Skip to content

Instantly share code, notes, and snippets.

@jayunit100

jayunit100/gist:f27beae5526bc1a66f67018c1e9b0982

Created July 15, 2021 00:32
Show Gist options
  • Save jayunit100/f27beae5526bc1a66f67018c1e9b0982 to your computer and use it in GitHub Desktop.
Save jayunit100/f27beae5526bc1a66f67018c1e9b0982 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
From 086b92c5f1b49fa69c576d5302beb111f68af7a1 Mon Sep 17 00:00:00 2001
From: hxie <[email protected]>
Date: Fri, 9 Jul 2021 14:49:59 -0700
Subject: [PATCH 1/7] Update windows ytt for antrea
---
.../v0.7.6/ytt/overlay.yaml | 102 +++++++++---------
1 file changed, 50 insertions(+), 52 deletions(-)
diff --git a/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.6/ytt/overlay.yaml b/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.6/ytt/overlay.yaml
index faad43c8..1005bdc6 100644
--- a/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.6/ytt/overlay.yaml
+++ b/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.6/ytt/overlay.yaml
@@ -246,23 +246,40 @@ spec:
files:
- path: 'C:\Temp\antrea.ps1'
content: |
+ function WaitForSaToken($KubeCfgFile, $ServiceAcctName) {
+ $SaToken = $null
+ $LoopCount = 400
+ do {
+ $LoopCount = $LoopCount - 1
+ if ($LoopCount -eq 0) {
+ break
+ }
+ sleep 5
+ $SaToken=$(kubectl --kubeconfig=$KubeCfgFile get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='$ServiceAcctName')].data.token}")
+ } while ($SaToken -eq $null)
+ return $SaToken
+ }
+
+ $TempFolder = 'C:\programdata\temp'
+ $AntreaInTempFolder = "$TempFolder\antrea-windows-advanced.zip"
+ $KubeproxyInTempFolder = "$TempFolder\kube-proxy.exe"
+
# Create Folders
- $folders = @('C:\k\antrea','C:\var\log\antrea','C:\k\antrea\bin', 'C:\var\log\kube-proxy', 'C:\opt\cni\bin', 'C:\etc\cni\net.d')
+ $folders = @('C:\k\antrea', 'C:\var\log\antrea', 'C:\k\antrea\bin', 'C:\var\log\kube-proxy', 'C:\opt\cni\bin', 'C:\etc\cni\net.d')
foreach ($f in $folders) {
New-Item -ItemType Directory -Force -Path $f
}
# Add Windows Defender Options
- $avexceptions = @('c:\program files\containerd\ctr.exe', 'c:\program files\containerd\containerd.exe' )
+ $avexceptions = @('C:\program files\containerd\ctr.exe', 'C:\program files\containerd\containerd.exe')
foreach ($e in $avexceptions) {
Add-MpPreference -ExclusionProcess $e
}
- # Install Antreaa
+ # Extract Antrea, Antrea binary should be packed into windows OVA already
$antreaZipFile = 'C:\k\antrea\antrea-windows-advanced.zip'
if (!(Test-Path $antreaZipFile)) {
- $officialAntreaBinary = "http://build-squid.eng.vmware.com/build/mts/release/bora-18056847/publish/windows-advanced/antrea-windows-advanced.zip"
- curl.exe -sLo $antreaZipFile $officialAntreaBinary
+ cp $AntreaInTempFolder $antreaZipFile
}
Expand-Archive -Force -Path $antreaZipFile -DestinationPath C:\k\antrea
cp C:\k\antrea\bin\antrea-cni.exe C:\opt\cni\bin\antrea.exe -Force
@@ -278,69 +295,50 @@ spec:
}
).IPv4Address.IPAddress
$file = 'C:\var\lib\kubelet\kubeadm-flags.env'
- $newstr="--node-ip=" + $env:HostIP
+ $newstr = "--node-ip=" + $env:HostIP
$raw = Get-Content -Path $file -TotalCount 1
$raw = $raw -replace ".$"
$new = "$($raw) $($newstr)`""
Set-Content $file $new
- $KubeConfigFile='C:\etc\kubernetes\kubelet.conf'
+ $KubeConfigFile = 'C:\etc\kubernetes\kubelet.conf'
+
+ # Wait for antrea-agent token to be ready, the token will be used by Install-AntreaAgent
+ $AntreaAgentToken = (WaitForSaToken $KubeConfigFile 'antrea-agent')
# Setup kubo-proxy config file
- $KubeProxyConfig="C:\k\antrea\etc\kube-proxy.conf"
- $KubeAPIServer=$(kubectl --kubeconfig=$KubeConfigFile config view -o jsonpath='{.clusters[0].cluster.server}')
- $KubeProxyTOKEN=$(kubectl --kubeconfig=$KubeConfigFile get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='kube-proxy-windows')].data.token}")
- $KubeProxyTOKEN=$([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($KubeProxyTOKEN)))
+ $KubeProxyToken = (WaitForSaToken $KubeConfigFile 'kube-proxy-windows')
+ $KubeProxyConfig = 'C:\k\antrea\etc\kube-proxy.conf'
+ $KubeAPIServer = $(kubectl --kubeconfig=$KubeConfigFile config view -o jsonpath='{.clusters[0].cluster.server}')
+ $KubeProxyToken = $([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($KubeProxyToken)))
kubectl config --kubeconfig=$KubeProxyConfig set-cluster kubernetes --server=$KubeAPIServer --insecure-skip-tls-verify
- kubectl config --kubeconfig=$KubeProxyConfig set-credentials kube-proxy-windows --token=$KubeProxyTOKEN
+ kubectl config --kubeconfig=$KubeProxyConfig set-credentials kube-proxy-windows --token=$KubeProxyToken
kubectl config --kubeconfig=$KubeProxyConfig set-context kube-proxy-windows@kubernetes --cluster=kubernetes --user=kube-proxy-windows
kubectl config --kubeconfig=$KubeProxyConfig use-context kube-proxy-windows@kubernetes
- # Wait for antrea-agent token to be ready
- $AntreaToken=$null
- $LoopCount=1000
- do {
- $LoopCount=$LoopCount-1
- if ($LoopCount -eq 0) {
- break
- }
- sleep 2
- $AntreaToken=$(kubectl --kubeconfig=$KubeConfigFile get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='antrea-agent')].data.token}")
- } while ($AntreaToken -eq $null)
-
- # Download kube-proxy in advance to avoid download failure in Install-AntreaAgent.
- # This is only a workaround because we don't have kube-proxy.exe packed into Windows
- # OVA, Install-AntreaAgent will check whether the file exists, if not, it will curl
- # a new one, but there maybe something wrong in that function, curl may fail to get
- # kube-proxy.exe, to avoid the failure case, we download it here. Another thing,
- # kube-proxy.exe of version v1.21.0 is not working, please see:
- # https://github.com/kubernetes/kubernetes/issues/101500
- # we have to use v1.21.1 instead although version of our Kubernetes is v1.21.0.
- if (Test-Path "C:/k/kube-proxy.exe") {
- # Delete v1.21.0 if it exists.
- $KubeProxyVer = $(C:/k/kube-proxy.exe --version)
- if ($KubeProxyVer.startswith('Kubernetes v1.21.0')) {
- rm -Force C:/k/kube-proxy.exe
- }
- }
- if (!(Test-Path "C:/k/kube-proxy.exe")) {
- curl.exe -sLo C:/k/kube-proxy.exe https://dl.k8s.io/v1.21.1/bin/windows/amd64/kube-proxy.exe --ssl-no-revoke
+ # kube-proxy.exe should be packed into windows OVA
+ if (!(Test-Path 'C:\k\kube-proxy.exe')) {
+ cp $KubeproxyInTempFolder 'C:\k\kube-proxy.exe'
}
# Install antrea-agent & ovs
- Import-Module c:/k/antrea/helper.psm1
- & Install-AntreaAgent -KubernetesVersion "v1.21.1" -KubernetesHome "c:/k" -KubeConfig "C:/etc/kubernetes/kubelet.conf" -AntreaVersion "v0.13.3" -AntreaHome "c:/k/antrea"
+ # TODO:
+ # Install-AntreaAgent it too heavy, since Kubernetes and Antrea binaries have already been pre-installed, we don't
+ # depend on Install-AntreaAgent to downloading them, KubernetesVersion and AntreaVersion are not used anymore, will
+ # refine the invoke of Install-AntreaAgent in the future.
+ Import-Module C:\k\antrea\helper.psm1
+ & Install-AntreaAgent -KubernetesVersion "v1.21.1" -KubernetesHome "C:\k" -KubeConfig "C:\etc\kubernetes\kubelet.conf" -AntreaVersion "0.13.3" -AntreaHome "C:\k\antrea"
New-KubeProxyServiceInterface
- & c:/k/antrea/Install-OVS.ps1 -ImportCertificate $false -LocalFile c:/k/antrea/ovs-win64.zip
+ & C:\k\antrea\Install-OVS.ps1 -ImportCertificate $false -LocalFile C:\k\antrea\ovs-win64.zip
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
# Setup Services
$nssm = (Get-Command nssm).Source
- & $nssm set Kubelet start SERVICE_AUTO_START
- & nssm install kube-proxy "c:/k/kube-proxy.exe" "--proxy-mode=userspace --kubeconfig=$KubeProxyConfig --log-dir=c:/var/log/kube-proxy --logtostderr=false --alsologtostderr"
- & nssm install antrea-agent "c:/k/antrea/bin/antrea-agent.exe" "--config=c:/k/antrea/etc/antrea-agent.conf --logtostderr=false --log_dir=c:/var/log/antrea --alsologtostderr --log_file_max_size=100 --log_file_max_num=4"
- & nssm set antrea-agent DependOnService kube-proxy ovs-vswitchd
- & nssm set antrea-agent Start SERVICE_DELAYED_START
+ & $nssm set kubelet start SERVICE_AUTO_START
+ & $nssm install kube-proxy "C:\k\kube-proxy.exe" "--proxy-mode=userspace --kubeconfig=$KubeProxyConfig --log-dir=C:\var\log\kube-proxy --logtostderr=false --alsologtostderr"
+ & $nssm install antrea-agent "C:\k\antrea\bin\antrea-agent.exe" "--config=C:\k\antrea\etc\antrea-agent.conf --logtostderr=false --log_dir=C:\var\log\antrea --alsologtostderr --log_file_max_size=100 --log_file_max_num=4"
+ & $nssm set antrea-agent DependOnService kube-proxy ovs-vswitchd
+ & $nssm set antrea-agent Start SERVICE_AUTO_START
# Start Services
start-service kubelet
@@ -1998,7 +1996,7 @@ data:
annotations: {}
labels:
app: antrea
- name: antrea-config-md64tc85t9
+ name: antrea-config-ctb8mftc58
namespace: kube-system
---
apiVersion: v1
@@ -2117,7 +2115,7 @@ data:
key: node-role.kubernetes.io/master
volumes:
- configMap:
- name: antrea-config-md64tc85t9
+ name: antrea-config-ctb8mftc58
name: antrea-config
- name: antrea-controller-tls
secret:
@@ -2378,7 +2376,7 @@ data:
operator: Exists
volumes:
- configMap:
- name: antrea-config-md64tc85t9
+ name: antrea-config-ctb8mftc58
name: antrea-config
- hostPath:
path: /etc/cni/net.d
From 66144b064824af32f7979be681418ca874c981c1 Mon Sep 17 00:00:00 2001
From: hxie <[email protected]>
Date: Mon, 12 Jul 2021 08:53:37 -0700
Subject: [PATCH 2/7] Update bom version
---
.../tkgconfigpaths/zz_bundled_default_bom_files_configdata.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pkg/v1/tkg/tkgconfigpaths/zz_bundled_default_bom_files_configdata.go b/pkg/v1/tkg/tkgconfigpaths/zz_bundled_default_bom_files_configdata.go
index c34170ba..2705c517 100644
--- a/pkg/v1/tkg/tkgconfigpaths/zz_bundled_default_bom_files_configdata.go
+++ b/pkg/v1/tkg/tkgconfigpaths/zz_bundled_default_bom_files_configdata.go
@@ -12,5 +12,5 @@ package tkgconfigpaths
var (
TKGDefaultImageRepo string = "projects-stg.registry.vmware.com/tkg"
TKGDefaultCompatibilityImagePath string = "v1.4.0-zshippable/tkg-compatibility"
- TKGManagementClusterPluginVersion string = "v1.4.0-pre-alpha-1"
+ TKGManagementClusterPluginVersion string = "v1.4.0-pre-alpha-2"
)
From 5a08249e67a98135e9d4fb39b4c3942857b76f2b Mon Sep 17 00:00:00 2001
From: Sai Bandi <[email protected]>
Date: Mon, 12 Jul 2021 22:21:12 -0700
Subject: [PATCH 3/7] Fix clustergen tests (#158)
---
.../tests/clustergen/gen_duplicate_bom_azure.py | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/pkg/v1/providers/tests/clustergen/gen_duplicate_bom_azure.py b/pkg/v1/providers/tests/clustergen/gen_duplicate_bom_azure.py
index 6fd1d28a..40274bca 100755
--- a/pkg/v1/providers/tests/clustergen/gen_duplicate_bom_azure.py
+++ b/pkg/v1/providers/tests/clustergen/gen_duplicate_bom_azure.py
@@ -27,19 +27,15 @@
def get_bom_dir():
return os.path.join(sys.argv[1], "bom")
-def get_bom_filename(k8sVersion):
+def get_default_tkr_bom():
bomDir = get_bom_dir()
for bomFile in os.listdir(bomDir):
- bomFilePath = os.path.join(bomDir, bomFile)
- with open(bomFilePath) as file:
- bom = yaml.safe_load(file)
- if(bom["release"]["version"] == k8sVersion):
- return bomFile
+ if(bomFile.startswith("tkr-bom")):
+ return bomFile
return None
def main():
- k8sVersion = "v1.21.1+vmware.4-tkg.1-zshippable"
- bomFile = get_bom_filename(k8sVersion)
+ bomFile = get_default_tkr_bom()
bomDir = get_bom_dir()
bomFilePath = os.path.join(bomDir, bomFile)
with open(bomFilePath) as file:
From e4d24c973d7609042d3d5139ec8bf3cde018a487 Mon Sep 17 00:00:00 2001
From: Anuj Chaudhari <[email protected]>
Date: Mon, 12 Jul 2021 22:35:04 -0700
Subject: [PATCH 4/7] Remove checksum and bindata references and validation
from Makefile (#157)
---
.github/workflows/providers.yaml | 4 ----
Makefile | 5 -----
hack/verify-dirty.sh | 15 ---------------
pkg/v1/providers/Makefile | 12 +-----------
4 files changed, 1 insertion(+), 35 deletions(-)
diff --git a/.github/workflows/providers.yaml b/.github/workflows/providers.yaml
index 0c8e8195..4a25b00d 100644
--- a/.github/workflows/providers.yaml
+++ b/.github/workflows/providers.yaml
@@ -35,10 +35,6 @@ jobs:
run: |
git config --global url."https://git:[email protected]".insteadOf "https://github.com"
- - name: Basic checks
- run: |
- make providers
-
- name: Extract PR Info
shell: bash
run: |
diff --git a/Makefile b/Makefile
index c591026c..dd821a2a 100644
--- a/Makefile
+++ b/Makefile
@@ -454,11 +454,6 @@ generate-ui-swagger-api: ## Generate swagger files for UI backend
## Provider templates/overlays
## --------------------------------------
-.PHONY: providers
-providers: $(GOBINDATA)
- make -C pkg/v1/providers -f Makefile ci
- $(MAKE) fmt
-
.PHONY: clustergen
clustergen:
CLUSTERGEN_BASE=${CLUSTERGEN_BASE} make -C pkg/v1/providers -f Makefile cluster-generation-diffs
diff --git a/hack/verify-dirty.sh b/hack/verify-dirty.sh
index aa139230..141a0b04 100755
--- a/hack/verify-dirty.sh
+++ b/hack/verify-dirty.sh
@@ -32,18 +32,3 @@ if ! (git diff --quiet HEAD -- .); then
else
echo "OK"
fi
-
-echo
-echo "#############################"
-echo "Verify make providers..."
-echo "#############################"
-make providers > /dev/null
-if ! (git diff --quiet HEAD -- .); then
- git diff --stat
- echo "FAIL"
- echo "'make providers' detected changes to provider files but checksum/bindata have not been updated."
- echo "Please verify if provider changes are intended and commit the generated files if so."
- exit 1
-else
- echo "OK"
-fi
diff --git a/pkg/v1/providers/Makefile b/pkg/v1/providers/Makefile
index e1e0ba04..c45b6f90 100644
--- a/pkg/v1/providers/Makefile
+++ b/pkg/v1/providers/Makefile
@@ -35,17 +35,7 @@ help: ## Display this help
verify-build: ## verify-build verifies the changes with generated files
-all: lint checksum verify ## run all target
-
-ci: checksum verify ## run ci target
-
-.PHONY: checksum
-checksum: ## Generate checksum of provider files
- find . -type f | grep -v ${FILES_TO_IGNORE} | sort | xargs shasum -a 256 | shasum -a 256 | cut -d" " -f1 > providers.sha256sum
-
-.PHONY: verify
-verify: ## verify that checksum and generated bindata file match
- git diff --exit-code providers.sha256sum client/manifest/zz_generated.bindata.go || (echo "Run make vendir-sync and ensure diff is added to your changeset")
+all: lint ## run all target
.PHONY: build-cli ## build tkg cli with existing provider changes
build-cli:
From 3b953eb40b9ac7af69416df014a41095978e4e36 Mon Sep 17 00:00:00 2001
From: Tyler Schultz <[email protected]>
Date: Mon, 12 Jul 2021 22:45:28 -0700
Subject: [PATCH 5/7] Pinniped post-deploy job is IPv6 compatible (#149)
- if the pinniped-suptervisor Service endpoint is ipv6, ensure that the
host is surrounded by brackets.
Signed-off-by: Tyler Schultz <[email protected]>
---
addons/pinniped/post-deploy/pkg/inspect/inspect.go | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/addons/pinniped/post-deploy/pkg/inspect/inspect.go b/addons/pinniped/post-deploy/pkg/inspect/inspect.go
index 76cb833f..a19a2ac6 100644
--- a/addons/pinniped/post-deploy/pkg/inspect/inspect.go
+++ b/addons/pinniped/post-deploy/pkg/inspect/inspect.go
@@ -7,6 +7,7 @@ package inspect
import (
"context"
"fmt"
+ "net"
"net/url"
"time"
@@ -180,7 +181,7 @@ func (i *Inspector) GetServiceEndpoint(namespace, name string) (string, error) {
zap.S().Error(err)
return "", err
}
- serviceEndpoint = fmt.Sprintf("%s://%s:%d", "https", host, service.Spec.Ports[0].NodePort)
+ serviceEndpoint = fmt.Sprintf("https://%s", net.JoinHostPort(host, fmt.Sprint(service.Spec.Ports[0].NodePort)))
} else if service.Spec.Type == corev1.ServiceTypeLoadBalancer {
hostname := service.Status.LoadBalancer.Ingress[0].Hostname
ip := service.Status.LoadBalancer.Ingress[0].IP
@@ -191,7 +192,7 @@ func (i *Inspector) GetServiceEndpoint(namespace, name string) (string, error) {
// on gce or openstack it usually is set to be IP
host = ip
}
- serviceEndpoint = fmt.Sprintf("%s://%s:%d", "https", host, service.Spec.Ports[0].Port)
+ serviceEndpoint = fmt.Sprintf("https://%s", net.JoinHostPort(host, fmt.Sprint(service.Spec.Ports[0].Port)))
}
// TODO: file a JIRA to track the issue being discussed under https://vmware.slack.com/archives/G01HFK90QE8/p1610051838070300?thread_ts=1610051580.069400&cid=G01HFK90QE8
serviceEndpoint = utils.RemoveDefaultTLSPort(serviceEndpoint)
From 3bc0f96f3c1dabdc533a1ac8bb3726052195bb38 Mon Sep 17 00:00:00 2001
From: Peri Thompson <[email protected]>
Date: Mon, 12 Jul 2021 17:14:37 +0100
Subject: [PATCH 6/7] Added metric-server tolerations with windows
---
pkg/v1/providers/providers.sha256sum | 1 +
.../ytt/02_addons/metrics-server/metrics_server_secret.yaml | 5 +++++
2 files changed, 6 insertions(+)
create mode 100644 pkg/v1/providers/providers.sha256sum
diff --git a/pkg/v1/providers/providers.sha256sum b/pkg/v1/providers/providers.sha256sum
new file mode 100644
index 00000000..23df36bd
--- /dev/null
+++ b/pkg/v1/providers/providers.sha256sum
@@ -0,0 +1 @@
+4c734180264195e22c59e938fe558a66aa3bf80c8fe151d5a401dc431488aa1d
diff --git a/pkg/v1/providers/ytt/02_addons/metrics-server/metrics_server_secret.yaml b/pkg/v1/providers/ytt/02_addons/metrics-server/metrics_server_secret.yaml
index a33e8ecf..e0ded34d 100644
--- a/pkg/v1/providers/ytt/02_addons/metrics-server/metrics_server_secret.yaml
+++ b/pkg/v1/providers/ytt/02_addons/metrics-server/metrics_server_secret.yaml
@@ -15,6 +15,11 @@ metricsServer:
periodSeconds: 10
apiServiceInsecureTLS: true
#@ if data.values.TKG_CLUSTER_ROLE == "workload": #! For backwards compatibility. i.e. C.1 mgmt cluster creates a C.0 wlc with older addon templates.
+#@ if data.values.INFRASTRUCTURE_PROVIDER == "windows-vsphere": #! For Windows we need to allow the metric-server to run on the control plane nodes
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+#@ end
image:
name: #@ metricsServerImage.imagePath
tag: #@ metricsServerImage.tag
From bc64e1b46aba8f8455c22a482f48e201917897df Mon Sep 17 00:00:00 2001
From: Wenli Wei <[email protected]>
Date: Mon, 12 Jul 2021 09:50:59 +0800
Subject: [PATCH 7/7] bump windows-vsphere to capv v0.7.8 following vsphere
provider
---
pkg/v1/providers/config.yaml | 2 +-
.../cluster-template-definition-dev.yaml | 2 +-
.../cluster-template-definition-prod.yaml | 2 +-
.../infrastructure-components.yaml | 234 +++++++++++++++++-
.../{v0.7.6 => v0.7.8}/ytt/base-template.yaml | 19 +-
.../{v0.7.6 => v0.7.8}/ytt/overlay.yaml | 107 ++++----
6 files changed, 309 insertions(+), 57 deletions(-)
rename pkg/v1/providers/infrastructure-windows-vsphere/{v0.7.6 => v0.7.8}/cluster-template-definition-dev.yaml (80%)
rename pkg/v1/providers/infrastructure-windows-vsphere/{v0.7.6 => v0.7.8}/cluster-template-definition-prod.yaml (80%)
rename pkg/v1/providers/infrastructure-windows-vsphere/{v0.7.6 => v0.7.8}/infrastructure-components.yaml (93%)
rename pkg/v1/providers/infrastructure-windows-vsphere/{v0.7.6 => v0.7.8}/ytt/base-template.yaml (95%)
rename pkg/v1/providers/infrastructure-windows-vsphere/{v0.7.6 => v0.7.8}/ytt/overlay.yaml (97%)
diff --git a/pkg/v1/providers/config.yaml b/pkg/v1/providers/config.yaml
index ef36c7f1..253dcd98 100644
--- a/pkg/v1/providers/config.yaml
+++ b/pkg/v1/providers/config.yaml
@@ -9,7 +9,7 @@ providers:
url: providers/infrastructure-vsphere/v0.7.8/infrastructure-components.yaml
type: InfrastructureProvider
- name: windows-vsphere
- url: providers/infrastructure-windows-vsphere/v0.7.6/infrastructure-components.yaml
+ url: providers/infrastructure-windows-vsphere/v0.7.8/infrastructure-components.yaml
type: InfrastructureProvider
- name: azure
url: providers/infrastructure-azure/v0.4.15/infrastructure-components.yaml
diff --git a/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.6/cluster-template-definition-dev.yaml b/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.8/cluster-template-definition-dev.yaml
similarity index 80%
rename from pkg/v1/providers/infrastructure-windows-vsphere/v0.7.6/cluster-template-definition-dev.yaml
rename to pkg/v1/providers/infrastructure-windows-vsphere/v0.7.8/cluster-template-definition-dev.yaml
index 1f63f44b..61a1cf79 100644
--- a/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.6/cluster-template-definition-dev.yaml
+++ b/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.8/cluster-template-definition-dev.yaml
@@ -2,7 +2,7 @@ apiVersion: providers.tanzu.vmware.com/v1alpha1
kind: TemplateDefinition
spec:
paths:
- - path: providers/infrastructure-windows-vsphere/v0.7.6/ytt
+ - path: providers/infrastructure-windows-vsphere/v0.7.8/ytt
- path: providers/infrastructure-windows-vsphere/ytt
- path: providers/ytt
- path: bom
diff --git a/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.6/cluster-template-definition-prod.yaml b/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.8/cluster-template-definition-prod.yaml
similarity index 80%
rename from pkg/v1/providers/infrastructure-windows-vsphere/v0.7.6/cluster-template-definition-prod.yaml
rename to pkg/v1/providers/infrastructure-windows-vsphere/v0.7.8/cluster-template-definition-prod.yaml
index 1f63f44b..61a1cf79 100644
--- a/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.6/cluster-template-definition-prod.yaml
+++ b/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.8/cluster-template-definition-prod.yaml
@@ -2,7 +2,7 @@ apiVersion: providers.tanzu.vmware.com/v1alpha1
kind: TemplateDefinition
spec:
paths:
- - path: providers/infrastructure-windows-vsphere/v0.7.6/ytt
+ - path: providers/infrastructure-windows-vsphere/v0.7.8/ytt
- path: providers/infrastructure-windows-vsphere/ytt
- path: providers/ytt
- path: bom
diff --git a/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.6/infrastructure-components.yaml b/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.8/infrastructure-components.yaml
similarity index 93%
rename from pkg/v1/providers/infrastructure-windows-vsphere/v0.7.6/infrastructure-components.yaml
rename to pkg/v1/providers/infrastructure-windows-vsphere/v0.7.8/infrastructure-components.yaml
index 0527a215..e6a0f94d 100644
--- a/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.6/infrastructure-components.yaml
+++ b/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.8/infrastructure-components.yaml
@@ -271,6 +271,10 @@ spec:
create a linked clone. This field is ignored if LinkedClone
is not enabled. Defaults to the source's current snapshot.
type: string
+ storagePolicyName:
+ description: StoragePolicyName of the storage policy to use with
+ this Virtual Machine
+ type: string
template:
description: Template is the name or inventory path of the template
used to clone the virtual machine.
@@ -320,6 +324,165 @@ status:
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.9
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-windows-vsphere
+ cluster.x-k8s.io/v1alpha3: v1alpha3
+ name: vsphereclusteridentities.infrastructure.cluster.x-k8s.io
+spec:
+ group: infrastructure.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: VSphereClusterIdentity
+ listKind: VSphereClusterIdentityList
+ plural: vsphereclusteridentities
+ singular: vsphereclusteridentity
+ scope: Cluster
+ versions:
+ - name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: VSphereClusterIdentity defines the account to be used for reconciling
+ clusters
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ allowedNamespaces:
+ description: AllowedNamespaces is used to identify which namespaces
+ are allowed to use this account. Namespaces can be selected with
+ a label selector. If this object is nil, no namespaces will be allowed
+ properties:
+ selector:
+ description: Selector is a standard Kubernetes LabelSelector.
+ A label query over a set of resources.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A
+ single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is "key",
+ the operator is "In", and the values array contains only
+ "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: object
+ secretName:
+ description: SecretName references a Secret inside the controller
+ namespace with the credentials to use
+ minLength: 1
+ type: string
+ type: object
+ status:
+ properties:
+ conditions:
+ description: Conditions defines current service state of the VSphereCluster.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ ready:
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: capi-webhook-system/capv-serving-cert
@@ -814,6 +977,25 @@ spec:
- host
- port
type: object
+ identityRef:
+ description: IdentityRef is a reference to either a Secret or VSphereClusterIdentity
+ that contains the identity to use when reconciling the cluster.
+ properties:
+ kind:
+ description: Kind of the identity. Can either be VSphereClusterIdentity
+ or Secret
+ enum:
+ - VSphereClusterIdentity
+ - Secret
+ type: string
+ name:
+ description: Name of the identity.
+ minLength: 1
+ type: string
+ required:
+ - kind
+ - name
+ type: object
insecure:
description: 'Insecure is a flag that controls whether or not to validate
the vSphere server''s certificate. DEPRECATED: will be removed in
@@ -1460,6 +1642,10 @@ spec:
a linked clone. This field is ignored if LinkedClone is not enabled.
Defaults to the source's current snapshot.
type: string
+ storagePolicyName:
+ description: StoragePolicyName of the storage policy to use with this
+ Virtual Machine
+ type: string
template:
description: Template is the name or inventory path of the template
used to clone the virtual machine.
@@ -2204,6 +2390,10 @@ spec:
to create a linked clone. This field is ignored if LinkedClone
is not enabled. Defaults to the source's current snapshot.
type: string
+ storagePolicyName:
+ description: StoragePolicyName of the storage policy to use
+ with this Virtual Machine
+ type: string
template:
description: Template is the name or inventory path of the
template used to clone the virtual machine.
@@ -2524,6 +2714,10 @@ spec:
a linked clone. This field is ignored if LinkedClone is not enabled.
Defaults to the source's current snapshot.
type: string
+ storagePolicyName:
+ description: StoragePolicyName of the storage policy to use with this
+ Virtual Machine
+ type: string
template:
description: Template is the name or inventory path of the template
used to clone the virtual machine.
@@ -2743,6 +2937,14 @@ rules:
- get
- list
- watch
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
- apiGroups:
- ""
resources:
@@ -2753,6 +2955,7 @@ rules:
- get
- list
- patch
+ - update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
@@ -2774,6 +2977,26 @@ rules:
- get
- patch
- update
+- apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - vsphereclusteridentities
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - vsphereclusteridentities/status
+ verbs:
+ - get
+ - patch
+ - update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
@@ -2984,7 +3207,7 @@ spec:
- --metrics-addr=127.0.0.1:8080
- --webhook-port=9443
- --enable-leader-election=false
- image: registry.tkg.vmware.run/cluster-api/cluster-api-vsphere-controller:v0.7.6_vmware.1
+ image: registry.tkg.vmware.run/cluster-api/cluster-api-vsphere-controller:v0.7.8_vmware.1
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -3049,13 +3272,20 @@ spec:
name: https
- args:
- --metrics-addr=127.0.0.1:8080
- image: registry.tkg.vmware.run/cluster-api/cluster-api-vsphere-controller:v0.7.6_vmware.1
+ image: registry.tkg.vmware.run/cluster-api/cluster-api-vsphere-controller:v0.7.8_vmware.1
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
+ env:
+ - name: HTTP_PROXY
+ value: ${TKG_HTTP_PROXY}
+ - name: HTTPS_PROXY
+ value: ${TKG_HTTPS_PROXY}
+ - name: NO_PROXY
+ value: ${TKG_NO_PROXY}
ports:
- containerPort: 9440
name: healthz
diff --git a/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.6/ytt/base-template.yaml b/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.8/ytt/base-template.yaml
similarity index 95%
rename from pkg/v1/providers/infrastructure-windows-vsphere/v0.7.6/ytt/base-template.yaml
rename to pkg/v1/providers/infrastructure-windows-vsphere/v0.7.8/ytt/base-template.yaml
index 1e334407..ffb389fc 100644
--- a/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.6/ytt/base-template.yaml
+++ b/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.8/ytt/base-template.yaml
@@ -32,6 +32,9 @@ spec:
controlPlaneEndpoint:
host: '${ VSPHERE_CONTROL_PLANE_ENDPOINT }'
port: 6443
+ identityRef:
+ kind: Secret
+ name: '${ CLUSTER_NAME }'
thumbprint: '${ VSPHERE_TLS_THUMBPRINT }'
server: '${ VSPHERE_SERVER }'
---
@@ -46,6 +49,7 @@ spec:
cloneMode: '${ VSPHERE_CLONE_MODE }'
datacenter: '${ VSPHERE_DATACENTER }'
datastore: '${ VSPHERE_DATASTORE }'
+ storagePolicyName: '${ VSPHERE_STORAGE_POLICY_ID }'
diskGiB: ${VSPHERE_CONTROL_PLANE_DISK_GIB}
folder: '${ VSPHERE_FOLDER }'
memoryMiB: ${VSPHERE_CONTROL_PLANE_MEM_MIB}
@@ -69,6 +73,7 @@ spec:
cloneMode: '${ VSPHERE_CLONE_MODE }'
datacenter: '${ VSPHERE_DATACENTER }'
datastore: '${ VSPHERE_DATASTORE }'
+ storagePolicyName: '${ VSPHERE_STORAGE_POLICY_ID }'
diskGiB: ${VSPHERE_WORKER_DISK_GIB}
folder: '${ VSPHERE_FOLDER }'
memoryMiB: ${VSPHERE_WORKER_MEM_MIB}
@@ -79,7 +84,7 @@ spec:
numCPUs: ${ VSPHERE_WORKER_NUM_CPUS }
resourcePool: '${ VSPHERE_RESOURCE_POOL }'
server: '${ VSPHERE_SERVER }'
- template: windows-2019-kube-v1.19.1-containerd
+ template: '${ VSPHERE_WINDOWS_TEMPLATE }'
---
apiVersion: controlplane.cluster.x-k8s.io/v1alpha3
kind: KubeadmControlPlane
@@ -253,5 +258,13 @@ spec:
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: VSphereMachineTemplate
name: '${ CLUSTER_NAME }-windows-containerd'
- version: v1.19.1
-
+ version: '${ KUBERNETES_VERSION }'
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: '${ CLUSTER_NAME }'
+ namespace: '${ NAMESPACE }'
+stringData:
+ username: '${ VSPHERE_USERNAME }'
+ password: '${ VSPHERE_PASSWORD }'
diff --git a/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.6/ytt/overlay.yaml b/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.8/ytt/overlay.yaml
similarity index 97%
rename from pkg/v1/providers/infrastructure-windows-vsphere/v0.7.6/ytt/overlay.yaml
rename to pkg/v1/providers/infrastructure-windows-vsphere/v0.7.8/ytt/overlay.yaml
index 1005bdc6..37bbfa98 100644
--- a/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.6/ytt/overlay.yaml
+++ b/pkg/v1/providers/infrastructure-windows-vsphere/v0.7.8/ytt/overlay.yaml
@@ -1,6 +1,6 @@
#@ load("@ytt:overlay", "overlay")
#@ load("@ytt:data", "data")
-#@ load("lib/helpers.star", "get_bom_data_for_tkr_name", "get_default_tkg_bom_data", "kubeadm_image_repo", "tkg_image_repo", "get_vsphere_thumbprint")
+#@ load("lib/helpers.star", "get_bom_data_for_tkr_name", "get_default_tkg_bom_data", "kubeadm_image_repo", "get_image_repo_for_component", "get_vsphere_thumbprint")
#@ load("lib/validate.star", "validate_configuration")
#@ load("@ytt:yaml", "yaml")
#@ validate_configuration("vsphere")
@@ -36,7 +36,7 @@ spec:
value: "10"
- name: vip_retryperiod
value: "2"
- image: #@ "{}/{}:{}".format(tkg_image_repo(), bomData.components["kube-vip"][0].images.kubeVipImage.imagePath, bomData.components["kube-vip"][0].images.kubeVipImage.tag)
+ image: #@ "{}/{}:{}".format(get_image_repo_for_component(bomData.components["kube-vip"][0].images.kubeVipImage), bomData.components["kube-vip"][0].images.kubeVipImage.imagePath, bomData.components["kube-vip"][0].images.kubeVipImage.tag)
imagePullPolicy: IfNotPresent
name: kube-vip
resources: {}
@@ -63,6 +63,11 @@ apiVersion: cluster.x-k8s.io/v1alpha3
kind: Cluster
metadata:
name: #@ data.values.CLUSTER_NAME
+ #@ if data.values.VSPHERE_CONTROL_PLANE_ENDPOINT:
+ #@overlay/match missing_ok=True
+ annotations:
+ tkg.tanzu.vmware.com/cluster-controlplane-endpoint: #@ data.values.VSPHERE_CONTROL_PLANE_ENDPOINT
+ #@ end
labels:
#@overlay/match missing_ok=True
#@yaml/text-templated-strings
@@ -93,31 +98,20 @@ apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: VSphereCluster
metadata:
name: #@ data.values.CLUSTER_NAME
-#@overlay/replace
spec:
- cloudProviderConfiguration:
- global:
- insecure: true
- secretName: cloud-provider-vsphere-credentials
- secretNamespace: kube-system
- network:
- name: #@ data.values.VSPHERE_NETWORK
- providerConfig:
- cloud:
- controllerImage: gcr.io/cloud-provider-vsphere/cpi/release/manager:v1.2.1
- virtualCenter:
- #@yaml/text-templated-strings
- (@= data.values.VSPHERE_SERVER @):
- datacenters: #@ data.values.VSPHERE_DATACENTER
- workspace:
- datacenter: #@ data.values.VSPHERE_DATACENTER
- datastore: #@ data.values.VSPHERE_DATASTORE
- folder: #@ data.values.VSPHERE_FOLDER
- server: #@ data.values.VSPHERE_SERVER
+ #@ if not data.values.AVI_CONTROL_PLANE_HA_PROVIDER:
controlPlaneEndpoint:
host: #@ data.values.VSPHERE_CONTROL_PLANE_ENDPOINT
port: 6443
server: #@ data.values.VSPHERE_SERVER
+ #@ else:
+ #@overlay/remove
+ controlPlaneEndpoint:
+ #@ end
+ thumbprint: #@ get_vsphere_thumbprint()
+ identityRef:
+ kind: Secret
+ name: #@ data.values.CLUSTER_NAME
#@overlay/match by=overlay.subset({"kind": "VSphereMachineTemplate", "metadata":{"name": "${ CLUSTER_NAME }-control-plane"}})
---
@@ -131,15 +125,23 @@ spec:
cloneMode: #@ data.values.VSPHERE_CLONE_MODE
datacenter: #@ data.values.VSPHERE_DATACENTER
datastore: #@ data.values.VSPHERE_DATASTORE
+ storagePolicyName: #@ data.values.VSPHERE_STORAGE_POLICY_ID
diskGiB: #@ data.values.VSPHERE_CONTROL_PLANE_DISK_GIB
folder: #@ data.values.VSPHERE_FOLDER
memoryMiB: #@ data.values.VSPHERE_CONTROL_PLANE_MEM_MIB
network:
devices:
+ #@ if data.values.TKG_IP_FAMILY == "ipv6":
+ #@overlay/match by=overlay.index(0)
+ #@overlay/replace
+ - dhcp6: true
+ networkName: #@ data.values.VSPHERE_NETWORK
+ #@ else:
#@overlay/match by=overlay.index(0)
#@overlay/replace
- dhcp4: true
networkName: #@ data.values.VSPHERE_NETWORK
+ #@ end
numCPUs: #@ data.values.VSPHERE_CONTROL_PLANE_NUM_CPUS
resourcePool: #@ data.values.VSPHERE_RESOURCE_POOL
server: #@ data.values.VSPHERE_SERVER
@@ -157,15 +159,23 @@ spec:
cloneMode: #@ data.values.VSPHERE_CLONE_MODE
datacenter: #@ data.values.VSPHERE_DATACENTER
datastore: #@ data.values.VSPHERE_DATASTORE
+ storagePolicyName: #@ data.values.VSPHERE_STORAGE_POLICY_ID
diskGiB: 80
folder: #@ data.values.VSPHERE_FOLDER
memoryMiB: #@ data.values.VSPHERE_WORKER_MEM_MIB
network:
devices:
+ #@ if data.values.TKG_IP_FAMILY == "ipv6":
+ #@overlay/match by=overlay.index(0)
+ #@overlay/replace
+ - dhcp6: true
+ networkName: #@ data.values.VSPHERE_NETWORK
+ #@ else:
#@overlay/match by=overlay.index(0)
#@overlay/replace
- dhcp4: true
networkName: #@ data.values.VSPHERE_NETWORK
+ #@ end
numCPUs: #@ data.values.VSPHERE_WORKER_NUM_CPUS
resourcePool: #@ data.values.VSPHERE_RESOURCE_POOL
server: #@ data.values.VSPHERE_SERVER
@@ -192,30 +202,15 @@ spec:
dns:
imageRepository: #@ kubeadm_image_repo(bomDataForK8sVersion.kubeadmConfigSpec.dns.imageRepository)
imageTag: #@ bomDataForK8sVersion.kubeadmConfigSpec.dns.imageTag
- apiServer:
- extraArgs:
- cloud-provider: external
- controllerManager:
- extraArgs:
- cloud-provider: external
files:
+ #@ if not data.values.AVI_CONTROL_PLANE_HA_PROVIDER:
#@overlay/match by=overlay.index(0)
- content: #@ yaml.encode(kube_vip_pod())
- owner: root:root
- path: /etc/kubernetes/manifests/kube-vip.yaml
- initConfiguration:
- nodeRegistration:
- criSocket: /var/run/containerd/containerd.sock
- kubeletExtraArgs:
- cloud-provider: external
- name: '{{ ds.meta_data.hostname }}'
- joinConfiguration:
- nodeRegistration:
- criSocket: /var/run/containerd/containerd.sock
- kubeletExtraArgs:
- cloud-provider: external
- name: '{{ ds.meta_data.hostname }}'
- useExperimentalRetryJoin: true
+ #@ else:
+ #@overlay/match by=overlay.index(0)
+ #@overlay/remove
+ - content:
+ #@ end
users:
#@overlay/match by=overlay.index(0)
#@overlay/replace
@@ -223,10 +218,17 @@ spec:
sshAuthorizedKeys:
- #@ data.values.VSPHERE_SSH_AUTHORIZED_KEY
sudo: ALL=(ALL) NOPASSWD:ALL
+ #! TODO: we can remove this block once we are consuming a version of containerd with this change: https://github.com/containerd/containerd/pull/5145
+ #@ if data.values.TKG_IP_FAMILY == "ipv6":
+ #@overlay/match missing_ok=True
+ postKubeadmCommands:
+ #@overlay/append
+ - sed -i '/listen-client-urls/ s/$/,https:\/\/127.0.0.1:2379/' /etc/kubernetes/manifests/etcd.yaml
+ #@ end
replicas: #@ data.values.CONTROL_PLANE_MACHINE_COUNT
version: #@ data.values.KUBERNETES_VERSION
-#@overlay/match by=overlay.subset({"kind":"KubeadmConfigTemplate"})
+#@overlay/match by=overlay.subset({"kind":"KubeadmConfigTemplate", "metadata":{"name": "${ CLUSTER_NAME }-md-0-windows-containerd"}})
---
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
kind: KubeadmConfigTemplate
@@ -347,13 +349,15 @@ spec:
postKubeadmCommands:
- powershell C:/Temp/antrea.ps1 -ExecutionPolicy Bypass
users:
+ #@overlay/match by=overlay.index(0)
+ #@overlay/replace
- name: capv
groups: Administrators
sshAuthorizedKeys:
- #@ data.values.VSPHERE_SSH_AUTHORIZED_KEY
sudo: ALL=(ALL) NOPASSWD:ALL
-#@overlay/match by=overlay.subset({"kind":"MachineDeployment"})
+#@overlay/match by=overlay.subset({"kind":"MachineDeployment", "metadata":{"name": "${ CLUSTER_NAME }-md-0-windows-containerd"}})
---
apiVersion: cluster.x-k8s.io/v1alpha3
kind: MachineDeployment
@@ -375,15 +379,20 @@ spec:
spec:
bootstrap:
configRef:
- apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
- kind: KubeadmConfigTemplate
name: #@ "{}-md-0-windows-containerd".format(data.values.CLUSTER_NAME)
clusterName: #@ data.values.CLUSTER_NAME
infrastructureRef:
- apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
- kind: VSphereMachineTemplate
name: #@ "{}-windows-containerd".format(data.values.CLUSTER_NAME)
version: #@ data.values.KUBERNETES_VERSION
+#@overlay/match by=overlay.subset({"kind": "Secret", "metadata":{"name": "${ CLUSTER_NAME }"}})
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: #@ data.values.CLUSTER_NAME
+stringData:
+ username: #@ data.values.VSPHERE_USERNAME
+ password: #@ data.values.VSPHERE_PASSWORD
---
apiVersion: addons.cluster.x-k8s.io/v1alpha3
kind: ClusterResourceSet
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment