { + value = var.cluster_api ? one(data.azurerm_kubernetes_cluster.cluster[*].kubelet_identity.0.client_id) : one(module.aks[*].kubelet_identity[0].client_id) +} + +output "node_resource_group" { + value = data.azurerm_resource_group.node_group.name +} + +output "cluster_name" { + value = var.cluster_api ? one(data.azurerm_kubernetes_cluster.cluster[*].name) : one(module.aks[*].cluster_name) +} + +output "resource_group_name" { + value = data.azurerm_resource_group.group.name +} + +output "network" { + value = var.cluster_api ? one(data.azurerm_virtual_network.vnet[*]) : one(module.network[*]) +} + +output "capz_assigned_identity_client_id" { + value = azurerm_user_assigned_identity.capz.client_id +} diff --git a/bootstrap/terraform/azure-bootstrap-cluster-api/terraform.tfvars b/bootstrap/terraform/azure-bootstrap-cluster-api/terraform.tfvars new file mode 100644 index 000000000..517bf31ae --- /dev/null +++ b/bootstrap/terraform/azure-bootstrap-cluster-api/terraform.tfvars @@ -0,0 +1,31 @@ +{{- $tfOutput := pathJoin repoRoot "bootstrap" "output.yaml" }} +resource_group = {{ .Project | quote }} +name = {{ .Cluster | quote }} +namespace = {{ .Namespace | quote }} +cluster_api = {{ .ClusterAPI }} + +{{- if fileExists $tfOutput }} +{{- $bootstrapOutputs := .Applications.TerraformValues "bootstrap" }} +{{- if and $bootstrapOutputs (not .ClusterAPI) }} + +network_name = {{ $bootstrapOutputs.network.vnet_name | quote }} +subnet_prefixes = yamldecode(<