commit d0683139feb8c6c180441b9683994a4a5b589388 Author: Sidney Shiba Date: Wed Sep 9 12:41:04 2020 -0500 Integration of Azure provider to Airship 2.0 This commit integrates the Azure provider to the Airship 2.0 project. It adds the following folders: - manifest/function/capz: This folder contains all manifests required for the integration of Azure provider. - manifest/function/k8scontrol-capz: This folder contains the base manifest for the Azure Workload cluster. - manifest/site/az-test-site: This folder contains the manifests used for initializing the CAPI and CAPZ components on the management cluster invoking "airshipctl cluster init" and manifests used for deploying a Workload cluster on the Azure Cloud by invoking the command "airshipctl phase apply azure". - tools/deployment/azure: provides the script shell that are used in the zuul gates and local test. Updated files: - zuul.d/project.yaml and zuul.d/jobs.yaml have been updated to include gates for validating the Azure provider integration. Change-Id: Icbdc7f6f42c159f48dd11e35626da3bc016f5487 diff --git a/docs/azure/azure-integration.md b/docs/azure/azure-integration.md new file mode 100644 index 0000000..1d1c440 --- /dev/null +++ b/docs/azure/azure-integration.md @@ -0,0 +1,213 @@ +# Airship 2.0 Integration with Azure Cloud Platform +This document provides the instructions to setup and execute *airshipctl* +commands to deploy a Target cluster in Azure cloud platform. +The manifest for the Target cluster deployment can be found at +**manifest/site/az-test-site/target/azure-target**. +It will deploy: +- CAPZ v0.4.5 Management component +- Region: US East +- Control Plane: 1 VM (Standard_B2s) +- Worker: 2 VMs (Standard_B2s) +- Deploying K8S 1.18.3 + +## Pre-requisites +The list below are the expected pre-requisites for this integration. + +- Create your *$HOME/.airship/config* +- Instantiate the Management cluster using Kind +- Update the manifest *manifest/function/capz/v.4.5/default/credentials.yaml* +with the Azure subscription credentials + +TODO: Azure subscription credentials to be passed as environment variables + +## Steps to create a Management cluster with Kind +The list of commands below creates a K8S cluster to be used as Management cluster + +```bash +$ kind create cluster --name airship2-kind-api --kubeconfig /your/folder/kubeconfig.yaml +$ cp /your/folder/kubeconfig.yaml $HOME/.airship/kubeconfig +$ cp /your/folder/kubeconfig.yaml $HOME/.kube/config +``` + +## Initialize Management cluster +Execute the following command to initialize the Management cluster with CAPI and +CAPZ components. +```bash +$ airshipctl cluster init +``` +## Deploy Target cluster on Azure +To deploy the Target cluster on Azure cloude execute the following command. +```bash +$ airshipctl phase apply azure-target +``` + +Verify the status of Target cluster deployment +```bash +$ kubectl get cluster --all-namespaces +``` +Check status of Target cluster KUBEADM control plane deployment +```bash +$ kubectl get kubeadmcontrolplane --all-namespaces +``` + +Retrieve the kubeconfig of Target cluster +```bash +$ kubectl --namespace=default get secret/az-target-cluster-kubeconfig -o jsonpath={.data.value} \ +| base64 --decode > ./az-target-cluster.kubeconfig +``` + +Check the list of nodes create for the Target cluster +```bash + $ kubectl --kubeconfig=./az-target-cluster.kubeconfig get nodes +``` + +When all control plane and worker nodes have been created, they will stay in Not Ready state until +CNI is configured. See next step below. + +## Configure CNI on the Target cluster with Calico +Calico will be initialized as part of control plane VM *postKubeadmCommands*, which executes the +*sudo kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-azure/master/templates/addons/calico.yaml* command. + +See snippet of manifest integrating Calico initialization below: + +```yaml +apiVersion: controlplane.cluster.x-k8s.io/v1alpha3 +kind: KubeadmControlPlane +metadata: + name: az-target-cluster-control-plane + namespace: default +spec: + infrastructureTemplate: + apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 + kind: AzureMachineTemplate + name: az-target-cluster-control-plane + kubeadmConfigSpec: +... + files: + - path: /calico.sh + owner: root:root + permissions: "0755" + content: | + #!/bin/bash -x + sudo kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-azure/master/templates/addons/calico.yaml +... + postKubeadmCommands: + - /calico.sh + useExperimentalRetryJoin: true + replicas: 3 + version: v1.18.2 +``` + +This approach automates the initialization of Calico and saves the need to execute manually +the list of commands described below. + +First we need to provision the Target cluster context in the airship config file + +Add Target Cluster manifest to azure_manifest +```bash +$ airshipctl config import ./az-target-cluster.kubeconfig +``` +Replace Target Cluster kubeconfig Context in the airship config file +```bash +$ airshipctl config set-context az-target-cluster-admin@az-target-cluster --manifest azure_manifest +``` + +Set Current Context to the Target Cluster kubeconfig Context in the airship config file +```bash +$ airshipctl config use-context az-target-cluster-admin@az-target-cluster +``` + +Now we can trigger the configuration of Calico on the Target Cluster +```bash +$ airshipctl phase apply calico --kubeconfig az-target-cluster.kubeconfig +``` + +Once the Calico provisionning has been completed you should see all the nodes instantiated for the +Target cluster in Ready state. +```bash +$ kubectl --kubeconfig=./az-target-cluster.kubeconfig get nodes + +NAME STATUS ROLES AGE VERSION +az-target-cluster-control-plane-28ghk Ready master 17h v1.18.2 +az-target-cluster-md-0-46zfv Ready 17h v1.18.2 +az-target-cluster-md-0-z5lff Ready 17h v1.18.2 +``` + +## APPENDIX: $HOME/.airship/config + +```yaml +apiVersion: airshipit.org/v1alpha1 +bootstrapInfo: + azure_bootstrap_config: + builder: + networkConfigFileName: network-config + outputMetadataFileName: output-metadata.yaml + userDataFileName: user-data + container: + containerRuntime: docker + image: quay.io/airshipit/isogen:latest-debian_stable + volume: /srv/iso:/config + remoteDirect: + isoUrl: http://localhost:8099/debian-custom.iso + default: + builder: + networkConfigFileName: network-config + outputMetadataFileName: output-metadata.yaml + userDataFileName: user-data + container: + containerRuntime: docker + image: quay.io/airshipit/isogen:latest-debian_stable + volume: /srv/iso:/config + remoteDirect: + isoUrl: http://localhost:8099/debian-custom.iso +clusters: + az-target-cluster: + clusterType: + target: + bootstrapInfo: default + clusterKubeconf: az-target-cluster_target + managementConfiguration: default +contexts: + az-target-cluster-admin@az-target-cluster: + contextKubeconf: az-target-cluster_target + manifest: azure_manifest +currentContext: az-target-cluster-admin@az-target-cluster +kind: Config +managementConfiguration: + azure_management_config: + insecure: true + systemActionRetries: 30 + systemRebootDelay: 30 + type: azure + default: + systemActionRetries: 30 + systemRebootDelay: 30 + type: azure +manifests: + azure_manifest: + primaryRepositoryName: primary + repositories: + primary: + checkout: + branch: master + commitHash: "" + force: false + tag: "" + url: https://review.opendev.org/airship/airshipctl + subPath: airshipctl/manifests/site/az-test-site + targetPath: /tmp/airship + default: + primaryRepositoryName: primary + repositories: + primary: + checkout: + branch: master + commitHash: "" + force: false + tag: "" + url: https://opendev.org/airship/treasuremap + subPath: treasuremap/manifests/site + targetPath: /tmp/default +users: + az-target-cluster-admin: {} +``` \ No newline at end of file diff --git a/manifests/function/capz/v0.4.8/certmanager/certificate.yaml b/manifests/function/capz/v0.4.8/certmanager/certificate.yaml new file mode 100644 index 0000000..2c0e245 --- /dev/null +++ b/manifests/function/capz/v0.4.8/certmanager/certificate.yaml @@ -0,0 +1,24 @@ +# The following manifests contain a self-signed issuer CR and a certificate CR. +# More document can be found at https://docs.cert-manager.io +apiVersion: cert-manager.io/v1alpha2 +kind: Issuer +metadata: + name: selfsigned-issuer + namespace: system +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml + namespace: system +spec: + # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize + dnsNames: + - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc + - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local + issuerRef: + kind: Issuer + name: selfsigned-issuer + secretName: $(SERVICE_NAME)-cert diff --git a/manifests/function/capz/v0.4.8/certmanager/kustomization.yaml b/manifests/function/capz/v0.4.8/certmanager/kustomization.yaml new file mode 100644 index 0000000..34e7e5b --- /dev/null +++ b/manifests/function/capz/v0.4.8/certmanager/kustomization.yaml @@ -0,0 +1,4 @@ +resources: + - certificate.yaml +configurations: + - kustomizeconfig.yaml diff --git a/manifests/function/capz/v0.4.8/certmanager/kustomizeconfig.yaml b/manifests/function/capz/v0.4.8/certmanager/kustomizeconfig.yaml new file mode 100644 index 0000000..c6a6c0f --- /dev/null +++ b/manifests/function/capz/v0.4.8/certmanager/kustomizeconfig.yaml @@ -0,0 +1,19 @@ +# This configuration is for teaching kustomize how to update name ref and var substitution +nameReference: + - kind: Issuer + group: cert-manager.io + fieldSpecs: + - kind: Certificate + group: cert-manager.io + path: spec/issuerRef/name + +varReference: + - kind: Certificate + group: cert-manager.io + path: spec/commonName + - kind: Certificate + group: cert-manager.io + path: spec/dnsNames + - kind: Certificate + group: cert-manager.io + path: spec/secretName diff --git a/manifests/function/capz/v0.4.8/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremachinepools.yaml b/manifests/function/capz/v0.4.8/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremachinepools.yaml new file mode 100644 index 0000000..df88ab1 --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremachinepools.yaml @@ -0,0 +1,354 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: azuremachinepools.exp.infrastructure.cluster.x-k8s.io +spec: + group: exp.infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachinePool + listKind: AzureMachinePoolList + plural: azuremachinepools + shortNames: + - amp + singular: azuremachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: AzureMachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: AzureMachinePool replicas count + jsonPath: .status.ready + name: Ready + type: string + - description: Azure VMSS provisioning state + jsonPath: .status.provisioningState + name: State + type: string + - description: Cluster to which this AzureMachinePool belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + priority: 1 + type: string + - description: MachinePool object to which this AzureMachinePool belongs + jsonPath: .metadata.ownerReferences[?(@.kind=="MachinePool")].name + name: MachinePool + priority: 1 + type: string + - description: Azure VMSS ID + jsonPath: .spec.providerID + name: VMSS ID + priority: 1 + type: string + - description: Azure VM Size + jsonPath: .spec.template.vmSize + name: VM Size + priority: 1 + type: string + name: v1alpha3 + schema: + openAPIV3Schema: + description: AzureMachinePool is the Schema for the azuremachinepools API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachinePoolSpec defines the desired state of AzureMachinePool + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the Azure + provider. If both the AzureCluster and the AzureMachine specify + the same tag name with different values, the AzureMachine's value + takes precedence. + type: object + location: + description: Location is the Azure region location e.g. westus2 + type: string + providerID: + description: ProviderID is the identification ID of the Virtual Machine + Scale Set + type: string + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + template: + description: Template contains the details used to build a replica + virtual machine within the Machine Pool + properties: + acceleratedNetworking: + description: AcceleratedNetworking enables or disables Azure accelerated + networking. If omitted, it will be set based on whether the + requested VMSize supports accelerated networking. If AcceleratedNetworking + is set to true with a VMSize that does not support it, Azure + will return an error. + type: boolean + dataDisks: + description: DataDisks specifies the list of data disks to be + created for a Virtual Machine + items: + description: DataDisk specifies the parameters that are used + to add one or more data disks to the machine. + properties: + cachingType: + type: string + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the + data disk. + format: int32 + type: integer + lun: + description: Lun Specifies the logical unit number of the + data disk. This value is used to identify data disks within + the VM and therefore must be unique for each data disk + attached to a VM. The value must be between 0 and 63. + format: int32 + type: integer + nameSuffix: + description: NameSuffix is the suffix to be appended to + the machine name to generate the disk name. Each disk + name will be in format _. + type: string + required: + - diskSizeGB + - nameSuffix + type: object + type: array + image: + description: Image is used to provide details of an image to use + during Virtual Machine creation. If image details are omitted + the image will default the Azure Marketplace "capi" offer, which + is based on Ubuntu. + properties: + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from the + Azure Marketplace + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is published + by a third party publisher and a Plan will be generated + for it. + type: boolean + version: + description: Version specifies the version of an image + sku. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify + 'latest' to use the latest version of an image available + at deploy time. Even if you use 'latest', the VM image + will not automatically update after deploy time even + if a new version becomes available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - thirdPartyImage + - version + type: object + sharedGallery: + description: SharedGallery specifies an image to use from + an Azure Shared Image Gallery + properties: + gallery: + description: Gallery specifies the name of the shared + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + resourceGroup: + description: ResourceGroup specifies the resource group + containing the shared image gallery + minLength: 1 + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or + 'latest'. Major, Minor, and Build are decimal numbers. + Specify 'latest' to use the latest version of an image + available at deploy time. Even if you use 'latest', + the VM image will not automatically update after deploy + time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + osDisk: + description: OSDisk contains the operating system disk information + for a Virtual Machine + properties: + cachingType: + type: string + diffDiskSettings: + description: DiffDiskSettings describe ephemeral disk settings + for the os disk. + properties: + option: + description: Option enables ephemeral OS when set to "Local" + See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks + for full details + enum: + - Local + type: string + required: + - option + type: object + diskSizeGB: + format: int32 + type: integer + managedDisk: + description: ManagedDisk defines the managed disk options + for a VM. + properties: + storageAccountType: + type: string + required: + - storageAccountType + type: object + osType: + type: string + required: + - diskSizeGB + - managedDisk + - osType + type: object + sshPublicKey: + description: SSHPublicKey is the SSH public key string base64 + encoded to add to a Virtual Machine + type: string + terminateNotificationTimeout: + description: TerminateNotificationTimeout enables or disables + VMSS scheduled events termination notification with specified + timeout allowed values are between 5 and 15 (mins) + type: integer + vmSize: + description: VMSize is the size of the Virtual Machine to build. + See https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/createorupdate#virtualmachinesizetypes + type: string + required: + - osDisk + - sshPublicKey + - vmSize + type: object + required: + - location + - template + type: object + status: + description: AzureMachinePoolStatus defines the observed state of AzureMachinePool + properties: + failureMessage: + description: "ErrorMessage will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + failureReason: + description: "ErrorReason will be set in the event that there is a + terminal problem reconciling the MachinePool and will contain a + succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + provisioningState: + description: ProvisioningState is the provisioning state of the Azure + virtual machine. + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/capz/v0.4.8/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedclusters.yaml b/manifests/function/capz/v0.4.8/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedclusters.yaml new file mode 100644 index 0000000..fd59019 --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedclusters.yaml @@ -0,0 +1,77 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: azuremanagedclusters.exp.infrastructure.cluster.x-k8s.io +spec: + group: exp.infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedCluster + listKind: AzureManagedClusterList + plural: azuremanagedclusters + shortNames: + - amc + singular: azuremanagedcluster + scope: Namespaced + versions: + - name: v1alpha3 + schema: + openAPIV3Schema: + description: AzureManagedCluster is the Schema for the azuremanagedclusters + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedClusterSpec defines the desired state of AzureManagedCluster + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + type: object + status: + description: AzureManagedClusterStatus defines the observed state of AzureManagedCluster + properties: + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/capz/v0.4.8/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml b/manifests/function/capz/v0.4.8/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml new file mode 100644 index 0000000..b2ff493 --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml @@ -0,0 +1,151 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: azuremanagedcontrolplanes.exp.infrastructure.cluster.x-k8s.io +spec: + group: exp.infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedControlPlane + listKind: AzureManagedControlPlaneList + plural: azuremanagedcontrolplanes + shortNames: + - amcp + singular: azuremanagedcontrolplane + scope: Namespaced + versions: + - name: v1alpha3 + schema: + openAPIV3Schema: + description: AzureManagedControlPlane is the Schema for the azuremanagedcontrolplanes + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedControlPlaneSpec defines the desired state of + AzureManagedControlPlane + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to Azure + resources managed by the Azure provider, in addition to the ones + added by default. + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + defaultPoolRef: + description: DefaultPoolRef is the specification for the default pool, + without which an AKS cluster cannot be created. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + dnsServiceIP: + description: DNSServiceIP is an IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address range + specified in serviceCidr. + type: string + loadBalancerSKU: + description: LoadBalancerSKU is the SKU of the loadBalancer to be + provisioned. + enum: + - Basic + - Standard + type: string + location: + description: 'Location is a string matching one of the canonical Azure + region names. Examples: "westus2", "eastus".' + type: string + networkPlugin: + description: NetworkPlugin used for building Kubernetes network. + enum: + - azure + - kubenet + type: string + networkPolicy: + description: NetworkPolicy used for building Kubernetes network. + enum: + - azure + - calico + type: string + resourceGroup: + description: ResourceGroup is the name of the Azure resource group + for this AKS Cluster. + type: string + sshPublicKey: + description: SSHPublicKey is a string literal containing an ssh public + key base64 encoded. + type: string + subscriptionID: + description: SubscriotionID is the GUID of the Azure subscription + to hold this cluster. + type: string + version: + description: Version defines the desired Kubernetes version. + minLength: 2 + type: string + required: + - defaultPoolRef + - location + - resourceGroup + - sshPublicKey + - version + type: object + status: + description: AzureManagedControlPlaneStatus defines the observed state + of AzureManagedControlPlane + properties: + initialized: + description: Initialized is true when the the control plane is available + for initial contact. This may occur before the control plane is + fully ready. In the AzureManagedControlPlane implementation, these + are identical. + type: boolean + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/capz/v0.4.8/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedmachinepools.yaml b/manifests/function/capz/v0.4.8/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedmachinepools.yaml new file mode 100644 index 0000000..51727ab --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedmachinepools.yaml @@ -0,0 +1,95 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: azuremanagedmachinepools.exp.infrastructure.cluster.x-k8s.io +spec: + group: exp.infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedMachinePool + listKind: AzureManagedMachinePoolList + plural: azuremanagedmachinepools + shortNames: + - ammp + singular: azuremanagedmachinepool + scope: Namespaced + versions: + - name: v1alpha3 + schema: + openAPIV3Schema: + description: AzureManagedMachinePool is the Schema for the azuremanagedmachinepools + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedMachinePoolSpec defines the desired state of + AzureManagedMachinePool + properties: + osDiskSizeGB: + description: OSDiskSizeGB is the disk size for every machine in this + agent pool. If you specify 0, it will apply the default osDisk size + according to the vmSize specified. + format: int32 + type: integer + providerIDList: + description: ProviderIDList is the unique identifier as specified + by the cloud provider. + items: + type: string + type: array + sku: + description: SKU is the size of the VMs in the node pool. + type: string + required: + - sku + type: object + status: + description: AzureManagedMachinePoolStatus defines the observed state + of AzureManagedMachinePool + properties: + errorMessage: + description: Any transient errors that occur during the reconciliation + of Machines can be added as events to the Machine object and/or + logged in the controller's output. + type: string + errorReason: + description: Any transient errors that occur during the reconciliation + of Machines can be added as events to the Machine object and/or + logged in the controller's output. + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/capz/v0.4.8/crd/bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml b/manifests/function/capz/v0.4.8/crd/bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml new file mode 100644 index 0000000..5e60eae --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml @@ -0,0 +1,743 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: azureclusters.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureCluster + listKind: AzureClusterList + plural: azureclusters + singular: azurecluster + scope: Namespaced + versions: + - name: v1alpha2 + schema: + openAPIV3Schema: + description: AzureCluster is the Schema for the azureclusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureClusterSpec defines the desired state of AzureCluster + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to Azure + resources managed by the Azure provider, in addition to the ones + added by default. + type: object + location: + type: string + networkSpec: + description: NetworkSpec encapsulates all things related to Azure + network. + properties: + subnets: + description: Subnets is the configuration for the control-plane + subnet and the node subnet. + items: + description: SubnetSpec configures an Azure subnet. + properties: + cidrBlock: + description: CidrBlock is the CIDR block to be used when + the provider creates a managed Vnet. + type: string + id: + description: ID defines a unique identifier to reference + this resource. + type: string + internalLBIPAddress: + description: InternalLBIPAddress is the IP address that + will be used as the internal LB private IP. For the control + plane subnet only. + type: string + name: + description: Name defines a name for the subnet resource. + type: string + role: + description: Role defines the subnet role (eg. Node, ControlPlane) + type: string + securityGroup: + description: SecurityGroup defines the NSG (network security + group) that should be attached to this subnet. + properties: + id: + type: string + ingressRule: + description: IngressRules is a slice of Azure ingress + rules for security groups. + items: + description: IngressRule defines an Azure ingress + rule for security groups. + properties: + description: + type: string + destination: + description: Destination - The destination address + prefix. CIDR or destination IP range. Asterix + '*' can also be used to match all source IPs. + Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. + type: string + destinationPorts: + description: DestinationPorts - The destination + port or range. Integer or range between 0 and + 65535. Asterix '*' can also be used to match + all ports. + type: string + protocol: + description: SecurityGroupProtocol defines the + protocol type for a security group rule. + type: string + source: + description: Source - The CIDR or source IP range. + Asterix '*' can also be used to match all source + IPs. Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' can also + be used. If this is an ingress rule, specifies + where network traffic originates from. + type: string + sourcePorts: + description: SourcePorts - The source port or + range. Integer or range between 0 and 65535. + Asterix '*' can also be used to match all ports. + type: string + required: + - description + - protocol + type: object + type: array + name: + type: string + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + type: object + required: + - name + type: object + type: array + vnet: + description: Vnet is the configuration for the Azure virtual network. + properties: + cidrBlock: + description: CidrBlock is the CIDR block to be used when the + provider creates a managed virtual network. + type: string + id: + description: ID is the identifier of the virtual network this + provider should use to create resources. + type: string + name: + description: Name defines a name for the virtual network resource. + type: string + resourceGroup: + description: ResourceGroup is the name of the resource group + of the existing virtual network or the resource group where + a managed virtual network should be created. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the resource. + type: object + required: + - name + type: object + type: object + resourceGroup: + type: string + required: + - location + - resourceGroup + type: object + status: + description: AzureClusterStatus defines the observed state of AzureCluster + properties: + apiEndpoints: + description: APIEndpoints represents the endpoints to communicate + with the control plane. + items: + description: APIEndpoint represents a reachable Kubernetes API endpoint. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + type: integer + required: + - host + - port + type: object + type: array + bastion: + description: VM describes an Azure virtual machine. + properties: + addresses: + description: Addresses contains the Azure instance associated + addresses. + items: + description: NodeAddress contains information for the node's + address. + properties: + address: + description: The node address. + type: string + type: + description: Node address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + availabilityZone: + type: string + id: + type: string + identity: + description: VMIdentity defines the identity of the virtual machine, + if configured. + type: string + image: + description: Storage profile + properties: + gallery: + type: string + id: + type: string + name: + type: string + offer: + type: string + publisher: + type: string + resourceGroup: + type: string + sku: + type: string + subscriptionID: + type: string + version: + type: string + type: object + name: + type: string + osDisk: + properties: + diskSizeGB: + format: int32 + type: integer + managedDisk: + properties: + storageAccountType: + type: string + required: + - storageAccountType + type: object + osType: + type: string + required: + - diskSizeGB + - managedDisk + - osType + type: object + startupScript: + type: string + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + vmSize: + description: Hardware profile + type: string + vmState: + description: State - The provisioning state, which only appears + in the response. + type: string + type: object + network: + description: Network encapsulates Azure networking resources. + properties: + apiServerIp: + description: APIServerIP is the Kubernetes API server public IP + address. + properties: + dnsName: + type: string + id: + type: string + ipAddress: + type: string + name: + type: string + type: object + apiServerLb: + description: APIServerLB is the Kubernetes API server load balancer. + properties: + backendPool: + properties: + id: + type: string + name: + type: string + type: object + frontendIpConfig: + type: object + id: + type: string + name: + type: string + sku: + description: LoadBalancerSKU enumerates the values for load + balancer sku name. + type: string + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + type: object + securityGroups: + additionalProperties: + description: SecurityGroup defines an Azure security group. + properties: + id: + type: string + ingressRule: + description: IngressRules is a slice of Azure ingress rules + for security groups. + items: + description: IngressRule defines an Azure ingress rule + for security groups. + properties: + description: + type: string + destination: + description: Destination - The destination address + prefix. CIDR or destination IP range. Asterix '*' + can also be used to match all source IPs. Default + tags such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. + type: string + destinationPorts: + description: DestinationPorts - The destination port + or range. Integer or range between 0 and 65535. + Asterix '*' can also be used to match all ports. + type: string + protocol: + description: SecurityGroupProtocol defines the protocol + type for a security group rule. + type: string + source: + description: Source - The CIDR or source IP range. + Asterix '*' can also be used to match all source + IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. If this is an ingress + rule, specifies where network traffic originates + from. + type: string + sourcePorts: + description: SourcePorts - The source port or range. + Integer or range between 0 and 65535. Asterix '*' + can also be used to match all ports. + type: string + required: + - description + - protocol + type: object + type: array + name: + type: string + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + type: object + description: SecurityGroups is a map from the role/kind of the + security group to its unique name, if any. + type: object + type: object + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster to which this AzureCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - jsonPath: .status.ready + name: Ready + type: boolean + - jsonPath: .spec.resourceGroup + name: Resource Group + priority: 1 + type: string + - jsonPath: .spec.subscriptionID + name: SubscriptionID + priority: 1 + type: string + - jsonPath: .spec.location + name: Location + priority: 1 + type: string + - description: Control Plane Endpoint + jsonPath: .spec.controlPlaneEndpoint.host + name: Endpoint + priority: 1 + type: string + name: v1alpha3 + schema: + openAPIV3Schema: + description: AzureCluster is the Schema for the azureclusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureClusterSpec defines the desired state of AzureCluster + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to Azure + resources managed by the Azure provider, in addition to the ones + added by default. + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + location: + type: string + networkSpec: + description: NetworkSpec encapsulates all things related to Azure + network. + properties: + subnets: + description: Subnets is the configuration for the control-plane + subnet and the node subnet. + items: + description: SubnetSpec configures an Azure subnet. + properties: + cidrBlock: + description: CidrBlock is the CIDR block to be used when + the provider creates a managed Vnet. + type: string + id: + description: ID defines a unique identifier to reference + this resource. + type: string + internalLBIPAddress: + description: InternalLBIPAddress is the IP address that + will be used as the internal LB private IP. For the control + plane subnet only. + type: string + name: + description: Name defines a name for the subnet resource. + type: string + role: + description: Role defines the subnet role (eg. Node, ControlPlane) + type: string + routeTable: + description: RouteTable defines the route table that should + be attached to this subnet. + properties: + id: + type: string + name: + type: string + type: object + securityGroup: + description: SecurityGroup defines the NSG (network security + group) that should be attached to this subnet. + properties: + id: + type: string + ingressRule: + description: IngressRules is a slice of Azure ingress + rules for security groups. + items: + description: IngressRule defines an Azure ingress + rule for security groups. + properties: + description: + type: string + destination: + description: Destination - The destination address + prefix. CIDR or destination IP range. Asterix + '*' can also be used to match all source IPs. + Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. + type: string + destinationPorts: + description: DestinationPorts - The destination + port or range. Integer or range between 0 and + 65535. Asterix '*' can also be used to match + all ports. + type: string + name: + type: string + priority: + description: Priority - A number between 100 and + 4096. Each rule should have a unique value for + priority. Rules are processed in priority order, + with lower numbers processed before higher numbers. + Once traffic matches a rule, processing stops. + format: int32 + type: integer + protocol: + description: SecurityGroupProtocol defines the + protocol type for a security group rule. + type: string + source: + description: Source - The CIDR or source IP range. + Asterix '*' can also be used to match all source + IPs. Default tags such as 'VirtualNetwork', + 'AzureLoadBalancer' and 'Internet' can also + be used. If this is an ingress rule, specifies + where network traffic originates from. + type: string + sourcePorts: + description: SourcePorts - The source port or + range. Integer or range between 0 and 65535. + Asterix '*' can also be used to match all ports. + type: string + required: + - description + - name + - protocol + type: object + type: array + name: + type: string + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + type: object + required: + - name + type: object + type: array + vnet: + description: Vnet is the configuration for the Azure virtual network. + properties: + cidrBlock: + description: CidrBlock is the CIDR block to be used when the + provider creates a managed virtual network. + type: string + id: + description: ID is the identifier of the virtual network this + provider should use to create resources. + type: string + name: + description: Name defines a name for the virtual network resource. + type: string + resourceGroup: + description: ResourceGroup is the name of the resource group + of the existing virtual network or the resource group where + a managed virtual network should be created. + type: string + tags: + additionalProperties: + type: string + description: Tags is a collection of tags describing the resource. + type: object + required: + - name + type: object + type: object + resourceGroup: + type: string + subscriptionID: + type: string + required: + - location + type: object + status: + description: AzureClusterStatus defines the observed state of AzureCluster + properties: + conditions: + description: Conditions defines current service state of the AzureCluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: 'FailureDomains specifies the list of unique failure + domains for the location/region of the cluster. A FailureDomain + maps to Availability Zone with an Azure Region (if the region support + them). An Availability Zone is a separate data center within a region + and they can be used to ensure the cluster is more resilient to + failure. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview + This list will be used by Cluster API to try and spread the machines + across the failure domains.' + type: object + network: + description: Network encapsulates the state of Azure networking resources. + properties: + apiServerIp: + description: APIServerIP is the Kubernetes API server public IP + address. + properties: + dnsName: + type: string + id: + type: string + ipAddress: + type: string + name: + type: string + type: object + apiServerLb: + description: APIServerLB is the Kubernetes API server load balancer. + properties: + backendPool: + description: BackendPool defines a load balancer backend pool + properties: + id: + type: string + name: + type: string + type: object + frontendIpConfig: + description: FrontendIPConfig - DO NOT USE this empty struct + is here to preserve backwards compatibility and should be + removed in v1alpha4 + type: object + id: + type: string + name: + type: string + sku: + description: SKU defines an Azure load balancer SKU. + type: string + tags: + additionalProperties: + type: string + description: Tags defines a map of tags. + type: object + type: object + type: object + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/capz/v0.4.8/crd/bases/infrastructure.cluster.x-k8s.io_azuremachines.yaml b/manifests/function/capz/v0.4.8/crd/bases/infrastructure.cluster.x-k8s.io_azuremachines.yaml new file mode 100644 index 0000000..8b10d09 --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/bases/infrastructure.cluster.x-k8s.io_azuremachines.yaml @@ -0,0 +1,597 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: azuremachines.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachine + listKind: AzureMachineList + plural: azuremachines + singular: azuremachine + scope: Namespaced + versions: + - name: v1alpha2 + schema: + openAPIV3Schema: + description: AzureMachine is the Schema for the azuremachines API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachineSpec defines the desired state of AzureMachine + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the Azure + provider. If both the AzureCluster and the AzureMachine specify + the same tag name with different values, the AzureMachine's value + takes precedence. + type: object + allocatePublicIP: + description: AllocatePublicIP allows the ability to create dynamic + public ips for machines where this value is true. + type: boolean + availabilityZone: + properties: + enabled: + type: boolean + id: + type: string + type: object + image: + description: 'Image defines information about the image to use for + VM creation. There are three ways to specify an image: by ID, by + publisher, or by Shared Image Gallery. If specifying an image by + ID, only the ID field needs to be set. If specifying an image by + publisher, the Publisher, Offer, SKU, and Version fields must be + set. If specifying an image from a Shared Image Gallery, the SubscriptionID, + ResourceGroup, Gallery, Name, and Version fields must be set.' + properties: + gallery: + type: string + id: + type: string + name: + type: string + offer: + type: string + publisher: + type: string + resourceGroup: + type: string + sku: + type: string + subscriptionID: + type: string + version: + type: string + type: object + location: + type: string + osDisk: + properties: + diskSizeGB: + format: int32 + type: integer + managedDisk: + properties: + storageAccountType: + type: string + required: + - storageAccountType + type: object + osType: + type: string + required: + - diskSizeGB + - managedDisk + - osType + type: object + providerID: + description: ProviderID is the unique identifier as specified by the + cloud provider. + type: string + sshPublicKey: + type: string + vmSize: + type: string + required: + - location + - osDisk + - sshPublicKey + - vmSize + type: object + status: + description: AzureMachineStatus defines the observed state of AzureMachine + properties: + addresses: + description: Addresses contains the Azure instance associated addresses. + items: + description: NodeAddress contains information for the node's address. + properties: + address: + description: The node address. + type: string + type: + description: Node address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + errorMessage: + description: "ErrorMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + errorReason: + description: "ErrorReason will be set in the event that there is a + terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + vmState: + description: VMState is the provisioning state of the Azure virtual + machine. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: AzureMachine ready status + jsonPath: .status.ready + name: Ready + type: string + - description: Azure VM provisioning state + jsonPath: .status.vmState + name: State + type: string + - description: Cluster to which this AzureMachine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + priority: 1 + type: string + - description: Machine object to which this AzureMachine belongs + jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name + name: Machine + priority: 1 + type: string + - description: Azure VM ID + jsonPath: .spec.providerID + name: VM ID + priority: 1 + type: string + - description: Azure VM Size + jsonPath: .spec.vmSize + name: VM Size + priority: 1 + type: string + name: v1alpha3 + schema: + openAPIV3Schema: + description: AzureMachine is the Schema for the azuremachines API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachineSpec defines the desired state of AzureMachine + properties: + acceleratedNetworking: + description: AcceleratedNetworking enables or disables Azure accelerated + networking. If omitted, it will be set based on whether the requested + VMSize supports accelerated networking. If AcceleratedNetworking + is set to true with a VMSize that does not support it, Azure will + return an error. + type: boolean + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the Azure + provider. If both the AzureCluster and the AzureMachine specify + the same tag name with different values, the AzureMachine's value + takes precedence. + type: object + allocatePublicIP: + description: AllocatePublicIP allows the ability to create dynamic + public ips for machines where this value is true. + type: boolean + availabilityZone: + description: 'DEPRECATED: use FailureDomain instead' + properties: + enabled: + type: boolean + id: + type: string + type: object + dataDisks: + description: DataDisk specifies the parameters that are used to add + one or more data disks to the machine + items: + description: DataDisk specifies the parameters that are used to + add one or more data disks to the machine. + properties: + cachingType: + type: string + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the data + disk. + format: int32 + type: integer + lun: + description: Lun Specifies the logical unit number of the data + disk. This value is used to identify data disks within the + VM and therefore must be unique for each data disk attached + to a VM. The value must be between 0 and 63. + format: int32 + type: integer + nameSuffix: + description: NameSuffix is the suffix to be appended to the + machine name to generate the disk name. Each disk name will + be in format _. + type: string + required: + - diskSizeGB + - nameSuffix + type: object + type: array + failureDomain: + description: FailureDomain is the failure domain unique identifier + this Machine should be attached to, as defined in Cluster API. This + relates to an Azure Availability Zone + type: string + identity: + default: None + description: Identity is the type of identity used for the virtual + machine. The type 'SystemAssigned' is an implicitly created identity. + The generated identity will be assigned a Subscription contributor + role. The type 'UserAssigned' is a standalone Azure resource provided + by the user and assigned to the VM + enum: + - None + - SystemAssigned + - UserAssigned + type: string + image: + description: Image is used to provide details of an image to use during + VM creation. If image details are omitted the image will default + the Azure Marketplace "capi" offer, which is based on Ubuntu. + properties: + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from the Azure + Marketplace + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization that + created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such as + a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is published + by a third party publisher and a Plan will be generated + for it. + type: boolean + version: + description: Version specifies the version of an image sku. + The allowed formats are Major.Minor.Build or 'latest'. Major, + Minor, and Build are decimal numbers. Specify 'latest' to + use the latest version of an image available at deploy time. + Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - thirdPartyImage + - version + type: object + sharedGallery: + description: SharedGallery specifies an image to use from an Azure + Shared Image Gallery + properties: + gallery: + description: Gallery specifies the name of the shared image + gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + resourceGroup: + description: ResourceGroup specifies the resource group containing + the shared image gallery + minLength: 1 + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify 'latest' + to use the latest version of an image available at deploy + time. Even if you use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + location: + description: 'DEPRECATED: to support old clients, will be removed + in v1alpha4' + type: string + osDisk: + description: OSDisk specifies the parameters for the operating system + disk of the machine + properties: + cachingType: + type: string + diffDiskSettings: + description: DiffDiskSettings describe ephemeral disk settings + for the os disk. + properties: + option: + description: Option enables ephemeral OS when set to "Local" + See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks + for full details + enum: + - Local + type: string + required: + - option + type: object + diskSizeGB: + format: int32 + type: integer + managedDisk: + description: ManagedDisk defines the managed disk options for + a VM. + properties: + storageAccountType: + type: string + required: + - storageAccountType + type: object + osType: + type: string + required: + - diskSizeGB + - managedDisk + - osType + type: object + providerID: + description: ProviderID is the unique identifier as specified by the + cloud provider. + type: string + spotVMOptions: + description: SpotVMOptions allows the ability to specify the Machine + should use a Spot VM + properties: + maxPrice: + description: MaxPrice defines the maximum price the user is willing + to pay for Spot VM instances + type: number + type: object + sshPublicKey: + type: string + userAssignedIdentities: + description: UserAssignedIdentities is a list of standalone Azure + identities provided by the user The lifecycle of a user-assigned + identity is managed separately from the lifecycle of the AzureMachine. + items: + description: UserAssignedIdentity defines the user-assigned identities + provided by the user to be assigned to Azure resources. + properties: + providerID: + description: 'ProviderID is the identification ID of the user-assigned + Identity, the format of an identity is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''' + type: string + required: + - providerID + type: object + type: array + vmSize: + type: string + required: + - location + - osDisk + - sshPublicKey + - vmSize + type: object + status: + description: AzureMachineStatus defines the observed state of AzureMachine + properties: + addresses: + description: Addresses contains the Azure instance associated addresses. + items: + description: NodeAddress contains information for the node's address. + properties: + address: + description: The node address. + type: string + type: + description: Node address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the AzureMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: "ErrorMessage will be set in the event that there is + a terminal problem reconciling the Machine and will contain a more + verbose string suitable for logging and human consumption. \n This + field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the Machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of Machines can be added as events + to the Machine object and/or logged in the controller's output." + type: string + failureReason: + description: "ErrorReason will be set in the event that there is a + terminal problem reconciling the Machine and will contain a succinct + value suitable for machine interpretation. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with + the Machine's spec or the configuration of the controller, and that + manual intervention is required. Examples of terminal errors would + be invalid combinations of settings in the spec, values that are + unsupported by the controller, or the responsible controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to + the Machine object and/or logged in the controller's output." + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + vmState: + description: VMState is the provisioning state of the Azure virtual + machine. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/capz/v0.4.8/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml b/manifests/function/capz/v0.4.8/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml new file mode 100644 index 0000000..8d9ecc4 --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml @@ -0,0 +1,446 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: azuremachinetemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachineTemplate + listKind: AzureMachineTemplateList + plural: azuremachinetemplates + singular: azuremachinetemplate + scope: Namespaced + versions: + - name: v1alpha2 + schema: + openAPIV3Schema: + description: AzureMachineTemplate is the Schema for the azuremachinetemplates + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachineTemplateSpec defines the desired state of AzureMachineTemplate + properties: + template: + description: AzureMachineTemplateResource describes the data needed + to create am AzureMachine from a template + properties: + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to an instance, in addition to the ones added by default + by the Azure provider. If both the AzureCluster and the + AzureMachine specify the same tag name with different values, + the AzureMachine's value takes precedence. + type: object + allocatePublicIP: + description: AllocatePublicIP allows the ability to create + dynamic public ips for machines where this value is true. + type: boolean + availabilityZone: + properties: + enabled: + type: boolean + id: + type: string + type: object + image: + description: 'Image defines information about the image to + use for VM creation. There are three ways to specify an + image: by ID, by publisher, or by Shared Image Gallery. + If specifying an image by ID, only the ID field needs to + be set. If specifying an image by publisher, the Publisher, + Offer, SKU, and Version fields must be set. If specifying + an image from a Shared Image Gallery, the SubscriptionID, + ResourceGroup, Gallery, Name, and Version fields must be + set.' + properties: + gallery: + type: string + id: + type: string + name: + type: string + offer: + type: string + publisher: + type: string + resourceGroup: + type: string + sku: + type: string + subscriptionID: + type: string + version: + type: string + type: object + location: + type: string + osDisk: + properties: + diskSizeGB: + format: int32 + type: integer + managedDisk: + properties: + storageAccountType: + type: string + required: + - storageAccountType + type: object + osType: + type: string + required: + - diskSizeGB + - managedDisk + - osType + type: object + providerID: + description: ProviderID is the unique identifier as specified + by the cloud provider. + type: string + sshPublicKey: + type: string + vmSize: + type: string + required: + - location + - osDisk + - sshPublicKey + - vmSize + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: false + - name: v1alpha3 + schema: + openAPIV3Schema: + description: AzureMachineTemplate is the Schema for the azuremachinetemplates + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachineTemplateSpec defines the desired state of AzureMachineTemplate + properties: + template: + description: AzureMachineTemplateResource describes the data needed + to create an AzureMachine from a template + properties: + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + acceleratedNetworking: + description: AcceleratedNetworking enables or disables Azure + accelerated networking. If omitted, it will be set based + on whether the requested VMSize supports accelerated networking. + If AcceleratedNetworking is set to true with a VMSize that + does not support it, Azure will return an error. + type: boolean + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to + add to an instance, in addition to the ones added by default + by the Azure provider. If both the AzureCluster and the + AzureMachine specify the same tag name with different values, + the AzureMachine's value takes precedence. + type: object + allocatePublicIP: + description: AllocatePublicIP allows the ability to create + dynamic public ips for machines where this value is true. + type: boolean + availabilityZone: + description: 'DEPRECATED: use FailureDomain instead' + properties: + enabled: + type: boolean + id: + type: string + type: object + dataDisks: + description: DataDisk specifies the parameters that are used + to add one or more data disks to the machine + items: + description: DataDisk specifies the parameters that are + used to add one or more data disks to the machine. + properties: + cachingType: + type: string + diskSizeGB: + description: DiskSizeGB is the size in GB to assign + to the data disk. + format: int32 + type: integer + lun: + description: Lun Specifies the logical unit number of + the data disk. This value is used to identify data + disks within the VM and therefore must be unique for + each data disk attached to a VM. The value must be + between 0 and 63. + format: int32 + type: integer + nameSuffix: + description: NameSuffix is the suffix to be appended + to the machine name to generate the disk name. Each + disk name will be in format _. + type: string + required: + - diskSizeGB + - nameSuffix + type: object + type: array + failureDomain: + description: FailureDomain is the failure domain unique identifier + this Machine should be attached to, as defined in Cluster + API. This relates to an Azure Availability Zone + type: string + identity: + default: None + description: Identity is the type of identity used for the + virtual machine. The type 'SystemAssigned' is an implicitly + created identity. The generated identity will be assigned + a Subscription contributor role. The type 'UserAssigned' + is a standalone Azure resource provided by the user and + assigned to the VM + enum: + - None + - SystemAssigned + - UserAssigned + type: string + image: + description: Image is used to provide details of an image + to use during VM creation. If image details are omitted + the image will default the Azure Marketplace "capi" offer, + which is based on Ubuntu. + properties: + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from + the Azure Marketplace + properties: + offer: + description: Offer specifies the name of a group of + related images created by the publisher. For example, + UbuntuServer, WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, + such as a major release of a distribution. For example, + 18.04-LTS, 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is + published by a third party publisher and a Plan + will be generated for it. + type: boolean + version: + description: Version specifies the version of an image + sku. The allowed formats are Major.Minor.Build or + 'latest'. Major, Minor, and Build are decimal numbers. + Specify 'latest' to use the latest version of an + image available at deploy time. Even if you use + 'latest', the VM image will not automatically update + after deploy time even if a new version becomes + available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - thirdPartyImage + - version + type: object + sharedGallery: + description: SharedGallery specifies an image to use from + an Azure Shared Image Gallery + properties: + gallery: + description: Gallery specifies the name of the shared + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + resourceGroup: + description: ResourceGroup specifies the resource + group containing the shared image gallery + minLength: 1 + type: string + subscriptionID: + description: SubscriptionID is the identifier of the + subscription that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the + marketplace image. The allowed formats are Major.Minor.Build + or 'latest'. Major, Minor, and Build are decimal + numbers. Specify 'latest' to use the latest version + of an image available at deploy time. Even if you + use 'latest', the VM image will not automatically + update after deploy time even if a new version becomes + available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + location: + description: 'DEPRECATED: to support old clients, will be + removed in v1alpha4' + type: string + osDisk: + description: OSDisk specifies the parameters for the operating + system disk of the machine + properties: + cachingType: + type: string + diffDiskSettings: + description: DiffDiskSettings describe ephemeral disk + settings for the os disk. + properties: + option: + description: Option enables ephemeral OS when set + to "Local" See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks + for full details + enum: + - Local + type: string + required: + - option + type: object + diskSizeGB: + format: int32 + type: integer + managedDisk: + description: ManagedDisk defines the managed disk options + for a VM. + properties: + storageAccountType: + type: string + required: + - storageAccountType + type: object + osType: + type: string + required: + - diskSizeGB + - managedDisk + - osType + type: object + providerID: + description: ProviderID is the unique identifier as specified + by the cloud provider. + type: string + spotVMOptions: + description: SpotVMOptions allows the ability to specify the + Machine should use a Spot VM + properties: + maxPrice: + description: MaxPrice defines the maximum price the user + is willing to pay for Spot VM instances + type: number + type: object + sshPublicKey: + type: string + userAssignedIdentities: + description: UserAssignedIdentities is a list of standalone + Azure identities provided by the user The lifecycle of a + user-assigned identity is managed separately from the lifecycle + of the AzureMachine. + items: + description: UserAssignedIdentity defines the user-assigned + identities provided by the user to be assigned to Azure + resources. + properties: + providerID: + description: 'ProviderID is the identification ID of + the user-assigned Identity, the format of an identity + is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''' + type: string + required: + - providerID + type: object + type: array + vmSize: + type: string + required: + - location + - osDisk + - sshPublicKey + - vmSize + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/capz/v0.4.8/crd/kustomization.yaml b/manifests/function/capz/v0.4.8/crd/kustomization.yaml new file mode 100644 index 0000000..8cf3f4d --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/kustomization.yaml @@ -0,0 +1,43 @@ +# This kustomization.yaml is not intended to be run by itself, +# since it depends on service name and namespace that are out of this kustomize package. +# It should be run by config/ +commonLabels: + cluster.x-k8s.io/v1alpha3: v1alpha3 + +resources: + - bases/infrastructure.cluster.x-k8s.io_azuremachines.yaml + - bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml + - bases/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml + - bases/exp.infrastructure.cluster.x-k8s.io_azuremachinepools.yaml + - bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedmachinepools.yaml + - bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedclusters.yaml + - bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml +# +kubebuilder:scaffold:crdkustomizeresource + + +patchesStrategicMerge: + # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. + # patches here are for enabling the conversion webhook for each CRD + - patches/webhook_in_azuremachines.yaml + - patches/webhook_in_azureclusters.yaml + - patches/webhook_in_azuremachinetemplates.yaml + - patches/webhook_in_azuremachinepools.yaml + # - patches/webhook_in_azuremanagedmachinepools.yaml + # - patches/webhook_in_azuremanagedclusters.yaml + # - patches/webhook_in_azuremanagedcontrolplanes.yaml + # +kubebuilder:scaffold:crdkustomizewebhookpatch + + # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. + # patches here are for enabling the CA injection for each CRD + - patches/cainjection_in_azuremachines.yaml + - patches/cainjection_in_azureclusters.yaml + - patches/cainjection_in_azuremachinetemplates.yaml + - patches/cainjection_in_azuremachinepools.yaml + # - patches/cainjection_in_azuremanagedmachinepools.yaml + # - patches/cainjection_in_azuremanagedclusters.yaml + # - patches/cainjection_in_azuremanagedcontrolplanes.yaml +# +kubebuilder:scaffold:crdkustomizecainjectionpatch + +# the following config is for teaching kustomize how to do kustomization for CRDs. +configurations: + - kustomizeconfig.yaml diff --git a/manifests/function/capz/v0.4.8/crd/kustomizeconfig.yaml b/manifests/function/capz/v0.4.8/crd/kustomizeconfig.yaml new file mode 100644 index 0000000..8e2d8d6 --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/kustomizeconfig.yaml @@ -0,0 +1,17 @@ +# This file is for teaching kustomize how to substitute name and namespace reference in CRD +nameReference: +- kind: Service + version: v1 + fieldSpecs: + - kind: CustomResourceDefinition + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/name + +namespace: +- kind: CustomResourceDefinition + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/namespace + create: false + +varReference: +- path: metadata/annotations diff --git a/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azureclusters.yaml b/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azureclusters.yaml new file mode 100644 index 0000000..fbe2931 --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azureclusters.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: azureclusters.infrastructure.cluster.x-k8s.io diff --git a/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremachinepools.yaml b/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremachinepools.yaml new file mode 100644 index 0000000..1a7f89e --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremachinepools.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: azuremachinepools.exp.infrastructure.cluster.x-k8s.io diff --git a/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremachines.yaml b/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremachines.yaml new file mode 100644 index 0000000..b844976 --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremachines.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: azuremachines.infrastructure.cluster.x-k8s.io diff --git a/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremachinetemplates.yaml b/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremachinetemplates.yaml new file mode 100644 index 0000000..ab5d0b4 --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremachinetemplates.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: azuremachinetemplates.infrastructure.cluster.x-k8s.io diff --git a/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremanagedclusters.yaml b/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremanagedclusters.yaml new file mode 100644 index 0000000..9c6698e --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremanagedclusters.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: azuremanagedclusters.exp.infrastructure.cluster.x-k8s.io diff --git a/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremanagedcontrolplanes.yaml b/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremanagedcontrolplanes.yaml new file mode 100644 index 0000000..39c2885 --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremanagedcontrolplanes.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: azuremanagedcontrolplanes.exp.infrastructure.cluster.x-k8s.io diff --git a/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremanagedmachinepools.yaml b/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremanagedmachinepools.yaml new file mode 100644 index 0000000..4a31400 --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremanagedmachinepools.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: azuremanagedmachinepools.exp.infrastructure.cluster.x-k8s.io diff --git a/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azureclusters.yaml b/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azureclusters.yaml new file mode 100644 index 0000000..aef170d --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azureclusters.yaml @@ -0,0 +1,19 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: azureclusters.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert \ No newline at end of file diff --git a/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremachinepools.yaml b/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremachinepools.yaml new file mode 100644 index 0000000..d15c828 --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremachinepools.yaml @@ -0,0 +1,19 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: azuremachinepools.exp.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremachines.yaml b/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremachines.yaml new file mode 100644 index 0000000..99b86bd --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremachines.yaml @@ -0,0 +1,19 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: azuremachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert \ No newline at end of file diff --git a/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremachinetemplates.yaml b/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremachinetemplates.yaml new file mode 100644 index 0000000..7172830 --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremachinetemplates.yaml @@ -0,0 +1,19 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: azuremachinetemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert \ No newline at end of file diff --git a/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremanagedclusters.yaml b/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremanagedclusters.yaml new file mode 100644 index 0000000..b31cf18 --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremanagedclusters.yaml @@ -0,0 +1,19 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: azuremanagedclusters.exp.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert \ No newline at end of file diff --git a/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremanagedcontrolplanes.yaml b/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremanagedcontrolplanes.yaml new file mode 100644 index 0000000..ff148a4 --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremanagedcontrolplanes.yaml @@ -0,0 +1,19 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: azuremanagedcontrolplanes.exp.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremanagedmachinepools.yaml b/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremanagedmachinepools.yaml new file mode 100644 index 0000000..f03a7a2 --- /dev/null +++ b/manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremanagedmachinepools.yaml @@ -0,0 +1,19 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: azuremanagedmachinepools.exp.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/manifests/function/capz/v0.4.8/default/cloud_environment.yaml b/manifests/function/capz/v0.4.8/default/cloud_environment.yaml new file mode 100644 index 0000000..c8da0a5 --- /dev/null +++ b/manifests/function/capz/v0.4.8/default/cloud_environment.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: manager-bootstrap-cloud-env + namespace: system +data: + cloud-env: AzurePublicCloud + # cloud-env: ${AZURE_ENVIRONMENT:-"AzurePublicCloud"} diff --git a/manifests/function/capz/v0.4.8/default/credentials.yaml b/manifests/function/capz/v0.4.8/default/credentials.yaml new file mode 100644 index 0000000..bfd8185 --- /dev/null +++ b/manifests/function/capz/v0.4.8/default/credentials.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: manager-bootstrap-credentials + namespace: system +type: Opaque +data: + subscription-id: ${AZURE_SUBSCRIPTION_ID_B64} + tenant-id: ${AZURE_TENANT_ID_B64} + client-id: ${AZURE_CLIENT_ID_B64} + client-secret: ${AZURE_CLIENT_SECRET_B64} diff --git a/manifests/function/capz/v0.4.8/default/kustomization.yaml b/manifests/function/capz/v0.4.8/default/kustomization.yaml new file mode 100644 index 0000000..108e080 --- /dev/null +++ b/manifests/function/capz/v0.4.8/default/kustomization.yaml @@ -0,0 +1,14 @@ +namespace: capz-system + +resources: + - namespace.yaml + - credentials.yaml + - cloud_environment.yaml + +bases: + - ../rbac + - ../manager + +patchesStrategicMerge: + - manager_credentials_patch.yaml + - manager_cloud_env_patch.yaml diff --git a/manifests/function/capz/v0.4.8/default/manager_cloud_env_patch.yaml b/manifests/function/capz/v0.4.8/default/manager_cloud_env_patch.yaml new file mode 100644 index 0000000..c42925e --- /dev/null +++ b/manifests/function/capz/v0.4.8/default/manager_cloud_env_patch.yaml @@ -0,0 +1,16 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + env: + - name: AZURE_ENVIRONMENT + valueFrom: + configMapKeyRef: + name: manager-bootstrap-cloud-env + key: cloud-env \ No newline at end of file diff --git a/manifests/function/capz/v0.4.8/default/manager_credentials_patch.yaml b/manifests/function/capz/v0.4.8/default/manager_credentials_patch.yaml new file mode 100644 index 0000000..4388a83 --- /dev/null +++ b/manifests/function/capz/v0.4.8/default/manager_credentials_patch.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + env: + - name: AZURE_SUBSCRIPTION_ID + valueFrom: + secretKeyRef: + name: manager-bootstrap-credentials + key: subscription-id + - name: AZURE_TENANT_ID + valueFrom: + secretKeyRef: + name: manager-bootstrap-credentials + key: tenant-id + - name: AZURE_CLIENT_ID + valueFrom: + secretKeyRef: + name: manager-bootstrap-credentials + key: client-id + - name: AZURE_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: manager-bootstrap-credentials + key: client-secret diff --git a/manifests/function/capz/v0.4.8/default/manager_prometheus_metrics_patch.yaml b/manifests/function/capz/v0.4.8/default/manager_prometheus_metrics_patch.yaml new file mode 100644 index 0000000..0b96c68 --- /dev/null +++ b/manifests/function/capz/v0.4.8/default/manager_prometheus_metrics_patch.yaml @@ -0,0 +1,19 @@ +# This patch enables Prometheus scraping for the manager pod. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + metadata: + annotations: + prometheus.io/scrape: 'true' + spec: + containers: + # Expose the prometheus metrics on default port + - name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP diff --git a/manifests/function/capz/v0.4.8/default/manager_role_aggregation_patch.yaml b/manifests/function/capz/v0.4.8/default/manager_role_aggregation_patch.yaml new file mode 100644 index 0000000..202ee21 --- /dev/null +++ b/manifests/function/capz/v0.4.8/default/manager_role_aggregation_patch.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: manager-role + labels: + cluster.x-k8s.io/aggregate-to-manager: "true" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: aggregated-manager-role diff --git a/manifests/function/capz/v0.4.8/default/namespace.yaml b/manifests/function/capz/v0.4.8/default/namespace.yaml new file mode 100644 index 0000000..1ab3a72 --- /dev/null +++ b/manifests/function/capz/v0.4.8/default/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: system diff --git a/manifests/function/capz/v0.4.8/kustomization.yaml b/manifests/function/capz/v0.4.8/kustomization.yaml new file mode 100644 index 0000000..1b7dbb4 --- /dev/null +++ b/manifests/function/capz/v0.4.8/kustomization.yaml @@ -0,0 +1,29 @@ +namePrefix: capz- + +# Labels to add to all resources and selectors. +commonLabels: + cluster.x-k8s.io/provider: "infrastructure-azure" +bases: + - crd + - webhook + - default + +patchesJson6902: + - target: + group: apiextensions.k8s.io + version: v1 + kind: CustomResourceDefinition + name: azureclusters.infrastructure.cluster.x-k8s.io + path: patch_crd_webhook_namespace.yaml + - target: + group: apiextensions.k8s.io + version: v1 + kind: CustomResourceDefinition + name: azuremachines.infrastructure.cluster.x-k8s.io + path: patch_crd_webhook_namespace.yaml + - target: + group: apiextensions.k8s.io + version: v1 + kind: CustomResourceDefinition + name: azuremachinetemplates.infrastructure.cluster.x-k8s.io + path: patch_crd_webhook_namespace.yaml diff --git a/manifests/function/capz/v0.4.8/manager/kustomization.yaml b/manifests/function/capz/v0.4.8/manager/kustomization.yaml new file mode 100644 index 0000000..b6440b5 --- /dev/null +++ b/manifests/function/capz/v0.4.8/manager/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - manager.yaml + +patchesStrategicMerge: + - manager_pull_policy.yaml + - manager_image_patch.yaml + - manager_auth_proxy_patch.yaml diff --git a/manifests/function/capz/v0.4.8/manager/manager.yaml b/manifests/function/capz/v0.4.8/manager/manager.yaml new file mode 100644 index 0000000..c9551da --- /dev/null +++ b/manifests/function/capz/v0.4.8/manager/manager.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system + labels: + control-plane: capz-controller-manager +spec: + selector: + matchLabels: + control-plane: capz-controller-manager + replicas: 1 + template: + metadata: + labels: + control-plane: capz-controller-manager + spec: + containers: + - args: + - --enable-leader-election + - "--feature-gates=MachinePool=false,AKS=false}" + # - "--feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKS=${EXP_AKS:=false}" + image: controller:latest + imagePullPolicy: Always + name: manager + ports: + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + livenessProbe: + httpGet: + path: /healthz + port: healthz + terminationGracePeriodSeconds: 10 diff --git a/manifests/function/capz/v0.4.8/manager/manager_auth_proxy_patch.yaml b/manifests/function/capz/v0.4.8/manager/manager_auth_proxy_patch.yaml new file mode 100644 index 0000000..55a9fc2 --- /dev/null +++ b/manifests/function/capz/v0.4.8/manager/manager_auth_proxy_patch.yaml @@ -0,0 +1,27 @@ +# This patch inject a sidecar container which is a HTTP proxy for the controller manager, +# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: kube-rbac-proxy + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8080/" + - "--logtostderr=true" + - "--v=10" + ports: + - containerPort: 8443 + name: https + - name: manager + args: + - "--metrics-addr=127.0.0.1:8080" + - "--enable-leader-election" + - "--feature-gates=MachinePool=false,AKS=false" + # - "--feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKS=${EXP_AKS:=false}" diff --git a/manifests/function/capz/v0.4.8/manager/manager_image_patch.yaml b/manifests/function/capz/v0.4.8/manager/manager_image_patch.yaml new file mode 100644 index 0000000..851e99d --- /dev/null +++ b/manifests/function/capz/v0.4.8/manager/manager_image_patch.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + # Change the value of image field below to your controller image URL + - image: gcr.io/k8s-staging-cluster-api-azure/cluster-api-azure-controller:v0.4.8 + name: manager diff --git a/manifests/function/capz/v0.4.8/manager/manager_pull_policy.yaml b/manifests/function/capz/v0.4.8/manager/manager_pull_policy.yaml new file mode 100644 index 0000000..74a0879 --- /dev/null +++ b/manifests/function/capz/v0.4.8/manager/manager_pull_policy.yaml @@ -0,0 +1,11 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + imagePullPolicy: Always diff --git a/manifests/function/capz/v0.4.8/patch_crd_webhook_namespace.yaml b/manifests/function/capz/v0.4.8/patch_crd_webhook_namespace.yaml new file mode 100644 index 0000000..110f3a4 --- /dev/null +++ b/manifests/function/capz/v0.4.8/patch_crd_webhook_namespace.yaml @@ -0,0 +1,3 @@ +- op: replace + path: "/spec/conversion/webhook/clientConfig/service/namespace" + value: capi-webhook-system diff --git a/manifests/function/capz/v0.4.8/rbac/auth_proxy_role.yaml b/manifests/function/capz/v0.4.8/rbac/auth_proxy_role.yaml new file mode 100644 index 0000000..618f5e4 --- /dev/null +++ b/manifests/function/capz/v0.4.8/rbac/auth_proxy_role.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: proxy-role +rules: +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: + - subjectaccessreviews + verbs: ["create"] diff --git a/manifests/function/capz/v0.4.8/rbac/auth_proxy_role_binding.yaml b/manifests/function/capz/v0.4.8/rbac/auth_proxy_role_binding.yaml new file mode 100644 index 0000000..48ed1e4 --- /dev/null +++ b/manifests/function/capz/v0.4.8/rbac/auth_proxy_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: proxy-role +subjects: +- kind: ServiceAccount + name: default + namespace: system diff --git a/manifests/function/capz/v0.4.8/rbac/auth_proxy_service.yaml b/manifests/function/capz/v0.4.8/rbac/auth_proxy_service.yaml new file mode 100644 index 0000000..37db61a --- /dev/null +++ b/manifests/function/capz/v0.4.8/rbac/auth_proxy_service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "8443" + prometheus.io/scheme: https + prometheus.io/scrape: "true" + labels: + control-plane: capz-controller-manager + name: controller-manager-metrics-service + namespace: system +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: capz-controller-manager diff --git a/manifests/function/capz/v0.4.8/rbac/kustomization.yaml b/manifests/function/capz/v0.4.8/rbac/kustomization.yaml new file mode 100644 index 0000000..7205f69 --- /dev/null +++ b/manifests/function/capz/v0.4.8/rbac/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - role.yaml + - role_binding.yaml + - leader_election_role.yaml + - leader_election_role_binding.yaml + - auth_proxy_service.yaml + - auth_proxy_role.yaml + - auth_proxy_role_binding.yaml diff --git a/manifests/function/capz/v0.4.8/rbac/leader_election_role.yaml b/manifests/function/capz/v0.4.8/rbac/leader_election_role.yaml new file mode 100644 index 0000000..85093a8 --- /dev/null +++ b/manifests/function/capz/v0.4.8/rbac/leader_election_role.yaml @@ -0,0 +1,26 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch diff --git a/manifests/function/capz/v0.4.8/rbac/leader_election_role_binding.yaml b/manifests/function/capz/v0.4.8/rbac/leader_election_role_binding.yaml new file mode 100644 index 0000000..eed1690 --- /dev/null +++ b/manifests/function/capz/v0.4.8/rbac/leader_election_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: default + namespace: system diff --git a/manifests/function/capz/v0.4.8/rbac/role.yaml b/manifests/function/capz/v0.4.8/rbac/role.yaml new file mode 100644 index 0000000..329b7e2 --- /dev/null +++ b/manifests/function/capz/v0.4.8/rbac/role.yaml @@ -0,0 +1,188 @@ + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - patch + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - get + - list + - watch +- apiGroups: + - exp.cluster.x-k8s.io + resources: + - machinepools + - machinepools/status + verbs: + - get + - list + - watch +- apiGroups: + - exp.infrastructure.cluster.x-k8s.io + resources: + - azuremachinepools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - exp.infrastructure.cluster.x-k8s.io + resources: + - azuremachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - exp.infrastructure.cluster.x-k8s.io + resources: + - azuremanagedclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - exp.infrastructure.cluster.x-k8s.io + resources: + - azuremanagedclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - exp.infrastructure.cluster.x-k8s.io + resources: + - azuremanagedcontrolplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - exp.infrastructure.cluster.x-k8s.io + resources: + - azuremanagedcontrolplanes/status + verbs: + - get + - patch + - update +- apiGroups: + - exp.infrastructure.cluster.x-k8s.io + resources: + - azuremanagedmachinepools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - exp.infrastructure.cluster.x-k8s.io + resources: + - azuremanagedmachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azureclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachines/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - azuremachinetemplates + - azuremachinetemplates/status + verbs: + - get + - list + - watch diff --git a/manifests/function/capz/v0.4.8/rbac/role_binding.yaml b/manifests/function/capz/v0.4.8/rbac/role_binding.yaml new file mode 100644 index 0000000..8f26587 --- /dev/null +++ b/manifests/function/capz/v0.4.8/rbac/role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: default + namespace: system diff --git a/manifests/function/capz/v0.4.8/webhook/kustomization.yaml b/manifests/function/capz/v0.4.8/webhook/kustomization.yaml new file mode 100644 index 0000000..309802c --- /dev/null +++ b/manifests/function/capz/v0.4.8/webhook/kustomization.yaml @@ -0,0 +1,42 @@ +namespace: capi-webhook-system + +resources: + - manifests.yaml + - service.yaml + - ../certmanager + - ../manager + +configurations: + - kustomizeconfig.yaml + +patchesStrategicMerge: + - manager_webhook_patch.yaml + - webhookcainjection_patch.yaml + +vars: + - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR + objref: + kind: Certificate + group: cert-manager.io + version: v1alpha2 + name: serving-cert # this name should match the one in certificate.yaml + fieldref: + fieldpath: metadata.namespace + - name: CERTIFICATE_NAME + objref: + kind: Certificate + group: cert-manager.io + version: v1alpha2 + name: serving-cert # this name should match the one in certificate.yaml + - name: SERVICE_NAMESPACE # namespace of the service + objref: + kind: Service + version: v1 + name: webhook-service + fieldref: + fieldpath: metadata.namespace + - name: SERVICE_NAME + objref: + kind: Service + version: v1 + name: webhook-service diff --git a/manifests/function/capz/v0.4.8/webhook/kustomizeconfig.yaml b/manifests/function/capz/v0.4.8/webhook/kustomizeconfig.yaml new file mode 100644 index 0000000..33ca7e8 --- /dev/null +++ b/manifests/function/capz/v0.4.8/webhook/kustomizeconfig.yaml @@ -0,0 +1,27 @@ +# the following config is for teaching kustomize where to look at when substituting vars. +# It requires kustomize v2.1.0 or newer to work properly. +nameReference: + - kind: Service + version: v1 + fieldSpecs: + - kind: MutatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/name + - kind: ValidatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/name + +namespace: + - kind: MutatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/namespace + create: true + - kind: ValidatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/namespace + create: true + +varReference: + - path: metadata/annotations + - kind: Deployment + path: spec/template/spec/volumes/secret/secretName diff --git a/manifests/function/capz/v0.4.8/webhook/manager_webhook_patch.yaml b/manifests/function/capz/v0.4.8/webhook/manager_webhook_patch.yaml new file mode 100644 index 0000000..0b04824 --- /dev/null +++ b/manifests/function/capz/v0.4.8/webhook/manager_webhook_patch.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + args: + - "--metrics-addr=127.0.0.1:8080" + - "--webhook-port=9443" + - "--feature-gates=MachinePool=false,AKS=false" + # - "--feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKS=${EXP_AKS:=false}" + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: $(SERVICE_NAME)-cert diff --git a/manifests/function/capz/v0.4.8/webhook/manifests.yaml b/manifests/function/capz/v0.4.8/webhook/manifests.yaml new file mode 100644 index 0000000..ccfbad0 --- /dev/null +++ b/manifests/function/capz/v0.4.8/webhook/manifests.yaml @@ -0,0 +1,172 @@ + +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + creationTimestamp: null + name: mutating-webhook-configuration +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: webhook-service + namespace: system + path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha3-azurecluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azurecluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha3 + operations: + - CREATE + - UPDATE + resources: + - azureclusters + sideEffects: None +- clientConfig: + caBundle: Cg== + service: + name: webhook-service + namespace: system + path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha3-azuremachine + failurePolicy: Fail + matchPolicy: Equivalent + name: default.azuremachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha3 + operations: + - CREATE + - UPDATE + resources: + - azuremachines + sideEffects: None +- clientConfig: + caBundle: Cg== + service: + name: webhook-service + namespace: system + path: /mutate-exp-cluster-x-k8s-io-x-k8s-io-v1alpha3-azuremachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: mazuremachinepool.kb.io + rules: + - apiGroups: + - exp.cluster.x-k8s.io.x-k8s.io + apiVersions: + - v1alpha3 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepools + sideEffects: None +- clientConfig: + caBundle: Cg== + service: + name: webhook-service + namespace: system + path: /mutate-exp-infrastructure-cluster-x-k8s-io-v1alpha3-azuremanagedcontrolplane + failurePolicy: Fail + name: azuremanagedcontrolplane.kb.io + rules: + - apiGroups: + - exp.infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha3 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanes + +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + name: validating-webhook-configuration +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: webhook-service + namespace: system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha3-azurecluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azurecluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha3 + operations: + - CREATE + - UPDATE + resources: + - azureclusters + sideEffects: None +- clientConfig: + caBundle: Cg== + service: + name: webhook-service + namespace: system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha3-azuremachine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.azuremachine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha3 + operations: + - CREATE + - UPDATE + resources: + - azuremachines + sideEffects: None +- clientConfig: + caBundle: Cg== + service: + name: webhook-service + namespace: system + path: /validate-exp-cluster-x-k8s-io-x-k8s-io-v1alpha3-azuremachinepool + failurePolicy: Fail + matchPolicy: Equivalent + name: vazuremachinepool.kb.io + rules: + - apiGroups: + - exp.cluster.x-k8s.io.x-k8s.io + apiVersions: + - v1alpha3 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepools + sideEffects: None +- clientConfig: + caBundle: Cg== + service: + name: webhook-service + namespace: system + path: /validate-exp-infrastructure-cluster-x-k8s-io-v1alpha3-azuremanagedcontrolplane + failurePolicy: Fail + name: azuremanagedcontrolplane.kb.io + rules: + - apiGroups: + - exp.infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha3 + operations: + - CREATE + - UPDATE + resources: + - azuremanagedcontrolplanes diff --git a/manifests/function/capz/v0.4.8/webhook/service.yaml b/manifests/function/capz/v0.4.8/webhook/service.yaml new file mode 100644 index 0000000..711977f --- /dev/null +++ b/manifests/function/capz/v0.4.8/webhook/service.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: webhook-service + namespace: system +spec: + ports: + - port: 443 + targetPort: webhook-server diff --git a/manifests/function/capz/v0.4.8/webhook/webhookcainjection_patch.yaml b/manifests/function/capz/v0.4.8/webhook/webhookcainjection_patch.yaml new file mode 100644 index 0000000..1a5639f --- /dev/null +++ b/manifests/function/capz/v0.4.8/webhook/webhookcainjection_patch.yaml @@ -0,0 +1,17 @@ + +# This patch add annotation to admission webhook config and +# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. +# uncomment the following lines to enable mutating and validating webhook +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + name: mutating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + name: validating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) \ No newline at end of file diff --git a/manifests/function/k8scontrol-capz/v0.4.8/cluster.yaml b/manifests/function/k8scontrol-capz/v0.4.8/cluster.yaml new file mode 100644 index 0000000..d0f6384 --- /dev/null +++ b/manifests/function/k8scontrol-capz/v0.4.8/cluster.yaml @@ -0,0 +1,31 @@ +apiVersion: cluster.x-k8s.io/v1alpha3 +kind: Cluster +metadata: + name: az-workload-cluster + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1alpha3 + kind: KubeadmControlPlane + name: az-workload-cluster-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 + kind: AzureCluster + name: az-workload-cluster +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 +kind: AzureCluster +metadata: + name: az-workload-cluster + namespace: default +spec: + location: centralus + networkSpec: + vnet: + name: azure-workload-vnet + resourceGroup: azure-workload + subscriptionID: 72e8991f-016d-4b25-8dad-819ab8cda24d \ No newline at end of file diff --git a/manifests/function/k8scontrol-capz/v0.4.8/controlplane.yaml b/manifests/function/k8scontrol-capz/v0.4.8/controlplane.yaml new file mode 100644 index 0000000..1ba87a2 --- /dev/null +++ b/manifests/function/k8scontrol-capz/v0.4.8/controlplane.yaml @@ -0,0 +1,100 @@ +apiVersion: controlplane.cluster.x-k8s.io/v1alpha3 +kind: KubeadmControlPlane +metadata: + name: az-workload-cluster-control-plane + namespace: default +spec: + infrastructureTemplate: + apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 + kind: AzureMachineTemplate + name: az-workload-cluster-control-plane + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + cloud-config: /etc/kubernetes/azure.json + cloud-provider: azure + extraVolumes: + - hostPath: /etc/kubernetes/azure.json + mountPath: /etc/kubernetes/azure.json + name: cloud-config + readOnly: true + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-config: /etc/kubernetes/azure.json + cloud-provider: azure + cluster-name: az-workload-cluster + extraVolumes: + - hostPath: /etc/kubernetes/azure.json + mountPath: /etc/kubernetes/azure.json + name: cloud-config + readOnly: true + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: azure.json + name: az-workload-cluster-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-config: /etc/kubernetes/azure.json + cloud-provider: azure + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-config: /etc/kubernetes/azure.json + cloud-provider: azure + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + useExperimentalRetryJoin: true + replicas: 3 + version: v1.18.2 +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 +kind: AzureMachineTemplate +metadata: + name: az-workload-cluster-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + location: centralus + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: "" + vmSize: Standard_D2s_v3 \ No newline at end of file diff --git a/manifests/function/k8scontrol-capz/v0.4.8/kustomization.yaml b/manifests/function/k8scontrol-capz/v0.4.8/kustomization.yaml new file mode 100644 index 0000000..4d401ba --- /dev/null +++ b/manifests/function/k8scontrol-capz/v0.4.8/kustomization.yaml @@ -0,0 +1,4 @@ +resources: + - cluster.yaml + - controlplane.yaml + - workers.yaml diff --git a/manifests/function/k8scontrol-capz/v0.4.8/workers.yaml b/manifests/function/k8scontrol-capz/v0.4.8/workers.yaml new file mode 100644 index 0000000..8feaed9 --- /dev/null +++ b/manifests/function/k8scontrol-capz/v0.4.8/workers.yaml @@ -0,0 +1,64 @@ +apiVersion: cluster.x-k8s.io/v1alpha3 +kind: MachineDeployment +metadata: + name: az-workload-cluster-md-0 + namespace: default +spec: + clusterName: az-workload-cluster + replicas: 3 + selector: + matchLabels: null + template: + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3 + kind: KubeadmConfigTemplate + name: az-workload-cluster-md-0 + clusterName: az-workload-cluster + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 + kind: AzureMachineTemplate + name: az-workload-cluster-md-0 + version: v1.18.2 +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 +kind: AzureMachineTemplate +metadata: + name: az-workload-cluster-md-0 + namespace: default +spec: + template: + spec: + location: centralus + osDisk: + diskSizeGB: 128 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: "" + vmSize: Standard_D2s_v3 +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3 +kind: KubeadmConfigTemplate +metadata: + name: az-workload-cluster-md-0 + namespace: default +spec: + template: + spec: + files: + - contentFrom: + secret: + key: azure.json + name: az-workload-cluster-md-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-config: /etc/kubernetes/azure.json + cloud-provider: azure + name: '{{ ds.meta_data["local_hostname"] }}' + useExperimentalRetryJoin: true \ No newline at end of file diff --git a/manifests/site/az-test-site/shared/clusterctl/clusterctl.yaml b/manifests/site/az-test-site/shared/clusterctl/clusterctl.yaml new file mode 100755 index 0000000..7ee8db1 --- /dev/null +++ b/manifests/site/az-test-site/shared/clusterctl/clusterctl.yaml @@ -0,0 +1,49 @@ +apiVersion: airshipit.org/v1alpha1 +kind: Clusterctl +metadata: + labels: + airshipit.org/deploy-k8s: "false" + name: clusterctl-v1 +init-options: + core-provider: "cluster-api:v0.3.7" + bootstrap-providers: + - "kubeadm:v0.3.7" + infrastructure-providers: + - "azure:v0.4.8" + control-plane-providers: + - "kubeadm:v0.3.7" +providers: + - name: "azure" + type: "InfrastructureProvider" + variable-substitution: true + versions: + v0.4.8: manifests/function/capz/v0.4.8 + - name: "kubeadm" + type: "BootstrapProvider" + variable-substitution: true + versions: + v0.3.7: manifests/function/cabpk/v0.3.7 + - name: "cluster-api" + type: "CoreProvider" + variable-substitution: true + versions: + v0.3.7: manifests/function/capi/v0.3.7 + - name: "kubeadm" + type: "ControlPlaneProvider" + variable-substitution: true + versions: + v0.3.7: manifests/function/cacpk/v0.3.7 +# env-vars: true +additional-vars: + CONTAINER_CAPI_MANAGER: us.gcr.io/k8s-artifacts-prod/cluster-api/cluster-api-controller:v0.3.7 + CONTAINER_CAPI_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 + CONTAINER_CABPK_MANAGER: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-bootstrap-controller:v0.3.7 + CONTAINER_CABPK_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 + CONTAINER_CACPK_MANAGER: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-control-plane-controller:v0.3.7 + CONTAINER_CACPK_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 + # Fake environment variables values so it can pass the validate-site-docs + AZURE_SUBSCRIPTION_ID_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgc3Vic2NyaXB0aW9uIGlkIGhlcmUK" + AZURE_TENANT_ID_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgdGVuYW50IGlkIGhlcmUK" + AZURE_CLIENT_ID_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgc2VydmljZSBwcmluY2lwYWwgaWQgaGVyZQo=" + AZURE_CLIENT_SECRET_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgc2VydmljZSBwcmluY2lwYWwgc2VjcmV0IGhlcmUK" + AZURE_ENVIRONMENT: "AzurePublicCloud" \ No newline at end of file diff --git a/manifests/site/az-test-site/shared/clusterctl/kustomization.yaml b/manifests/site/az-test-site/shared/clusterctl/kustomization.yaml new file mode 100755 index 0000000..4bc4401 --- /dev/null +++ b/manifests/site/az-test-site/shared/clusterctl/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - clusterctl.yaml diff --git a/manifests/site/az-test-site/target/azure/kustomization.yaml b/manifests/site/az-test-site/target/azure/kustomization.yaml new file mode 100755 index 0000000..c936987 --- /dev/null +++ b/manifests/site/az-test-site/target/azure/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - ../../../../function/k8scontrol-capz/v0.4.8 diff --git a/manifests/site/az-test-site/target/initinfra/kustomization.yaml b/manifests/site/az-test-site/target/initinfra/kustomization.yaml new file mode 100755 index 0000000..c2942af --- /dev/null +++ b/manifests/site/az-test-site/target/initinfra/kustomization.yaml @@ -0,0 +1,4 @@ +resources: + - ../../shared/clusterctl +commonLabels: + airshipit.org/stage: initinfra diff --git a/playbooks/airship-collect-azure-logs.yaml b/playbooks/airship-collect-azure-logs.yaml new file mode 100644 index 0000000..3e05216 --- /dev/null +++ b/playbooks/airship-collect-azure-logs.yaml @@ -0,0 +1,30 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- hosts: primary + vars: + logs_dir: "/tmp/logs" + roles: + - gather-system-logs + # - airship-gather-apache-logs + # - airship-gather-libvirt-logs + # - airship-gather-runtime-logs + # - airship-airshipctl-gather-configs + environment: + LIBVIRT_DEFAULT_URI: qemu:///system + + # tasks: + # - name: save logs for ephemeral cluster + # include_role: + # name: airship-gather-pod-logs diff --git a/tools/deployment/azure/100_clean_up_resources.sh b/tools/deployment/azure/100_clean_up_resources.sh new file mode 100755 index 0000000..3179a3e --- /dev/null +++ b/tools/deployment/azure/100_clean_up_resources.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +set -xe + +# Deleting Target Cluster resources from Azure Cloud +echo "Deleting Target Cluster on Azure Cloud ..." +airshipctl phase render azure -k Cluster | kubectl delete --kubeconfig ~/.airship/kubeconfig -f - + +# Deleting the Management cluster +kind delete cluster --name capi-azure \ No newline at end of file diff --git a/tools/deployment/azure/11_build_kind_cluster.sh b/tools/deployment/azure/11_build_kind_cluster.sh new file mode 100755 index 0000000..e3df71b --- /dev/null +++ b/tools/deployment/azure/11_build_kind_cluster.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +set -xe + +#Default wait timeout is 3600 seconds +export TIMEOUT=${TIMEOUT:-3600} +export KUBECONFIG=${KUBECONFIG:-"$HOME/.kube/config"} + +REMOTE_WORK_DIR=/tmp + +# get kind +echo "Fetching kind from ${KIND_URL}..." +TMP=$(KIND_URL=${KIND_URL} ./tools/document/get_kind.sh) +export KIND=${TMP}/kind + +$KIND delete cluster --name capi-azure +$KIND create cluster --name capi-azure + +#Wait till CAPI/CAPZ Control Plane Node is ready +end=$(($(date +%s) + $TIMEOUT)) +echo "Waiting $TIMEOUT seconds for Capi Docker Control Plane node to be ready." +while true; do + if (kubectl --request-timeout 20s --kubeconfig $KUBECONFIG get nodes capi-azure-control-plane -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}' | grep -q True) ; then + echo -e "\nCAPI Docker Control Plane Node is ready." + kubectl --request-timeout 20s --kubeconfig $KUBECONFIG get nodes + break + else + now=$(date +%s) + if [ $now -gt $end ]; then + echo -e "\nCAPI Azure Control Plane Node was not ready before TIMEOUT." + exit 1 + fi + echo -n . + sleep 15 + fi +done + diff --git a/tools/deployment/azure/200_configure_test_vm.sh b/tools/deployment/azure/200_configure_test_vm.sh new file mode 100755 index 0000000..b58e9d4 --- /dev/null +++ b/tools/deployment/azure/200_configure_test_vm.sh @@ -0,0 +1,58 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This script transfers the local Airship project to the remote machine, +# copies the test/validation script to the remote machine and then executes it. +# +# This script is a local test simulating Zuul gates used to test and validate +# the Azure clout integration. + +if [ $# -eq 3 ]; then + echo "--- Remote VM Username@IP = $1" + echo "--- Local Airship Dir = $2" + echo "--- Credentials Script = $3" + + export REMOTE_VM=$1 + export LOCAL_AIRSHIP_DIR=$2 + export CREDENTIALS=$3 +else + echo "Syntax: 200_configure-remote-vm.sh " + echo " : Username@VM_IP to login to the Remote VM" + echo " : Directory containing the Airship project, e.g., /home/esidshi/projects/airshipctl/" + echo " : script to be used by remote VM for setting the credentials for public Clouds" + exit 1 +fi + +echo "Remote Username@VM = $REMOTE_VM" +echo "Local Airship Dir" = $LOCAL_AIRSHIP_DIR +echo "Credentials Script = $CREDENTIALS" + +# Pushing local SSH Public Key to Remote VM +echo "Adding local VM public in the Remote VM ..." +ssh-copy-id -o StrictHostKeyChecking=no -i ~/.ssh/id_rsa.pub $REMOTE_VM + +# Installing Docker in the remote VM +echo "Installing Docker ..." +# ssh $REMOTE_VM 'sudo apt update -y && sudo apt install docker.io && sudo usermod -aG docker $USER' +ssh $REMOTE_VM 'sudo apt-get remove docker docker-engine docker.io containerd runc && sudo apt-get update' +ssh $REMOTE_VM 'sudo apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common' +ssh $REMOTE_VM 'curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - && sudo apt-key fingerprint 0EBFCD88' +ssh $REMOTE_VM 'sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"' +ssh $REMOTE_VM 'sudo apt-get update && sudo apt-get install -y docker-ce docker-ce-cli containerd.io && sudo usermod -aG docker $USER' + +# Installing Make in the remote VM +ssh $REMOTE_VM 'sudo apt-get update -y && sudo apt install make' + +# Transfer the manifests to the remote VM and start the local test +$LOCAL_AIRSHIP_DIR/tools/deployment/azure/200_transfer_airshipctl.sh $REMOTE_VM $LOCAL_AIRSHIP_DIR $CREDENTIALS \ No newline at end of file diff --git a/tools/deployment/azure/200_transfer_airshipctl.sh b/tools/deployment/azure/200_transfer_airshipctl.sh new file mode 100755 index 0000000..232ffbd --- /dev/null +++ b/tools/deployment/azure/200_transfer_airshipctl.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This script transfers the local Airship project to the remote machine, +# copies the test/validation script to the remote machine and then executes it. +# +# This script is a local test simulating Zuul gates used to test and validate +# the Azure clout integration. + +if [ -n "$3" ]; then + echo "--- Remote username@VM = $1" + echo "--- Local Airship Dir = $2" + echo "--- Credentials script = $3" + + export REMOTE_VM=$1 + export LOCAL_AIRSHIP_DIR=$2 + export CREDENTIALS=$3 +else + echo "Syntax: 200_transfer_airshipctl.sh " + echo " : Username@VM to login to the Remote VM" + echo " : Directory containing the Airship project, e.g., /home/esidshi/projects/airshipctl/" + echo " : used by remote VM to set public Cloud credentials" + exit 1 +fi + +export REMOTE_USERNAME=$(echo $REMOTE_VM | cut -d'@' -f 1) +echo "Remote Username = $REMOTE_USERNAME" +echo "Remote VM = $REMOTE_VM" +echo "Local Airshipt Dir = $LOCAL_AIRSHIP_DIR" +echo "Credentials Script = $CREDENTIALS" + +# Preparing the Remote VM to the "Zero Touch" Validation +cd $LOCAL_AIRSHIP_DIR +echo "sudo mkdir /home/zuul" +ssh -o StrictHostKeyChecking=no $REMOTE_VM 'sudo mkdir /home/zuul' + +echo "sudo chown ${REMOTE_USERNAME} /home/zuul" +ssh $REMOTE_VM "sudo chown ${REMOTE_USERNAME} /home/zuul" + +echo "sudo chgrp ${REMOTE_USERNAME} /home/zuul" +ssh $REMOTE_VM "sudo chgrp ${REMOTE_USERNAME} /home/zuul" + +echo "mkdir /home/zuul/src" +ssh $REMOTE_VM 'mkdir /home/zuul/src' + +echo "mkdir /home/zuul/src/opendev.org" +ssh $REMOTE_VM 'mkdir /home/zuul/src/opendev.org' + +echo "mkdir /home/zuul/src/opendev.org/airship" +ssh $REMOTE_VM 'mkdir /home/zuul/src/opendev.org/airship' + +echo "scp -r $LOCAL_AIRSHIP_DIR/ $REMOTE_VM:/home/zuul/src/opendev.org/airship/airshipctl" +scp -r $LOCAL_AIRSHIP_DIR/ $REMOTE_VM:/home/zuul/src/opendev.org/airship/airshipctl + +echo "scp $LOCAL_AIRSHIP_DIR/tools/deployment/azure/201_zuul_local_test.sh $REMOTE_VM:~" +scp $LOCAL_AIRSHIP_DIR/tools/deployment/azure/201_zuul_local_test.sh $REMOTE_VM:~ +scp $CREDENTIALS $REMOTE_VM:~ + +# echo "ssh $REMOTE_VM 'bash ~/201_zuul_local_test.sh'" +export CREDENTIALS_FILENAME=$(echo ${CREDENTIALS##*/}) # extract the script filename only +echo "CREDENTIALS_FILENAME = $CREDENTIALS_FILENAME" + +# Setting Public Cloud credentials as environment variables in the remote VM +ssh $REMOTE_VM "cat ${CREDENTIALS_FILENAME} >> ~/.profile" + +# Executing the local test +ssh $REMOTE_VM '/bin/bash ~/201_zuul_local_test.sh' diff --git a/tools/deployment/azure/201_zuul_local_test.sh b/tools/deployment/azure/201_zuul_local_test.sh new file mode 100755 index 0000000..ddbdb91 --- /dev/null +++ b/tools/deployment/azure/201_zuul_local_test.sh @@ -0,0 +1,100 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This script simulates the Zuul gates for validation of Azure cloud integration. +# It goes through all gates for locally in the remote VM. + +echo "----- Using default airship directory" +export AIRSHIPDIR="/home/zuul/src/opendev.org/airship/airshipctl" +export AIRSHIPCTL_WS="/home/zuul/src/opendev.org/airship/airshipctl" +export PATH=$PATH:/usr/local/go/bin/ + +# Setting Public Cloud Credentials as Environment Variables +echo "source ~/.profile" +source ~/.profile + +echo "Azure Subscription ID = $AZURE_SUBSCRIPTION_ID" +echo "Azure Tenant ID = $AZURE_TENANT_ID" +echo "Google Cloud Project ID = $GCP_PROJECT" +echo "Google Cloud Account ID = $GCP_ACCOUNT" + +cd $AIRSHIPCTL_WS +echo "----- Airship Directory = $AIRSHIPCTL_WS" + +# Installation of Kubectl +echo "************************************************************************" +echo "***** Installation of Kubectl ..." +./tools/deployment/01_install_kubectl.sh +if [ $? -ne 0 ]; then + echo ">>>>> Failed to Install Kubectl CLI" + exit 1 +fi + +# Build Kind Cluster +echo "************************************************************************" +echo "***** Building Kind Cluster ..." +./tools/deployment/azure/11_build_kind_cluster.sh +if [ $? -ne 0 ]; then + echo ">>>>> Failed to build Kind cluster" + exit 1 +fi + +# Building airshipctl command +echo "************************************************************************" +echo "***** Building airshipctl command ..." +./tools/deployment/21_systemwide_executable.sh +if [ $? -ne 0 ]; then + echo ">>>>> Failed to build airshipctl CLI" + exit 1 +fi + +# Creating Airship config file +echo "************************************************************************" +echo "***** Creating Airship config file ..." +./tools/deployment/azure/31_create_configs.sh +if [ $? -ne 0 ]; then + echo ">>>>> Failed to create airshipctl config file" + exit 1 +fi + +# Initializing CAPI and CAPZ components for the Managemeng cluster +echo "************************************************************************" +echo "***** Initializing CAPI and CAPZ components for the Managemeng cluster ..." +./tools/deployment/azure/41_initialize_management_cluster.sh +if [ $? -ne 0 ]; then + echo ">>>>> Failed to initialize the Ephemeral cluster with CAPI/CAPZ components" + exit 1 +fi + +# Deploying the Target Cluster in Azure cloud +echo "************************************************************************" +echo "***** Deploying the Target Cluster in azure cloud ..." +./tools/deployment/azure/51_deploy_workload_cluster.sh +if [ $? -ne 0 ]; then + echo ">>>>> Failed to deploy Target/Workload cluster on Azure Cloud" + exit 1 +fi + +# Sleep for 15 min before start cleaning up everything. +echo "Waiting for 15 min..." +sleep 15m + +# Cleaning up Resources +echo "************************************************************************" +echo "***** Cleaning up resources ..." +./tools/deployment/azure/100_clean_up_resources.sh +if [ $? -ne 0 ]; then + echo ">>>>> Failed to clean up all public cloud resources created to this test" + exit 1 +fi diff --git a/tools/deployment/azure/31_create_configs.sh b/tools/deployment/azure/31_create_configs.sh new file mode 100755 index 0000000..67f80b2 --- /dev/null +++ b/tools/deployment/azure/31_create_configs.sh @@ -0,0 +1,53 @@ +#!/usr/bin/env bash + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -xe + +export ISO_DIR=${ISO_DIR:-"/srv/iso"} +export SERVE_PORT=${SERVE_PORT:-"8099"} +export AIRSHIPCTL_WS=${AIRSHIPCTL_WS:-$PWD} +export USER_NAME=${USER:-"ubuntu"} +export USE_PROXY=${USE_PROXY:-"false"} +export HTTPS_PROXY=${HTTPS_PROXY:-${https_proxy}} +export HTTPS_PROXY=${HTTP_PROXY:-${http_proxy}} +export NO_PROXY=${NO_PROXY:-${no_proxy}} +export REMOTE_WORK_DIR=${remote_work_dir:-"/tmp/airship"} +export AIRSHIP_CONFIG_ISO_GEN_TARGET_PATH=${ISO_DIR} +export AIRSHIP_CONFIG_ISO_BUILDER_DOCKER_IMAGE=${BUILDER_IMAGE:-"quay.io/airshipit/isogen:latest-debian_stable"} +export REMOTE_TYPE=redfish +export REMOTE_INSECURE=true +export REMOTE_PROXY=false +export AIRSHIP_CONFIG_ISO_SERVE_HOST=${HOST:-"localhost"} +export AIRSHIP_CONFIG_ISO_PORT=${SERVE_PORT} +export AIRSHIP_CONFIG_ISO_NAME=${ISO_NAME:-"debian-custom.iso"} +export SYSTEM_ACTION_RETRIES=30 +export SYSTEM_REBOOT_DELAY=30 +export AIRSHIP_CONFIG_PRIMARY_REPO_BRANCH=${BRANCH:-"master"} +# the git repo url or local file system path to a cloned repo, e.g., /home/stack/airshipctl +export AIRSHIP_CONFIG_PRIMARY_REPO_URL=${REPO:-"https://review.opendev.org/airship/airshipctl"} +export AIRSHIP_SITE_NAME="airshipctl/manifests/site/az-test-site" +export AIRSHIP_CONFIG_MANIFEST_DIRECTORY=${remote_work_dir} +export AIRSHIP_CONFIG_CA_DATA=$(cat tools/deployment/certificates/airship_config_ca_data| base64 -w0) +export AIRSHIP_CONFIG_EPHEMERAL_IP=${IP_Ephemeral:-"10.23.25.101"} +export AIRSHIP_CONFIG_CLIENT_CERT_DATA=$(cat tools/deployment/certificates/airship_config_client_cert_data| base64 -w0) +export AIRSHIP_CONFIG_CLIENT_KEY_DATA=$(cat tools/deployment/certificates/airship_config_client_key_data| base64 -w0) + +#Remove and Create .airship folder +rm -rf $HOME/.airship +mkdir -p $HOME/.airship + +cp ~/.kube/config ~/.airship/kubeconfig + +echo "Generate ~/.airship/config and ~/.airship/kubeconfig" +envsubst <"${AIRSHIPCTL_WS}/tools/deployment/templates/azure_airshipconfig_template" > ~/.airship/config diff --git a/tools/deployment/azure/41_initialize_management_cluster.sh b/tools/deployment/azure/41_initialize_management_cluster.sh new file mode 100755 index 0000000..4f6afa3 --- /dev/null +++ b/tools/deployment/azure/41_initialize_management_cluster.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -xe + +export AIRSHIPCTL_WS=${AIRSHIPCTL_WS:-$PWD} +export KUBECONFIG=${KUBECONFIG:-"$HOME/.airship/kubeconfig"} + +echo "Initialize Management Cluster with CAPI and CAPZ Components" +airshipctl cluster init --debug + +echo "Waiting for all pods to come up" +kubectl --kubeconfig $KUBECONFIG wait --for=condition=ready pods --all --timeout=1000s -A +kubectl --kubeconfig $KUBECONFIG get pods -A + diff --git a/tools/deployment/azure/51_deploy_workload_cluster.sh b/tools/deployment/azure/51_deploy_workload_cluster.sh new file mode 100755 index 0000000..768a90d --- /dev/null +++ b/tools/deployment/azure/51_deploy_workload_cluster.sh @@ -0,0 +1,77 @@ +#!/usr/bin/env bash + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +echo "Deploy Target Workload Cluster" +airshipctl phase apply azure + +echo "Get kubeconfig from secret" +KUBECONFIG="" +N=0 +MAX_RETRY=30 +DELAY=60 +until [ "$N" -ge ${MAX_RETRY} ] +do + KUBECONFIG=$(kubectl --kubeconfig ~/.airship/kubeconfig --namespace=default get secret/az-workload-cluster-kubeconfig -o jsonpath={.data.value} || true) + + if [[ ! -z "$KUBECONFIG" ]]; then + break + fi + + N=$((N+1)) + echo "$N: Retry to get target cluster kubeconfig from secret." + sleep ${DELAY} +done + +if [[ -z "$KUBECONFIG" ]]; then + echo "Could not get target cluster kubeconfig from sceret." + exit 1 +fi + +echo "Create kubeconfig" +echo ${KUBECONFIG} | base64 -d > /tmp/target.kubeconfig + +echo "Get Machine State" +kubectl get machines + +echo "Check kubectl version" +VERSION="" +N=0 +MAX_RETRY=30 +DELAY=60 +until [ "$N" -ge ${MAX_RETRY} ] +do + VERSION=$(timeout 20 kubectl --kubeconfig /tmp/target.kubeconfig version | grep 'Server Version' || true) + + if [[ ! -z "$VERSION" ]]; then + break + fi + + N=$((N+1)) + echo "$N: Retry to get kubectl version." + sleep ${DELAY} +done + +if [[ -z "$VERSION" ]]; then + echo "Could not get kubectl version." + exit 1 +fi + +echo "Check nodes status" + +kubectl --kubeconfig /tmp/target.kubeconfig wait --for=condition=Ready node --all --timeout 900s +kubectl get nodes --kubeconfig /tmp/target.kubeconfig + +echo "Get cluster state" +kubectl --kubeconfig ${HOME}/.airship/kubeconfig get cluster + diff --git a/tools/deployment/azure/README.md b/tools/deployment/azure/README.md new file mode 100644 index 0000000..f0e4b8f --- /dev/null +++ b/tools/deployment/azure/README.md @@ -0,0 +1,60 @@ +# Zuul Gate Scripts for Bootstrap Container/Ephemeral Cluster/Azure Target Cluster +This folder container the Zuul Gate Scripts for configuring the tools necessary to +automatically validate the building of Bootstrap Container (Go app + Docker Image), +deployment of Ephemeral Cluster on Azure Cloud and Google Cloud, then using the +Azure Ephemeral Cluster to deploy the Target Cluster on Azure Cloud. + +## Installing and Configuring Tools +The following scripts are used to install and configure tools such as "kubectl", "Go", "Kustomize" and "airshipctl": +- 01_install_kubectl.sh - installs "kubectl" CLI +- 02_install_go.sh - installs the "Go" language +- 03_install_kustomize_docker.sh - install "kustomize" CLI +- 21_systemwide_executable.sh - build the "airshipctl" CLI + +## Bootstrap Container and Ephemeral Cluster +The following scrips are used to deploy the Ephemeral cluster on Azure and Google Cloud. +- 41_deploy_azure_ephemeral_cluster.sh - creates the Azure Bootstrap container that deploys the Azure (AKS) Ephemeral cluster +- 41_initialize_management_cluster.sh - creates the GCP Bootstrap container that deploys the GCP (GKE) Ephemeral cluster + +> NOTE: the Bootstrap container images shall be built and pushed to **quay.io** registry prior to executing these scripts. +## Initializing the Ephemeral cluster and Deploying the Target Cluster +The following scripts initialize the Ephemeral cluster with CAPI and CAPZ components +and deploy the Target/Workload cluster on the Azure Cloud platform. +- 41_initialize_management_cluster.sh - initializes the Azure Ephemeral cluster with CAPI and CAPZ components +- 51_deploy_workload_cluster.sh - deploys a Target/Workload cluster on the Azure Cloud platform + +And last but not least, the following scripts is a clean up script, deleting all resources created +the public clouds, including the ephemeral clusters. +- 100_clean_up_resources.sh + +## Supporting Local Test Scripts +The scripts in this section are used for testing the end-to-end testing pipeline outside the Zuul +environment. It simulates the Zuul pipeline on a clean remote VM, e.g., VM created on Azure Cloud. +- 201_zuul_local_test.sh - simulates the sequence of scripts to run on a Zuul environment. +- 200_transfer_airshipctl.sh - this script transfers the airshipctl local repository to the test VM then executes 201_zuul_local_test.sh +- 200_configure_test_vm.sh - Prepares the test VM with basic tools such as "make" and "docker", then executes 200_transfer_airshipctl.sh. + +By executing *200_configure_test_vm.sh* on a development server will trigger the entire test pipeline, i.e., "Zero Touch" local test. + +Pre-requisite: the *200_configure_test_vm.sh* requires a special script file that exports environment variables specific for the +Azure and GCP Cloud account credentials. See template for this script below: + +```bash +# Azure cloud authentication credentials. +export AZURE_SUBSCRIPTION_ID="" +export AZURE_TENANT_ID="" +export AZURE_CLIENT_ID="" +export AZURE_CLIENT_SECRET="" + +# To use the default public cloud, otherwise set to AzureChinaCloud|AzureGermanCloud|AzureUSGovernmentCloud +export AZURE_ENVIRONMENT="AzurePublicCloud" + +export AZURE_SUBSCRIPTION_ID_B64="$(echo -n "$AZURE_SUBSCRIPTION_ID" | base64 | tr -d '\n')" +export AZURE_TENANT_ID_B64="$(echo -n "$AZURE_TENANT_ID" | base64 | tr -d '\n')" +export AZURE_CLIENT_ID_B64="$(echo -n "$AZURE_CLIENT_ID" | base64 | tr -d '\n')" +export AZURE_CLIENT_SECRET_B64="$(echo -n "$AZURE_CLIENT_SECRET" | base64 | tr -d '\n')" + +# GCP Environment Variables +export GCP_PROJECT= +export GCP_ACCOUNT= +``` diff --git a/tools/deployment/templates/azure_airshipconfig_template b/tools/deployment/templates/azure_airshipconfig_template new file mode 100644 index 0000000..9f36567 --- /dev/null +++ b/tools/deployment/templates/azure_airshipconfig_template @@ -0,0 +1,34 @@ +apiVersion: airshipit.org/v1alpha1 +clusters: + kind-capi-azure: + clusterType: + target: + bootstrapInfo: default + clusterKubeconf: kind-capi-azure_target + managementConfiguration: default +contexts: + kind-capi-azure: + contextKubeconf: kind-capi-azure_target + manifest: azure_manifest +currentContext: kind-capi-azure +kind: Config +managementConfiguration: + default: + systemActionRetries: 30 + systemRebootDelay: 30 + type: azure +manifests: + azure_manifest: + primaryRepositoryName: primary + repositories: + primary: + checkout: + branch: ${AIRSHIP_CONFIG_PRIMARY_REPO_BRANCH} + commitHash: "" + force: false + tag: "" + url: https://review.opendev.org/airship/airshipctl + subPath: manifests/site/az-test-site + targetPath: /home/zuul/src/opendev.org/airship/airshipctl +users: + kind-capi-azure: {} diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 6e13e65..4494098 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -126,6 +126,26 @@ voting: false - job: + name: airship-airshipctl-gate-script-runner-azuretest + attempts: 1 + timeout: 3600 + pre-run: playbooks/airship-airshipctl-deploy-docker.yaml + post-run: playbooks/airship-collect-azure-logs.yaml + run: playbooks/airshipctl-gate-runner.yaml + nodeset: airship-airshipctl-single-node + vars: + site_name: azure-test-site + gate_scripts: + - ./tools/deployment/01_install_kubectl.sh + - ./tools/deployment/azure/11_build_kind_cluster.sh + - ./tools/deployment/21_systemwide_executable.sh + - ./tools/deployment/azure/31_create_configs.sh + - ./tools/deployment/azure/41_initialize_management_cluster.sh + serve_dir: /srv/iso + serve_port: 8099 + voting: false + +- job: name: airship-airshipctl-publish-image parent: airship-airshipctl-build-image post-run: playbooks/airship-airshipctl-publish-images.yaml diff --git a/zuul.d/projects.yaml b/zuul.d/projects.yaml index 6086e73..7b2f509 100644 --- a/zuul.d/projects.yaml +++ b/zuul.d/projects.yaml @@ -25,6 +25,7 @@ - airship-airshipctl-validate-site-docs # - airship-airshipctl-functional-existing-k8s TODO: Enable this when functional tests exist, and a cluster is up - airship-airshipctl-gate-script-runner + - airship-airshipctl-gate-script-runner-azuretest gate: jobs: - openstack-tox-docs: *docs