diff --git a/Makefile b/Makefile index 3c810272c..b1e33ae76 100644 --- a/Makefile +++ b/Makefile @@ -188,6 +188,7 @@ generate-templates: $(KUSTOMIZE) $(KUSTOMIZE) build $(TEMPLATES_DIR)/cluster-template-powervs --load-restrictor LoadRestrictionsNone > $(TEMPLATES_DIR)/cluster-template-powervs.yaml $(KUSTOMIZE) build $(TEMPLATES_DIR)/cluster-template-powervs-cloud-provider --load-restrictor LoadRestrictionsNone > $(TEMPLATES_DIR)/cluster-template-powervs-cloud-provider.yaml $(KUSTOMIZE) build $(TEMPLATES_DIR)/cluster-template-powervs-clusterclass --load-restrictor LoadRestrictionsNone > $(TEMPLATES_DIR)/cluster-template-powervs-clusterclass.yaml + $(KUSTOMIZE) build $(TEMPLATES_DIR)/cluster-template-vpc-clusterclass --load-restrictor LoadRestrictionsNone > $(TEMPLATES_DIR)/cluster-template-vpc-clusterclass.yaml .PHONY: generate-e2e-templates generate-e2e-templates: $(KUSTOMIZE) diff --git a/PROJECT b/PROJECT index 6ad87bc1d..234b12c1b 100644 --- a/PROJECT +++ b/PROJECT @@ -49,4 +49,7 @@ resources: - group: infrastructure kind: IBMPowerVSClusterTemplate version: v1beta2 +- group: infrastructure + kind: IBMVPCClusterTemplate + version: v1beta2 version: "2" diff --git a/api/v1beta2/ibmvpcclustertemplate_types.go b/api/v1beta2/ibmvpcclustertemplate_types.go new file mode 100644 index 000000000..2121d38a1 --- /dev/null +++ b/api/v1beta2/ibmvpcclustertemplate_types.go @@ -0,0 +1,62 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta2 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + capiv1beta1 "sigs.k8s.io/cluster-api/api/v1beta1" +) + +// IBMVPCClusterTemplateSpec defines the desired state of IBMVPCClusterTemplate. +type IBMVPCClusterTemplateSpec struct { + Template IBMVPCClusterTemplateResource `json:"template,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=ibmvpcclustertemplates,scope=Namespaced,categories=cluster-api,shortName=ibmvpcct +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="Time duration since creation of IBMVPCClusterTemplate" + +// IBMVPCClusterTemplate is the Schema for the ibmvpcclustertemplates API. +type IBMVPCClusterTemplate struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec IBMVPCClusterTemplateSpec `json:"spec,omitempty"` +} + +//+kubebuilder:object:root=true + +// IBMVPCClusterTemplateList contains a list of IBMVPCClusterTemplate. +type IBMVPCClusterTemplateList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []IBMVPCClusterTemplate `json:"items"` +} + +// IBMVPCClusterTemplateResource describes the data needed to create an IBMVPCCluster from a template. +type IBMVPCClusterTemplateResource struct { + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + ObjectMeta capiv1beta1.ObjectMeta `json:"metadata,omitempty"` + Spec IBMVPCClusterSpec `json:"spec"` +} + +func init() { + SchemeBuilder.Register(&IBMVPCClusterTemplate{}, &IBMVPCClusterTemplateList{}) +} diff --git a/api/v1beta2/zz_generated.deepcopy.go b/api/v1beta2/zz_generated.deepcopy.go index fab8f39a1..a0062f18c 100644 --- a/api/v1beta2/zz_generated.deepcopy.go +++ b/api/v1beta2/zz_generated.deepcopy.go @@ -706,6 +706,97 @@ func (in *IBMVPCClusterStatus) DeepCopy() *IBMVPCClusterStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IBMVPCClusterTemplate) DeepCopyInto(out *IBMVPCClusterTemplate) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMVPCClusterTemplate. +func (in *IBMVPCClusterTemplate) DeepCopy() *IBMVPCClusterTemplate { + if in == nil { + return nil + } + out := new(IBMVPCClusterTemplate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *IBMVPCClusterTemplate) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IBMVPCClusterTemplateList) DeepCopyInto(out *IBMVPCClusterTemplateList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]IBMVPCClusterTemplate, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMVPCClusterTemplateList. +func (in *IBMVPCClusterTemplateList) DeepCopy() *IBMVPCClusterTemplateList { + if in == nil { + return nil + } + out := new(IBMVPCClusterTemplateList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *IBMVPCClusterTemplateList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IBMVPCClusterTemplateResource) DeepCopyInto(out *IBMVPCClusterTemplateResource) { + *out = *in + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMVPCClusterTemplateResource. +func (in *IBMVPCClusterTemplateResource) DeepCopy() *IBMVPCClusterTemplateResource { + if in == nil { + return nil + } + out := new(IBMVPCClusterTemplateResource) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IBMVPCClusterTemplateSpec) DeepCopyInto(out *IBMVPCClusterTemplateSpec) { + *out = *in + in.Template.DeepCopyInto(&out.Template) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMVPCClusterTemplateSpec. +func (in *IBMVPCClusterTemplateSpec) DeepCopy() *IBMVPCClusterTemplateSpec { + if in == nil { + return nil + } + out := new(IBMVPCClusterTemplateSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IBMVPCMachine) DeepCopyInto(out *IBMVPCMachine) { *out = *in diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_ibmvpcclustertemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_ibmvpcclustertemplates.yaml new file mode 100644 index 000000000..ff08fd023 --- /dev/null +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_ibmvpcclustertemplates.yaml @@ -0,0 +1,124 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: ibmvpcclustertemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: IBMVPCClusterTemplate + listKind: IBMVPCClusterTemplateList + plural: ibmvpcclustertemplates + shortNames: + - ibmvpcct + singular: ibmvpcclustertemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of IBMVPCClusterTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: IBMVPCClusterTemplate is the Schema for the ibmvpcclustertemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IBMVPCClusterTemplateSpec defines the desired state of IBMVPCClusterTemplate. + properties: + template: + description: IBMVPCClusterTemplateResource describes the data needed + to create an IBMVPCCluster from a template. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: IBMVPCClusterSpec defines the desired state of IBMVPCCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint + used to communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneLoadBalancer: + description: ControlPlaneLoadBalancer is optional configuration + for customizing control plane behavior. + properties: + name: + description: Name sets the name of the VPC load balancer. + maxLength: 63 + pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ + type: string + type: object + region: + description: The IBM Cloud Region the cluster lives in. + type: string + resourceGroup: + description: The VPC resources should be created under the + resource group. + type: string + vpc: + description: The Name of VPC. + type: string + zone: + description: The Name of availability zone. + type: string + required: + - region + - resourceGroup + type: object + required: + - spec + type: object + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index e04ee2c7c..7b987fe0b 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -15,6 +15,7 @@ resources: - bases/infrastructure.cluster.x-k8s.io_ibmpowervsmachinetemplates.yaml - bases/infrastructure.cluster.x-k8s.io_ibmpowervsimages.yaml - bases/infrastructure.cluster.x-k8s.io_ibmpowervsclustertemplates.yaml +- bases/infrastructure.cluster.x-k8s.io_ibmvpcclustertemplates.yaml # +kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: @@ -28,6 +29,7 @@ patchesStrategicMerge: - patches/webhook_in_ibmvpcmachinetemplates.yaml - patches/webhook_in_ibmpowervsimages.yaml #- patches/webhook_in_ibmpowervsclustertemplates.yaml +#- patches/webhook_in_ibmvpcclustertemplates.yaml # +kubebuilder:scaffold:crdkustomizewebhookpatch # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. @@ -40,6 +42,7 @@ patchesStrategicMerge: - patches/cainjection_in_ibmvpcmachinetemplates.yaml - patches/cainjection_in_ibmpowervsimages.yaml #- patches/cainjection_in_ibmpowervsclustertemplates.yaml +#- patches/cainjection_in_ibmvpcclustertemplates.yaml # +kubebuilder:scaffold:crdkustomizecainjectionpatch # the following config is for teaching kustomize how to do kustomization for CRDs. diff --git a/config/crd/patches/cainjection_in_ibmvpcclustertemplates.yaml b/config/crd/patches/cainjection_in_ibmvpcclustertemplates.yaml new file mode 100644 index 000000000..1d603654b --- /dev/null +++ b/config/crd/patches/cainjection_in_ibmvpcclustertemplates.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: ibmvpcclustertemplates.infrastructure.cluster.x-k8s.io diff --git a/config/crd/patches/webhook_in_ibmvpcclustertemplates.yaml b/config/crd/patches/webhook_in_ibmvpcclustertemplates.yaml new file mode 100644 index 000000000..b4e330b22 --- /dev/null +++ b/config/crd/patches/webhook_in_ibmvpcclustertemplates.yaml @@ -0,0 +1,17 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ibmvpcclustertemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhookClientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/config/rbac/ibmvpcclustertemplate_editor_role.yaml b/config/rbac/ibmvpcclustertemplate_editor_role.yaml new file mode 100644 index 000000000..8d7a38d5b --- /dev/null +++ b/config/rbac/ibmvpcclustertemplate_editor_role.yaml @@ -0,0 +1,24 @@ +# permissions for end users to edit ibmvpcclustertemplates. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ibmvpcclustertemplate-editor-role +rules: +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - ibmvpcclustertemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - ibmvpcclustertemplates/status + verbs: + - get diff --git a/config/rbac/ibmvpcclustertemplate_viewer_role.yaml b/config/rbac/ibmvpcclustertemplate_viewer_role.yaml new file mode 100644 index 000000000..b90470348 --- /dev/null +++ b/config/rbac/ibmvpcclustertemplate_viewer_role.yaml @@ -0,0 +1,20 @@ +# permissions for end users to view ibmvpcclustertemplates. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ibmvpcclustertemplate-viewer-role +rules: +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - ibmvpcclustertemplates + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - ibmvpcclustertemplates/status + verbs: + - get diff --git a/docs/book/src/SUMMARY.md b/docs/book/src/SUMMARY.md index fb3696ecb..f7400e0a2 100644 --- a/docs/book/src/SUMMARY.md +++ b/docs/book/src/SUMMARY.md @@ -11,6 +11,7 @@ - [Uploading an image](topics/vpc/uploading-an-image.md) - [Creating a cluster](./topics/vpc/creating-a-cluster.md) - [Creating a cluster with Load Balancer and External Cloud Provider](./topics/vpc/load-balancer.md) + - [Creating a cluster from ClusterClass](./topics/vpc/clusterclass-cluster.md) - [PowerVS Cluster](./topics/powervs/index.md) - [Prerequisites](./topics/powervs/prerequisites.md) - [Creating a cluster](./topics/powervs/creating-a-cluster.md) diff --git a/docs/book/src/getting-started.md b/docs/book/src/getting-started.md index d8292e56c..64ac3c40e 100644 --- a/docs/book/src/getting-started.md +++ b/docs/book/src/getting-started.md @@ -106,14 +106,14 @@ it into a management cluster using `clusterctl`. ``` > Note: `EXP_CLUSTER_RESOURCE_SET` should be set for deploying workload cluster with Cloud Controller manager. -### Deploy PowerVS cluster with ClusterClass template +### Deploy PowerVS cluster or VPC cluster with ClusterClass template - To deploy workload cluster with [PowerVS clusterclass-template](/topics/powervs/clusterclass-cluster.html). Set the following environmental variables. + To deploy workload cluster with [PowerVS clusterclass-template](/topics/powervs/clusterclass-cluster.html) or [VPC clusterclass-template](/topics/VPC/clusterclass-cluster.html). Set the following environmental variables. ```console export PROVIDER_ID_FORMAT=v2 export EXP_CLUSTER_RESOURCE_SET=true export CLUSTER_TOPOLOGY=true ``` - - > Note: Currently, both [ClusterClass](https://cluster-api.sigs.k8s.io/tasks/experimental-features/cluster-class/index.html) and [ClusterResourceset](https://cluster-api.sigs.k8s.io/tasks/experimental-features/cluster-resource-set.html) are experimental feature so we need to enable the feature gate by setting `EXP_CLUSTER_RESOURCE_SET`, `CLUSTER_TOPOLOGY` environmental variables. \ No newline at end of file + + > Note: Currently, both [ClusterClass](https://cluster-api.sigs.k8s.io/tasks/experimental-features/cluster-class/index.html) and [ClusterResourceSet](https://cluster-api.sigs.k8s.io/tasks/experimental-features/cluster-resource-set.html) are experimental feature so we need to enable the feature gate by setting `EXP_CLUSTER_RESOURCE_SET`, `CLUSTER_TOPOLOGY` environmental variables. \ No newline at end of file diff --git a/docs/book/src/topics/vpc/clusterclass-cluster.md b/docs/book/src/topics/vpc/clusterclass-cluster.md new file mode 100644 index 000000000..f026f9d28 --- /dev/null +++ b/docs/book/src/topics/vpc/clusterclass-cluster.md @@ -0,0 +1,23 @@ +# Create IBM VPC Cluster Using ClusterClass + +## Preface +- To deploy IBM Cloud VPC workload cluster using [ClusterClass](https://cluster-api.sigs.k8s.io/tasks/experimental-features/cluster-class/index.html), create a cluster configuration from the [clusterclass-template](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/templates/cluster-template-vpc-clusterclass.yaml). +- The [clusterclass-template](https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/templates/cluster-template-vpc-clusterclass.yaml) will use [ClusterResourceSet](https://cluster-api.sigs.k8s.io/tasks/experimental-features/cluster-resource-set.html) and will create the necessary config map, secret and roles to run the cloud controller manager +- The flags EXP_CLUSTER_RESOURCE_SET and CLUSTER_TOPOLOGY need to be set to true. + +A comprehensive list of IBM Cloud VPC Regions and Zones can be found [here](/reference/regions-zones-mapping.html) + +## Deploy a cluster using IBM Cloud VPC infrastructure using ClusterClass +```shell +IBMVPC_CLUSTER_CLASS_NAME=ibmvpc-clusteclass \ +IBMVPC_REGION= \ +IBMVPC_ZONE= \ +IBMVPC_RESOURCEGROUP= \ +IBMVPC_NAME= \ +IBMVPC_IMAGE_NAME=capibm-vpc-ubuntu-2004-kube-v1-26-2 \ +IBMVPC_PROFILE=bx2-4x16 \ +IBMVPC_SSHKEY_NAME= \ +BASE64_API_KEY=$(echo -n $IBMCLOUD_API_KEY | base64) \ +IBMACCOUNT_ID= \ +clusterctl generate cluster ibm-mix-clusterclass --kubernetes-version v1.26.2 --target-namespace default --control-plane-machine-count=1 --worker-machine-count=2 --from=./templates/cluster-template-vpc-clusterclass.yaml | kubectl apply -f - +``` diff --git a/docs/book/src/topics/vpc/index.md b/docs/book/src/topics/vpc/index.md index d8a0123a5..fa5e65cd6 100644 --- a/docs/book/src/topics/vpc/index.md +++ b/docs/book/src/topics/vpc/index.md @@ -4,3 +4,4 @@ - [Prerequisites](/topics/vpc/prerequisites.html) - [Uploading an image](/topics/vpc/uploading-an-image.html) - [Creating a cluster](/topics/vpc/creating-a-cluster.html) +- [Creating a cluster from ClusterClass](/topics/vpc/clusterclass-cluster.md) diff --git a/templates/cluster-template-vpc-clusterclass.yaml b/templates/cluster-template-vpc-clusterclass.yaml new file mode 100644 index 000000000..f7a72c2fb --- /dev/null +++ b/templates/cluster-template-vpc-clusterclass.yaml @@ -0,0 +1,420 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + ccm: external + cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} + name: ${CLUSTER_NAME} + namespace: ${NAMESPACE} +spec: + clusterNetwork: + pods: + cidrBlocks: + - ${POD_CIDR:="192.168.0.0/16"} + serviceDomain: ${SERVICE_DOMAIN:="cluster.local"} + services: + cidrBlocks: + - ${SERVICE_CIDR:="10.128.0.0/12"} + topology: + class: ${IBMVPC_CLUSTER_CLASS_NAME} + controlPlane: + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} + workers: + machineDeployments: + - class: default-worker + name: md-0 + replicas: ${WORKER_MACHINE_COUNT} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: ${IBMVPC_CLUSTER_CLASS_NAME:="vpc-cc"} +spec: + controlPlane: + machineInfrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: IBMVPCMachineTemplate + name: ${IBMVPC_CLUSTER_CLASS_NAME}-control-plane-machinetemplate + namespace: ${NAMESPACE} + ref: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + name: ${IBMVPC_CLUSTER_CLASS_NAME}-control-plane + namespace: ${NAMESPACE} + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: IBMVPCClusterTemplate + name: ${IBMVPC_CLUSTER_CLASS_NAME}-cluster-template + namespace: ${NAMESPACE} + workers: + machineDeployments: + - class: default-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${IBMVPC_CLUSTER_CLASS_NAME}-md-0 + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: IBMVPCMachineTemplate + name: ${IBMVPC_CLUSTER_CLASS_NAME}-worker-machinetemplate +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: IBMVPCClusterTemplate +metadata: + name: ${IBMVPC_CLUSTER_CLASS_NAME}-cluster-template +spec: + template: + spec: + controlPlaneLoadBalancer: + name: ${CLUSTER_NAME}-load-balancer + region: ${IBMVPC_REGION} + resourceGroup: ${IBMVPC_RESOURCEGROUP} + vpc: ${IBMVPC_NAME} + zone: ${IBMVPC_ZONE} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlaneTemplate +metadata: + name: ${IBMVPC_CLUSTER_CLASS_NAME}-control-plane + namespace: ${NAMESPACE} +spec: + template: + spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + certSANs: + - localhost + - 127.0.0.1 + extraArgs: + cloud-provider: external + controllerManager: + extraArgs: + cloud-provider: external + enable-hostpath-provisioner: "true" + dns: {} + etcd: {} + kubernetesVersion: ${KUBERNETES_VERSION} + networking: {} + scheduler: {} + initConfiguration: + nodeRegistration: + criSocket: /var/run/containerd/containerd.sock + kubeletExtraArgs: + cloud-provider: external + eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% + joinConfiguration: + discovery: {} + nodeRegistration: + criSocket: /var/run/containerd/containerd.sock + kubeletExtraArgs: + cloud-provider: external + eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: ${IBMVPC_CLUSTER_CLASS_NAME}-md-0 +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: IBMVPCMachineTemplate +metadata: + name: ${IBMVPC_CLUSTER_CLASS_NAME}-control-plane-machinetemplate +spec: + template: + spec: + bootVolume: + sizeGiB: ${IBMVPC_CONTROLPLANE_BOOT_VOLUME_SIZEGIB:=20} + image: + name: ${IBMVPC_IMAGE_NAME} + profile: ${IBMVPC_PROFILE} + sshKeys: + - name: ${IBMVPC_SSHKEY_NAME} + zone: ${IBMVPC_ZONE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: IBMVPCMachineTemplate +metadata: + name: ${IBMVPC_CLUSTER_CLASS_NAME}-worker-machinetemplate +spec: + template: + spec: + bootVolume: + sizeGiB: ${IBMVPC_WORKER_BOOT_VOLUME_SIZEGIB:=20} + image: + name: ${IBMVPC_IMAGE_NAME} + profile: ${IBMVPC_PROFILE} + sshKeys: + - name: ${IBMVPC_SSHKEY_NAME} + zone: ${IBMVPC_ZONE} +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + name: crs-cloud-conf +spec: + clusterSelector: + matchLabels: + ccm: external + resources: + - kind: Secret + name: ibm-credential + - kind: ConfigMap + name: ibm-cfg + - kind: ConfigMap + name: cloud-controller-manager-addon + strategy: ApplyOnce +--- +apiVersion: v1 +data: + ibm-cloud-conf.yaml: |- + apiVersion: v1 + kind: ConfigMap + metadata: + name: ibm-cloud-config + namespace: kube-system + data: + ibm.conf: | + [global] + version = 1.1.0 + [kubernetes] + config-file = "" + [provider] + cluster-default-provider = g2 + accountID = ${IBMACCOUNT_ID} + clusterID = ${CLUSTER_NAME} + g2workerServiceAccountID = ${IBMACCOUNT_ID} + g2Credentials = /etc/ibm-secret/ibmcloud_api_key + g2ResourceGroupName = ${IBMVPC_RESOURCEGROUP_NAME:=""} + g2VpcSubnetNames = "${CLUSTER_NAME}-subnet" + g2VpcName = ${IBMVPC_NAME:=""} + region = ${IBMVPC_REGION:=""} +kind: ConfigMap +metadata: + name: ibm-cfg +--- +apiVersion: v1 +kind: Secret +metadata: + name: ibm-credential +stringData: + ibm-credential.yaml: |- + apiVersion: v1 + kind: Secret + metadata: + name: ibm-cloud-credential + namespace: kube-system + data: + ibmcloud_api_key: ${BASE64_API_KEY} +type: addons.cluster.x-k8s.io/resource-set +--- +apiVersion: v1 +data: + ibm-ccm-external.yaml: |- + apiVersion: v1 + kind: ServiceAccount + metadata: + name: cloud-controller-manager + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: cloud-controller-manager:apiserver-authentication-reader + namespace: kube-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader + subjects: + - apiGroup: "" + kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: system:cloud-controller-manager + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager + subjects: + - kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: system:cloud-controller-manager + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update + - apiGroups: + - "" + resources: + - nodes + verbs: + - "*" + - apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - patch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - watch + - update + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - list + - watch + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "coordination.k8s.io" + resources: + - leases + verbs: + - create + - get + - list + - watch + - update + - apiGroups: + - "" + resourceNames: + - node-controller + - service-controller + resources: + - serviceaccounts/token + verbs: + - create + --- + apiVersion: apps/v1 + kind: DaemonSet + metadata: + name: ibm-cloud-controller-manager + namespace: kube-system + labels: + k8s-app: ibm-cloud-controller-manager + spec: + selector: + matchLabels: + k8s-app: ibm-cloud-controller-manager + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + k8s-app: ibm-cloud-controller-manager + spec: + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - key: node.cloudprovider.kubernetes.io/uninitialized + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/master + effect: NoSchedule + operator: Exists + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + operator: Exists + - key: node.kubernetes.io/not-ready + effect: NoSchedule + operator: Exists + serviceAccountName: cloud-controller-manager + containers: + - name: ibm-cloud-controller-manager + image: gcr.io/k8s-staging-capi-ibmcloud/powervs-cloud-controller-manager:07d19bf + args: + - --v=2 + - --cloud-provider=ibm + - --cloud-config=/etc/cloud/ibm.conf + - --use-service-account-credentials=true + volumeMounts: + - mountPath: /etc/cloud + name: ibm-config-volume + readOnly: true + - mountPath: /etc/ibm-secret + name: ibm-secret + resources: + requests: + cpu: 200m + hostNetwork: true + volumes: + - name: ibm-config-volume + configMap: + name: ibm-cloud-config + - name: ibm-secret + secret: + secretName: ibm-cloud-credential +kind: ConfigMap +metadata: + name: cloud-controller-manager-addon diff --git a/templates/cluster-template-vpc-clusterclass/cluster-with-kcp.yaml b/templates/cluster-template-vpc-clusterclass/cluster-with-kcp.yaml new file mode 100644 index 000000000..cfcec444a --- /dev/null +++ b/templates/cluster-template-vpc-clusterclass/cluster-with-kcp.yaml @@ -0,0 +1,116 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + ccm: external + cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} + name: ${CLUSTER_NAME} + namespace: ${NAMESPACE} +spec: + clusterNetwork: + pods: + cidrBlocks: + - ${POD_CIDR:="192.168.0.0/16"} + serviceDomain: ${SERVICE_DOMAIN:="cluster.local"} + services: + cidrBlocks: + - ${SERVICE_CIDR:="10.128.0.0/12"} + topology: + class: ${IBMVPC_CLUSTER_CLASS_NAME} + controlPlane: + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + version: ${KUBERNETES_VERSION} + workers: + machineDeployments: + - class: default-worker + name: md-0 + replicas: ${WORKER_MACHINE_COUNT} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: ${IBMVPC_CLUSTER_CLASS_NAME:="vpc-cc"} +spec: + controlPlane: + machineInfrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: IBMVPCMachineTemplate + name: ${IBMVPC_CLUSTER_CLASS_NAME}-control-plane-machinetemplate + namespace: ${NAMESPACE} + ref: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + name: ${IBMVPC_CLUSTER_CLASS_NAME}-control-plane + namespace: ${NAMESPACE} + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: IBMVPCClusterTemplate + name: ${IBMVPC_CLUSTER_CLASS_NAME}-cluster-template + namespace: ${NAMESPACE} + workers: + machineDeployments: + - class: default-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: ${IBMVPC_CLUSTER_CLASS_NAME}-md-0 + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: IBMVPCMachineTemplate + name: ${IBMVPC_CLUSTER_CLASS_NAME}-worker-machinetemplate +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: IBMVPCClusterTemplate +metadata: + name: ${IBMVPC_CLUSTER_CLASS_NAME}-cluster-template +spec: + template: + spec: + controlPlaneLoadBalancer: + name: ${CLUSTER_NAME}-load-balancer + region: ${IBMVPC_REGION} + resourceGroup: ${IBMVPC_RESOURCEGROUP} + vpc: ${IBMVPC_NAME} + zone: ${IBMVPC_ZONE} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlaneTemplate +metadata: + name: ${IBMVPC_CLUSTER_CLASS_NAME}-control-plane + namespace: ${NAMESPACE} +spec: + template: + spec: + kubeadmConfigSpec: + clusterConfiguration: + kubernetesVersion: ${KUBERNETES_VERSION} + apiServer: + certSANs: [localhost, 127.0.0.1] + extraArgs: + cloud-provider: external + controllerManager: + extraArgs: + enable-hostpath-provisioner: 'true' + cloud-provider: external + dns: {} + etcd: {} + networking: {} + scheduler: {} + initConfiguration: + nodeRegistration: + criSocket: /var/run/containerd/containerd.sock + kubeletExtraArgs: + cloud-provider: external + eviction-hard: 'nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%' + joinConfiguration: + discovery: {} + nodeRegistration: + criSocket: /var/run/containerd/containerd.sock + kubeletExtraArgs: + cloud-provider: external + eviction-hard: 'nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%' diff --git a/templates/cluster-template-vpc-clusterclass/kustomization.yaml b/templates/cluster-template-vpc-clusterclass/kustomization.yaml new file mode 100644 index 000000000..57c7c7d24 --- /dev/null +++ b/templates/cluster-template-vpc-clusterclass/kustomization.yaml @@ -0,0 +1,7 @@ +resources: +- cluster-with-kcp.yaml +- md.yaml +- ../addons/crs.yaml + +sortOptions: + order: fifo diff --git a/templates/cluster-template-vpc-clusterclass/md.yaml b/templates/cluster-template-vpc-clusterclass/md.yaml new file mode 100644 index 000000000..63abfb7e3 --- /dev/null +++ b/templates/cluster-template-vpc-clusterclass/md.yaml @@ -0,0 +1,44 @@ +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: "${IBMVPC_CLUSTER_CLASS_NAME}-md-0" +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: IBMVPCMachineTemplate +metadata: + name: ${IBMVPC_CLUSTER_CLASS_NAME}-control-plane-machinetemplate +spec: + template: + spec: + bootVolume: + sizeGiB: ${IBMVPC_CONTROLPLANE_BOOT_VOLUME_SIZEGIB:=20} + image: + name: ${IBMVPC_IMAGE_NAME} + profile: ${IBMVPC_PROFILE} + sshKeys: + - name: ${IBMVPC_SSHKEY_NAME} + zone: ${IBMVPC_ZONE} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 +kind: IBMVPCMachineTemplate +metadata: + name: "${IBMVPC_CLUSTER_CLASS_NAME}-worker-machinetemplate" +spec: + template: + spec: + image: + name: "${IBMVPC_IMAGE_NAME}" + zone: "${IBMVPC_ZONE}" + profile: "${IBMVPC_PROFILE}" + sshKeys: + - name: "${IBMVPC_SSHKEY_NAME}" + bootVolume: + sizeGiB: ${IBMVPC_WORKER_BOOT_VOLUME_SIZEGIB:=20}