Skip to content

Commit

Permalink
Updated defaults and docs
Browse files Browse the repository at this point in the history
Signed-off-by: Marcus Noble <[email protected]>
  • Loading branch information
AverageMarcus committed Jan 13, 2023
1 parent 3637f1d commit 4d7a52f
Show file tree
Hide file tree
Showing 3 changed files with 116 additions and 30 deletions.
13 changes: 13 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

### Breaking Change

- For private clusters, where `network.vpcMode` is set to `private`, the subnets property has changed. Instead of previously being a list of CIDR strings the property now include a more complex object providing more configuration options. For migration steps see the "Upgrading to `v0.21.0`" section in the readme.

### Added

- More configuration options when defining subnets to be created
- `controlPlane.subnetTags`, `bastion.subnetTags` and `machinePools[].subnetTags` to target specific subnets

### Changed

- Subnets are now specified on the `AWSCluster` resource by default rather than relying on CAPA code to default them. The same sizing as the CAPA default have been used.

## [0.20.7] - 2023-01-12

### Changed
Expand Down
86 changes: 86 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,89 @@
# cluster-aws

`cluster-aws` is an app that helps create a CRs for a Cluster API AWS cluster for Giant Swarm platform.

## Custom Subnet Layouts

As of v0.21.0 it possible to specify more complex subnet layouts that allow using different sets of subnets for different grouping of machines.

Subnet groupings can be defined by setting `.network.subnets`. For example, to have different subnets for control plane, worker and bastion nodes you might have something similar to the following:

```yaml

network:
availabilityZoneUsageLimit: 3
vpcCIDR: 10.0.0.0/16
subnets:
# Control plane nodes subnets
- cidrBlocks:
- cidr: 10.0.32.0/19
availabilityZone: a
- cidr: 10.0.64.0/19
availabilityZone: b
- cidr: 10.0.96.0/19
availabilityZone: c
isPublic: false
tags:
subnet.giantswarm.io/role: control-plane
# Worker nodes subnets
- cidrBlocks:
- cidr: 10.0.128.0/19
availabilityZone: a
- cidr: 10.0.160.0/19
availabilityZone: b
- cidr: 10.0.192.0/19
availabilityZone: c
isPublic: false
tags:
subnet.giantswarm.io/role: workers
# Bastion nodes subnets
- cidrBlocks:
- cidr: 10.0.0.0/24
availabilityZone: a
- cidr: 10.0.1.0/24
availabilityZone: b
- cidr: 10.0.2.0/24
availabilityZone: c
isPublic: true
tags:
subnet.giantswarm.io/role: bastion
```
The desired subnet can then be targetted by using the `subnetTags` value to set the AWS tags to match on. For example:

```yaml
bastion:
subnetTags:
- subnet.giantswarm.io/role: bastion
controlPlane:
subnetTags:
- subnet.giantswarm.io/role: control-plane
machinePools:
- name: def00
subnetTags:
- subnet.giantswarm.io/role: workers
```

## Upgrading to `v0.21.0`

If your cluster previously has `network.vpcMode` set to private you will need to make a small change to your values when upgrading to this version.

If using the default list of subnets you will need to set the following in your values:

```yaml
network:
subnets:
- cidrBlocks:
- cidr: 10.0.0.0/18
availabilityZone: a
- cidr: 10.0.64.0/18
availabilityZone: b
- cidr: 10.0.128.0/18
availabilityZone: c
isPublic: false
```

If you've specified your own CIDR blocks previous you'll need to convert those strings to the block structure like above. Be aware to make sure the correct availability zone is specified for each CIDR block.
47 changes: 17 additions & 30 deletions helm/cluster-aws/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -48,36 +48,15 @@ network:

# subnets defines all the subnets for a cluster.
subnets:
# The CAPA default subnet layout
- cidrBlocks:
- cidr: 10.0.0.0/23
- cidr: 10.0.0.0/20
availabilityZone: a
- cidr: 10.0.2.0/23
- cidr: 10.0.16.0/20
availabilityZone: b
- cidr: 10.0.4.0/23
- cidr: 10.0.32.0/20
availabilityZone: c
isPublic: true
tags:
subnet.giantswarm.io/role: load-balancers
- cidrBlocks:
- cidr: 10.0.6.0/23
availabilityZone: a
- cidr: 10.0.8.0/23
availabilityZone: b
- cidr: 10.0.10.0/23
availabilityZone: c
isPublic: false
tags:
subnet.giantswarm.io/role: control-plane
- cidrBlocks:
- cidr: 10.0.12.0/24
availabilityZone: a
- cidr: 10.0.13.0/24
availabilityZone: b
- cidr: 10.0.14.0/24
availabilityZone: c
isPublic: true
tags:
subnet.giantswarm.io/role: bastion
- cidrBlocks:
- cidr: 10.0.64.0/18
availabilityZone: a
Expand All @@ -86,15 +65,23 @@ network:
- cidr: 10.0.192.0/18
availabilityZone: c
isPublic: false
tags:
subnet.giantswarm.io/role: workers

# # Our previous default for private clusters
# - cidrBlocks:
# - cidr: 10.0.0.0/18
# availabilityZone: a
# - cidr: 10.0.64.0/18
# availabilityZone: b
# - cidr: 10.0.128.0/18
# availabilityZone: c
# isPublic: false

bastion:
enabled: true
instanceType: t3.small
replicas: 1
subnetTags:
- subnet.giantswarm.io/role: bastion
# - subnet.giantswarm.io/role: bastion

controlPlane:
instanceType: m5.xlarge
Expand All @@ -103,7 +90,7 @@ controlPlane:
containerdVolumeSizeGB: 100
kubeletVolumeSizeGB: 100
subnetTags:
- subnet.giantswarm.io/role: control-plane
# - subnet.giantswarm.io/role: control-plane

machinePools:
- name: def00 # Name of node pool.
Expand All @@ -119,7 +106,7 @@ machinePools:
# value: ""
# effect: "" # Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
subnetTags:
- subnet.giantswarm.io/role: workers
# - subnet.giantswarm.io/role: workers

sshSSOPublicKey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM4cvZ01fLmO9cJbWUj7sfF+NhECgy+Cl0bazSrZX7sU [email protected]"
flatcarAWSAccount: "075585003325"
Expand Down

0 comments on commit 4d7a52f

Please sign in to comment.