Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor cluster templates #1341

Merged
merged 1 commit into from
Aug 20, 2023
Merged

Refactor cluster templates #1341

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ TOOLS_BIN_DIR := $(TOOLS_DIR)/bin
GO_INSTALL = ./scripts/go_install.sh
E2E_CONF_FILE_ENVSUBST := $(REPO_ROOT)/test/e2e/config/ibmcloud-e2e-envsubst.yaml
E2E_TEMPLATES := $(REPO_ROOT)/test/e2e/data/templates
TEMPLATES_DIR := $(REPO_ROOT)/templates

GO_APIDIFF := $(TOOLS_BIN_DIR)/go-apidiff
GOLANGCI_LINT := $(TOOLS_BIN_DIR)/golangci-lint
Expand Down Expand Up @@ -174,6 +175,14 @@ generate-go-conversions: $(CONVERSION_GEN) ## Generate conversions go code
--output-file-base=zz_generated.conversion $(CONVERSION_GEN_OUTPUT_BASE) \
--go-header-file=./hack/boilerplate/boilerplate.generatego.txt

.PHONY: generate-templates
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should explore how consume this target! @Amulyam24 can you create a follow up task for that?

generate-templates: $(KUSTOMIZE)
$(KUSTOMIZE) build $(TEMPLATES_DIR)/cluster-template --load-restrictor LoadRestrictionsNone > $(TEMPLATES_DIR)/cluster-template.yaml
$(KUSTOMIZE) build $(TEMPLATES_DIR)/cluster-template-powervs --load-restrictor LoadRestrictionsNone > $(TEMPLATES_DIR)/cluster-template-powervs.yaml
$(KUSTOMIZE) build $(TEMPLATES_DIR)/cluster-template-powervs-cloud-provider --load-restrictor LoadRestrictionsNone > $(TEMPLATES_DIR)/cluster-template-powervs-cloud-provider.yaml
$(KUSTOMIZE) build $(TEMPLATES_DIR)/cluster-template-powervs-clusterclass --load-restrictor LoadRestrictionsNone > $(TEMPLATES_DIR)/cluster-template-powervs-clusterclass.yaml
$(KUSTOMIZE) build $(TEMPLATES_DIR)/cluster-template-vpc-load-balancer --load-restrictor LoadRestrictionsNone > $(TEMPLATES_DIR)/cluster-template-vpc-load-balancer.yaml

.PHONY: generate-e2e-templates
generate-e2e-templates: $(KUSTOMIZE)
ifeq ($(E2E_FLAVOR), powervs-md-remediation)
Expand Down
262 changes: 262 additions & 0 deletions templates/addons/crs-powervs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,262 @@
apiVersion: addons.cluster.x-k8s.io/v1beta1
kind: ClusterResourceSet
metadata:
name: crs-cloud-conf
spec:
clusterSelector:
matchLabels:
ccm: external
resources:
- kind: Secret
name: ibmpowervs-credential
- kind: ConfigMap
name: ibmpowervs-cfg
- kind: ConfigMap
name: cloud-controller-manager-addon
strategy: ApplyOnce
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ibmpowervs-cfg
data:
ibmpowervs-cloud-conf.yaml: |-
apiVersion: v1
kind: ConfigMap
metadata:
name: ibmpowervs-cloud-config
namespace: kube-system
data:
ibmpowervs.conf: |
[global]
version = 1.1.0
[kubernetes]
config-file = ""
[provider]
cluster-default-provider = g2
accountID = ${IBMACCOUNT_ID}
clusterID = ${CLUSTER_NAME}
g2workerServiceAccountID = ${IBMACCOUNT_ID}
g2Credentials = /etc/ibm-secret/ibmcloud_api_key
g2ResourceGroupName = ${IBMVPC_RESOURCE_GROUP:=""}
g2VpcSubnetNames = ${IBMVPC_SUBNET_NAMES:=""}
g2VpcName = ${IBMVPC_NAME:=""}
region = ${IBMVPC_REGION:=""}
powerVSCloudInstanceID = ${IBMPOWERVS_SERVICE_INSTANCE_ID}
powerVSRegion = ${IBMPOWERVS_REGION}
powerVSZone = ${IBMPOWERVS_ZONE}
---
apiVersion: v1
kind: Secret
metadata:
name: ibmpowervs-credential
type: addons.cluster.x-k8s.io/resource-set
stringData:
ibmpowervs-credential.yaml: |-
apiVersion: v1
kind: Secret
metadata:
name: ibmpowervs-cloud-credential
namespace: kube-system
data:
ibmcloud_api_key: ${BASE64_API_KEY}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: cloud-controller-manager-addon
data:
ibmpowervs-ccm-external.yaml: |-
apiVersion: v1
kind: ServiceAccount
metadata:
name: cloud-controller-manager
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: cloud-controller-manager:apiserver-authentication-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cloud-controller-manager
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:cloud-controller-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:cloud-controller-manager
subjects:
- kind: ServiceAccount
name: cloud-controller-manager
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:cloud-controller-manager
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- "*"
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
- apiGroups:
- ""
resources:
- services
verbs:
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- services/status
verbs:
- patch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- "coordination.k8s.io"
resources:
- leases
verbs:
- create
- get
- list
- watch
- update
- apiGroups:
- ""
resourceNames:
- node-controller
- service-controller
resources:
- serviceaccounts/token
verbs:
- create
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: ibmpowervs-cloud-controller-manager
namespace: kube-system
labels:
k8s-app: ibmpowervs-cloud-controller-manager
spec:
selector:
matchLabels:
k8s-app: ibmpowervs-cloud-controller-manager
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
k8s-app: ibmpowervs-cloud-controller-manager
spec:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- key: node.cloudprovider.kubernetes.io/uninitialized
value: "true"
effect: NoSchedule
- key: node-role.kubernetes.io/master
effect: NoSchedule
operator: Exists
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
operator: Exists
- key: node.kubernetes.io/not-ready
effect: NoSchedule
operator: Exists
serviceAccountName: cloud-controller-manager
containers:
- name: ibmpowervs-cloud-controller-manager
image: gcr.io/k8s-staging-capi-ibmcloud/powervs-cloud-controller-manager:07d19bf
args:
- --v=2
- --cloud-provider=ibm
- --cloud-config=/etc/cloud/ibmpowervs.conf
- --use-service-account-credentials=true
env:
- name: ENABLE_VPC_PUBLIC_ENDPOINT
value: "true"
volumeMounts:
- mountPath: /etc/cloud
name: ibmpowervs-config-volume
readOnly: true
- mountPath: /etc/ibm-secret
name: ibm-secret
resources:
requests:
cpu: 200m
hostNetwork: true
volumes:
- name: ibmpowervs-config-volume
configMap:
name: ibmpowervs-cloud-config
- name: ibm-secret
secret:
secretName: ibmpowervs-cloud-credential
Loading