github.com/verrazzano/verrazzano@v1.7.1/tests/e2e/clusterapi/capi/templates/cluster-template-cluster-class.yaml (about) 1 # Copyright (c) 2023, Oracle and/or its affiliates. 2 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 --- 4 apiVersion: v1 5 kind: Namespace 6 metadata: 7 labels: 8 kubernetes.io/metadata.name: ${CLUSTER_NAMESPACE} 9 name: ${CLUSTER_NAMESPACE} 10 --- 11 apiVersion: cluster.x-k8s.io/v1beta1 12 kind: Cluster 13 metadata: 14 labels: 15 cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} 16 name: ${CLUSTER_NAME} 17 namespace: ${CLUSTER_NAMESPACE} 18 spec: 19 clusterNetwork: 20 pods: 21 cidrBlocks: 22 - ${POD_CIDR=192.168.0.0/16} 23 serviceDomain: cluster.local 24 services: 25 cidrBlocks: 26 - ${CLUSTER_CIDR=10.128.0.0/12} 27 topology: 28 class: ${CLUSTER_NAME}-cluster-class 29 controlPlane: 30 replicas: ${CONTROL_PLANE_MACHINE_COUNT=1} 31 version: ${KUBERNETES_VERSION=v1.25.7} 32 variables: 33 - name: moduleOperatorEnabled 34 value: true 35 - name: verrazzanoPlatformOperatorEnabled 36 value: true 37 - name: imagePullSecret 38 value: ${IMAGE_PULL_SECRET=verrazzano-container-registry} 39 - name: imageName 40 value: ${VPO_IMAGE} 41 - name: imageTag 42 value: ${VPO_TAG} 43 workers: 44 machineDeployments: 45 - class: ${CLUSTER_NAME}-md-0-class 46 name: ${CLUSTER_NAME}-md-0 47 replicas: ${NODE_MACHINE_COUNT=1} 48 - class: ${CLUSTER_NAME}-md-1-class 49 name: ${CLUSTER_NAME}-md-1 50 replicas: ${NODE_MACHINE_COUNT=1} 51 --- 52 apiVersion: cluster.x-k8s.io/v1beta1 53 kind: ClusterClass 54 metadata: 55 name: ${CLUSTER_NAME}-cluster-class 56 namespace: ${CLUSTER_NAMESPACE} 57 labels: 58 cluster.x-k8s.io/provider: oci 59 spec: 60 controlPlane: 61 ref: 62 apiVersion: controlplane.cluster.x-k8s.io/v1alpha1 63 kind: OCNEControlPlaneTemplate 64 name: ${CLUSTER_NAME}-control-plane-template 65 namespace: ${CLUSTER_NAMESPACE} 66 machineInfrastructure: 67 ref: 68 kind: OCIMachineTemplate 69 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 70 name: ${CLUSTER_NAME}-control-plane-machine-template 71 namespace: ${CLUSTER_NAMESPACE} 72 infrastructure: 73 ref: 74 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 75 kind: OCIClusterTemplate 76 name: ${CLUSTER_NAME}-cluster-template 77 namespace: ${CLUSTER_NAMESPACE} 78 workers: 79 machineDeployments: 80 - class: ${CLUSTER_NAME}-md-0-class 81 template: 82 bootstrap: 83 ref: 84 apiVersion: bootstrap.cluster.x-k8s.io/v1alpha1 85 kind: OCNEConfigTemplate 86 name: ${CLUSTER_NAME}-md-0-template 87 namespace: ${CLUSTER_NAMESPACE} 88 infrastructure: 89 ref: 90 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 91 kind: OCIMachineTemplate 92 name: ${CLUSTER_NAME}-md-0-machine-template 93 namespace: ${CLUSTER_NAMESPACE} 94 - class: ${CLUSTER_NAME}-md-1-class 95 template: 96 bootstrap: 97 ref: 98 apiVersion: bootstrap.cluster.x-k8s.io/v1alpha1 99 kind: OCNEConfigTemplate 100 name: ${CLUSTER_NAME}-md-1-template 101 namespace: ${CLUSTER_NAMESPACE} 102 infrastructure: 103 ref: 104 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 105 kind: OCIMachineTemplate 106 name: ${CLUSTER_NAME}-md-1-machine-template 107 namespace: ${CLUSTER_NAMESPACE} 108 variables: 109 - name: moduleOperatorEnabled 110 required: false 111 schema: 112 openAPIV3Schema: 113 type: boolean 114 description: Flag to enable Module Operator. 115 default: true 116 example: true 117 - name: verrazzanoPlatformOperatorEnabled 118 required: false 119 schema: 120 openAPIV3Schema: 121 type: boolean 122 description: Flag to enable VPO. 123 default: true 124 example: true 125 - name: imagePullSecret 126 required: false 127 schema: 128 openAPIV3Schema: 129 type: string 130 description: Default image pull secret. 131 default: verrazzano-container-registry 132 example: test-secret 133 - name: imageName 134 required: false 135 schema: 136 openAPIV3Schema: 137 type: string 138 description: Default container registry. 139 default: ghcr.io/verrazzano 140 example: ghcr.io/verrazzano 141 - name: imageTag 142 required: false 143 schema: 144 openAPIV3Schema: 145 type: string 146 description: Default image tag. 147 patches: 148 - name: moduleOperatorEnabled 149 definitions: 150 - selector: 151 apiVersion: controlplane.cluster.x-k8s.io/v1alpha1 152 kind: OCNEControlPlaneTemplate 153 matchResources: 154 controlPlane: true 155 jsonPatches: 156 - op: replace 157 path: /spec/template/spec/moduleOperator/enabled 158 valueFrom: 159 variable: moduleOperatorEnabled 160 - name: verrazzanoPlatformOperatorEnabled 161 definitions: 162 - selector: 163 apiVersion: controlplane.cluster.x-k8s.io/v1alpha1 164 kind: OCNEControlPlaneTemplate 165 matchResources: 166 controlPlane: true 167 jsonPatches: 168 - op: replace 169 path: /spec/template/spec/verrazzanoPlatformOperator/enabled 170 valueFrom: 171 variable: verrazzanoPlatformOperatorEnabled 172 - name: imagePullSecret 173 definitions: 174 - selector: 175 apiVersion: controlplane.cluster.x-k8s.io/v1alpha1 176 kind: OCNEControlPlaneTemplate 177 matchResources: 178 controlPlane: true 179 jsonPatches: 180 - op: add 181 path: /spec/template/spec/verrazzanoPlatformOperator/imagePullSecrets 182 valueFrom: 183 template: | 184 - name: ${IMAGE_PULL_SECRET=verrazzano-container-registry} 185 - name: imageName 186 definitions: 187 - selector: 188 apiVersion: controlplane.cluster.x-k8s.io/v1alpha1 189 kind: OCNEControlPlaneTemplate 190 matchResources: 191 controlPlane: true 192 jsonPatches: 193 - op: add 194 path: /spec/template/spec/verrazzanoPlatformOperator/image/repository 195 valueFrom: 196 variable: imageName 197 - name: imageTag 198 definitions: 199 - selector: 200 apiVersion: controlplane.cluster.x-k8s.io/v1alpha1 201 kind: OCNEControlPlaneTemplate 202 matchResources: 203 controlPlane: true 204 jsonPatches: 205 - op: add 206 path: /spec/template/spec/verrazzanoPlatformOperator/image/tag 207 valueFrom: 208 variable: imageTag 209 --- 210 apiVersion: v1 211 kind: Secret 212 metadata: 213 name: ${CLUSTER_NAME}-user-credentials 214 namespace: ${CLUSTER_NAMESPACE} 215 type: Opaque 216 data: 217 tenancy: ${OCI_TENANCY_ID_B64} 218 user: ${OCI_USER_ID_B64} 219 key: ${OCI_CREDENTIALS_KEY_B64} 220 fingerprint: ${OCI_CREDENTIALS_FINGERPRINT_B64} 221 passphrase: "" 222 region: ${OCI_REGION_B64} 223 --- 224 apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 225 kind: OCIClusterIdentity 226 metadata: 227 name: ${CLUSTER_NAME}-cluster-identity 228 namespace: ${CLUSTER_NAMESPACE} 229 spec: 230 type: UserPrincipal 231 principalSecret: 232 name: ${CLUSTER_NAME}-user-credentials 233 namespace: ${CLUSTER_NAMESPACE} 234 allowedNamespaces: {} 235 --- 236 apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 237 kind: OCIClusterTemplate 238 metadata: 239 name: ${CLUSTER_NAME}-cluster-template 240 namespace: ${CLUSTER_NAMESPACE} 241 spec: 242 template: 243 spec: 244 compartmentId: ${OCI_COMPARTMENT_ID} 245 identityRef: 246 apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 247 kind: OCIClusterIdentity 248 name: ${CLUSTER_NAME}-cluster-identity 249 namespace: ${CLUSTER_NAMESPACE} 250 networkSpec: 251 apiServerLoadBalancer: 252 loadBalancerType: "lb" 253 vcn: 254 name: ${CLUSTER_NAME} 255 cidr: "10.0.0.0/16" 256 subnets: 257 - cidr: 10.0.0.8/29 258 name: ocne-control-plane-endpoint 259 role: control-plane-endpoint 260 type: public 261 securityList: 262 name: ocne-control-plane-endpoint-security-list 263 egressRules: 264 - description: Kubernetes API traffic to Control Plane 265 destination: 10.0.0.0/29 266 destinationType: CIDR_BLOCK 267 isStateless: false 268 protocol: "6" 269 tcpOptions: 270 destinationPortRange: 271 max: 6443 272 min: 6443 273 ingressRules: 274 - description: External access to Kubernetes API endpoint 275 protocol: "6" 276 source: 0.0.0.0/0 277 sourceType: CIDR_BLOCK 278 tcpOptions: 279 destinationPortRange: 280 max: 6443 281 min: 6443 282 - description: ICMP Peath discovery 283 icmpOptions: 284 code: 4 285 type: 3 286 protocol: "1" 287 source: 10.0.0.0/16 288 sourceType: CIDR_BLOCK 289 - cidr: 10.0.0.0/29 290 name: ocne-control-plane 291 role: control-plane 292 type: private 293 securityList: 294 name: ocne-control-plane-security-list 295 egressRules: 296 - description: Control Plane access to Internet 297 destination: 0.0.0.0/0 298 destinationType: CIDR_BLOCK 299 protocol: all 300 ingressRules: 301 - description: Inbound East-West traffic 302 source: 10.0.0.0/16 303 sourceType: CIDR_BLOCK 304 protocol: all 305 - description: Kubernetes API endpoint to Control Plane(apiserver port) 306 communication 307 protocol: "6" 308 source: 10.0.0.8/29 309 sourceType: CIDR_BLOCK 310 tcpOptions: 311 destinationPortRange: 312 max: 6443 313 min: 6443 314 - description: Control plane node to Control Plane(apiserver port) communication 315 protocol: "6" 316 source: 10.0.0.0/29 317 sourceType: CIDR_BLOCK 318 tcpOptions: 319 destinationPortRange: 320 max: 6443 321 min: 6443 322 - description: Worker Node to Control Plane(apiserver port) communication 323 protocol: "6" 324 source: 10.0.64.0/20 325 sourceType: CIDR_BLOCK 326 tcpOptions: 327 destinationPortRange: 328 max: 6443 329 min: 6443 330 - description: etcd client communication 331 protocol: "6" 332 source: 10.0.0.0/29 333 sourceType: CIDR_BLOCK 334 tcpOptions: 335 destinationPortRange: 336 max: 2379 337 min: 2379 338 - description: etcd peer 339 protocol: "6" 340 source: 10.0.0.0/29 341 sourceType: CIDR_BLOCK 342 tcpOptions: 343 destinationPortRange: 344 max: 2380 345 min: 2380 346 - description: Calico networking (BGP) 347 protocol: "6" 348 source: 10.0.0.0/29 349 sourceType: CIDR_BLOCK 350 tcpOptions: 351 destinationPortRange: 352 max: 179 353 min: 179 354 - description: Calico networking (BGP) 355 protocol: "6" 356 source: 10.0.64.0/20 357 sourceType: CIDR_BLOCK 358 tcpOptions: 359 destinationPortRange: 360 max: 179 361 min: 179 362 - description: Calico networking with IP-in-IP enabled 363 protocol: "4" 364 source: 10.0.0.0/29 365 sourceType: CIDR_BLOCK 366 - description: Calico networking with IP-in-IP enabled 367 protocol: "4" 368 source: 10.0.64.0/20 369 sourceType: CIDR_BLOCK 370 - description: Path discovery 371 icmpOptions: 372 code: 4 373 type: 3 374 protocol: "1" 375 source: 10.0.0.0/16 376 sourceType: CIDR_BLOCK 377 - description: Inbound SSH traffic to Control Plane 378 protocol: "6" 379 source: 0.0.0.0/0 380 sourceType: CIDR_BLOCK 381 tcpOptions: 382 destinationPortRange: 383 max: 22 384 min: 22 385 - description: Control Plane to Control Plane Kubelet Communication 386 protocol: "6" 387 source: 10.0.0.0/29 388 sourceType: CIDR_BLOCK 389 tcpOptions: 390 destinationPortRange: 391 max: 10250 392 min: 10250 393 - cidr: 10.0.0.32/27 394 name: ocne-service-lb 395 role: service-lb 396 type: public 397 securityList: 398 name: ocne-service-lb-security-list 399 egressRules: 400 - description: Service LoadBalancer to default NodePort egress communication 401 destination: 10.0.64.0/20 402 destinationType: CIDR_BLOCK 403 protocol: "6" 404 tcpOptions: 405 destinationPortRange: 406 max: 32767 407 min: 30000 408 ingressRules: 409 - description: Path discovery 410 icmpOptions: 411 code: 4 412 type: 3 413 protocol: "1" 414 source: 10.0.0.0/16 415 sourceType: CIDR_BLOCK 416 - description: Accept http traffic on port 80 417 protocol: "6" 418 source: 0.0.0.0/0 419 sourceType: CIDR_BLOCK 420 tcpOptions: 421 destinationPortRange: 422 max: 80 423 min: 80 424 - description: Accept https traffic on port 443 425 protocol: "6" 426 source: 0.0.0.0/0 427 sourceType: CIDR_BLOCK 428 tcpOptions: 429 destinationPortRange: 430 max: 443 431 min: 443 432 - cidr: 10.0.64.0/20 433 name: ocne-worker 434 role: worker 435 type: private 436 securityList: 437 name: ocne-worker-security-list 438 egressRules: 439 - description: Worker node access to Internet 440 destination: 0.0.0.0/0 441 destinationType: CIDR_BLOCK 442 protocol: all 443 ingressRules: 444 - description: Inbound East-West traffic 445 source: 10.0.0.0/16 446 sourceType: CIDR_BLOCK 447 isStateless: false 448 protocol: all 449 - description: Inbound SSH traffic to worker node 450 protocol: "6" 451 source: 0.0.0.0/0 452 sourceType: CIDR_BLOCK 453 tcpOptions: 454 destinationPortRange: 455 max: 22 456 min: 22 457 - description: Path discovery 458 icmpOptions: 459 code: 4 460 type: 3 461 protocol: "1" 462 source: 10.0.0.0/16 463 sourceType: CIDR_BLOCK 464 - description: Control Plane to worker node Kubelet Communication 465 protocol: "6" 466 source: 10.0.0.0/29 467 sourceType: CIDR_BLOCK 468 tcpOptions: 469 destinationPortRange: 470 max: 10250 471 min: 10250 472 - description: Worker node to worker node Kubelet Communication 473 protocol: "6" 474 source: 10.0.64.0/20 475 sourceType: CIDR_BLOCK 476 tcpOptions: 477 destinationPortRange: 478 max: 10250 479 min: 10250 480 - description: Calico networking (BGP) 481 protocol: "6" 482 source: 10.0.0.0/29 483 sourceType: CIDR_BLOCK 484 tcpOptions: 485 destinationPortRange: 486 max: 179 487 min: 179 488 - description: Calico networking (BGP) 489 protocol: "6" 490 source: 10.0.64.0/20 491 sourceType: CIDR_BLOCK 492 tcpOptions: 493 destinationPortRange: 494 max: 179 495 min: 179 496 - description: Calico networking with IP-in-IP enabled 497 protocol: "4" 498 source: 10.0.0.0/29 499 sourceType: CIDR_BLOCK 500 - description: Calico networking with IP-in-IP enabled 501 protocol: "4" 502 source: 10.0.64.0/20 503 sourceType: CIDR_BLOCK 504 - description: Worker node to default NodePort ingress communication 505 protocol: "6" 506 source: 10.0.64.0/20 507 sourceType: CIDR_BLOCK 508 tcpOptions: 509 destinationPortRange: 510 max: 32767 511 min: 30000 512 --- 513 kind: OCNEControlPlaneTemplate 514 apiVersion: controlplane.cluster.x-k8s.io/v1alpha1 515 metadata: 516 name: ${CLUSTER_NAME}-control-plane-template 517 namespace: ${CLUSTER_NAMESPACE} 518 spec: 519 template: 520 spec: 521 moduleOperator: 522 enabled: true 523 verrazzanoPlatformOperator: 524 enabled: true 525 imagePullSecrets: 526 - name: ${IMAGE_PULL_SECRET=verrazzano-container-registry} 527 image: 528 repository: ${VPO_IMAGE} 529 tag: ${VPO_TAG} 530 controlPlaneConfig: 531 clusterConfiguration: 532 apiServer: 533 certSANs: 534 - localhost 535 - 127.0.0.1 536 dns: 537 imageRepository: ${OCNE_IMAGE_REPOSITORY=container-registry.oracle.com}/${OCNE_IMAGE_PATH=olcne} 538 imageTag: ${DNS_TAG=v1.9.3} 539 etcd: 540 local: 541 imageRepository: ${OCNE_IMAGE_REPOSITORY=container-registry.oracle.com}/${OCNE_IMAGE_PATH=olcne} 542 imageTag: ${ETCD_TAG=3.5.6} 543 networking: {} 544 scheduler: {} 545 imageRepository: ${OCNE_IMAGE_REPOSITORY=container-registry.oracle.com}/${OCNE_IMAGE_PATH=olcne} 546 initConfiguration: 547 nodeRegistration: 548 criSocket: /var/run/crio/crio.sock 549 kubeletExtraArgs: 550 cloud-provider: external 551 provider-id: oci://{{ ds["id"] }} 552 joinConfiguration: 553 discovery: {} 554 nodeRegistration: 555 criSocket: /var/run/crio/crio.sock 556 kubeletExtraArgs: 557 cloud-provider: external 558 provider-id: oci://{{ ds["id"] }} 559 --- 560 apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 561 kind: OCIMachineTemplate 562 metadata: 563 name: ${CLUSTER_NAME}-control-plane-machine-template 564 namespace: ${CLUSTER_NAMESPACE} 565 spec: 566 template: 567 spec: 568 bootVolumeSizeInGBs: "${OCI_NODE_BOOT_VOLUME=100}" 569 compartmentId: ${OCI_COMPARTMENT_ID} 570 imageId: ${OCI_IMAGE_ID} 571 isPvEncryptionInTransitEnabled: ${OCI_NODE_PV_TRANSIT_ENCRYPTION=false} 572 metadata: 573 ssh_authorized_keys: ${OCI_SSH_KEY} 574 shape: ${OCI_NODE_MACHINE_TYPE=VM.Standard.E4.Flex} 575 shapeConfig: 576 ocpus: "${OCI_NODE_MACHINE_TYPE_OCPUS=4}" 577 memoryInGBs: "${OCI_NODE_MACHINE_MEMORY_GBS=80}" 578 --- 579 apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 580 kind: OCIMachineTemplate 581 metadata: 582 name: ${CLUSTER_NAME}-md-0-machine-template 583 namespace: ${CLUSTER_NAMESPACE} 584 spec: 585 template: 586 spec: 587 bootVolumeSizeInGBs: "${OCI_NODE_BOOT_VOLUME=100}" 588 compartmentId: ${OCI_COMPARTMENT_ID} 589 imageId: ${OCI_IMAGE_ID} 590 isPvEncryptionInTransitEnabled: ${OCI_NODE_PV_TRANSIT_ENCRYPTION=false} 591 metadata: 592 ssh_authorized_keys: ${OCI_SSH_KEY} 593 shape: ${OCI_NODE_MACHINE_TYPE=VM.Standard.E4.Flex} 594 shapeConfig: 595 ocpus: "${OCI_NODE_MACHINE_TYPE_OCPUS=4}" 596 memoryInGBs: "${OCI_NODE_MACHINE_MEMORY_GBS=80}" 597 --- 598 apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 599 kind: OCIMachineTemplate 600 metadata: 601 name: ${CLUSTER_NAME}-md-1-machine-template 602 namespace: ${CLUSTER_NAMESPACE} 603 spec: 604 template: 605 spec: 606 bootVolumeSizeInGBs: "${OCI_NODE_BOOT_VOLUME=100}" 607 compartmentId: ${OCI_COMPARTMENT_ID} 608 imageId: ${OCI_IMAGE_ID} 609 isPvEncryptionInTransitEnabled: ${OCI_NODE_PV_TRANSIT_ENCRYPTION=false} 610 metadata: 611 ssh_authorized_keys: ${OCI_SSH_KEY} 612 shape: ${OCI_NODE_MACHINE_TYPE=VM.Standard.E4.Flex} 613 shapeConfig: 614 ocpus: "${OCI_NODE_MACHINE_TYPE_OCPUS=4}" 615 memoryInGBs: "${OCI_NODE_MACHINE_MEMORY_GBS=80}" 616 --- 617 apiVersion: bootstrap.cluster.x-k8s.io/v1alpha1 618 kind: OCNEConfigTemplate 619 metadata: 620 name: ${CLUSTER_NAME}-md-0-template 621 namespace: ${CLUSTER_NAMESPACE} 622 spec: 623 template: 624 spec: 625 clusterConfiguration: 626 imageRepository: ${OCNE_IMAGE_REPOSITORY=container-registry.oracle.com}/${OCNE_IMAGE_PATH=olcne} 627 joinConfiguration: 628 nodeRegistration: 629 kubeletExtraArgs: 630 cloud-provider: external 631 provider-id: oci://{{ ds["id"] }} 632 --- 633 apiVersion: bootstrap.cluster.x-k8s.io/v1alpha1 634 kind: OCNEConfigTemplate 635 metadata: 636 name: ${CLUSTER_NAME}-md-1-template 637 namespace: ${CLUSTER_NAMESPACE} 638 spec: 639 template: 640 spec: 641 clusterConfiguration: 642 imageRepository: ${OCNE_IMAGE_REPOSITORY=container-registry.oracle.com}/${OCNE_IMAGE_PATH=olcne} 643 joinConfiguration: 644 nodeRegistration: 645 kubeletExtraArgs: 646 cloud-provider: external 647 provider-id: oci://{{ ds["id"] }}