sigs.k8s.io/cluster-api-provider-aws@v1.5.5/templates/cluster-template-multitenancy-clusterclass.yaml (about) 1 apiVersion: cluster.x-k8s.io/v1beta1 2 kind: ClusterClass 3 metadata: 4 name: multi-tenancy 5 spec: 6 controlPlane: 7 ref: 8 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 9 kind: KubeadmControlPlaneTemplate 10 name: multi-tenancy-control-plane 11 machineInfrastructure: 12 ref: 13 kind: AWSMachineTemplate 14 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 15 name: multi-tenancy-control-plane 16 infrastructure: 17 ref: 18 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 19 kind: AWSClusterTemplate 20 name: multi-tenancy 21 workers: 22 machineDeployments: 23 - class: default-worker 24 template: 25 bootstrap: 26 ref: 27 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 28 kind: KubeadmConfigTemplate 29 name: multi-tenancy-worker-bootstraptemplate 30 infrastructure: 31 ref: 32 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 33 kind: AWSMachineTemplate 34 name: multi-tenancy-worker-machinetemplate 35 variables: 36 - name: region 37 required: true 38 schema: 39 openAPIV3Schema: 40 type: string 41 default: us-east-1 42 - name: sshKeyName 43 required: true 44 schema: 45 openAPIV3Schema: 46 type: string 47 default: default 48 - name: controlPlaneMachineType 49 required: true 50 schema: 51 openAPIV3Schema: 52 type: string 53 default: t3.large 54 - name: workerMachineType 55 required: true 56 schema: 57 openAPIV3Schema: 58 type: string 59 default: t3.large 60 - name: bastionEnabled 61 required: false 62 schema: 63 openAPIV3Schema: 64 type: boolean 65 - name: vpcAZUsageLimit 66 required: false 67 schema: 68 openAPIV3Schema: 69 type: integer 70 - name: identityRef 71 required: false 72 schema: 73 openAPIV3Schema: 74 type: object 75 properties: 76 kind: 77 type: string 78 name: 79 type: string 80 required: 81 - kind 82 - name 83 patches: 84 - name: awsClusterTemplateGeneral 85 definitions: 86 - selector: 87 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 88 kind: AWSClusterTemplate 89 matchResources: 90 infrastructureCluster: true 91 jsonPatches: 92 - op: add 93 path: "/spec/template/spec/region" 94 valueFrom: 95 variable: region 96 - op: add 97 path: "/spec/template/spec/sshKeyName" 98 valueFrom: 99 variable: sshKeyName 100 - op: replace 101 path: "/spec/template/spec/bastion/enabled" 102 valueFrom: 103 variable: bastionEnabled 104 - op: replace 105 path: "/spec/template/spec/network/vpc/availabilityZoneUsageLimit" 106 valueFrom: 107 variable: vpcAZUsageLimit 108 - op: replace 109 path: "/spec/template/spec/identityRef" 110 valueFrom: 111 variable: identityRef 112 - name: awsMachineTemplateControlPlane 113 definitions: 114 - selector: 115 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 116 kind: AWSMachineTemplate 117 matchResources: 118 controlPlane: true 119 jsonPatches: 120 - op: replace 121 path: "/spec/template/spec/instanceType" 122 valueFrom: 123 variable: controlPlaneMachineType 124 - op: add 125 path: "/spec/template/spec/sshKeyName" 126 valueFrom: 127 variable: sshKeyName 128 - name: awsMachineTemplateWorker 129 definitions: 130 - selector: 131 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 132 kind: AWSMachineTemplate 133 matchResources: 134 machineDeploymentClass: 135 names: 136 - default-worker 137 jsonPatches: 138 - op: replace 139 path: "/spec/template/spec/instanceType" 140 valueFrom: 141 variable: workerMachineType 142 - op: add 143 path: "/spec/template/spec/sshKeyName" 144 valueFrom: 145 variable: sshKeyName 146 --- 147 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 148 kind: AWSClusterTemplate 149 metadata: 150 name: multi-tenancy 151 spec: 152 template: 153 spec: {} 154 --- 155 kind: KubeadmControlPlaneTemplate 156 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 157 metadata: 158 name: multi-tenancy-control-plane 159 spec: 160 template: 161 spec: 162 kubeadmConfigSpec: 163 clusterConfiguration: 164 apiServer: 165 extraArgs: 166 cloud-provider: aws 167 controllerManager: 168 extraArgs: 169 cloud-provider: aws 170 initConfiguration: 171 nodeRegistration: 172 name: '{{ ds.meta_data.local_hostname }}' 173 kubeletExtraArgs: 174 cloud-provider: aws 175 joinConfiguration: 176 nodeRegistration: 177 name: '{{ ds.meta_data.local_hostname }}' 178 kubeletExtraArgs: 179 cloud-provider: aws 180 --- 181 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 182 kind: AWSMachineTemplate 183 metadata: 184 name: multi-tenancy-control-plane 185 spec: 186 template: 187 spec: 188 # instanceType is a required field (OpenAPI schema). 189 instanceType: REPLACEME 190 iamInstanceProfile: "control-plane.cluster-api-provider-aws.sigs.k8s.io" 191 --- 192 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 193 kind: AWSMachineTemplate 194 metadata: 195 name: multi-tenancy-worker-machinetemplate 196 spec: 197 template: 198 spec: 199 # instanceType is a required field (OpenAPI schema). 200 instanceType: REPLACEME 201 iamInstanceProfile: "nodes.cluster-api-provider-aws.sigs.k8s.io" 202 --- 203 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 204 kind: KubeadmConfigTemplate 205 metadata: 206 name: "multi-tenancy-worker-bootstraptemplate" 207 spec: 208 template: 209 spec: 210 joinConfiguration: 211 nodeRegistration: 212 name: '{{ ds.meta_data.local_hostname }}' 213 kubeletExtraArgs: 214 cloud-provider: aws 215 --- 216 apiVersion: cluster.x-k8s.io/v1beta1 217 kind: Cluster 218 metadata: 219 labels: 220 cni: ${CLUSTER_NAME}-crs-0 221 name: ${CLUSTER_NAME} 222 spec: 223 clusterNetwork: 224 pods: 225 cidrBlocks: 226 - 192.168.0.0/16 227 topology: 228 class: multi-tenancy 229 controlPlane: 230 replicas: ${CONTROL_PLANE_MACHINE_COUNT} 231 variables: 232 - name: region 233 value: ${AWS_REGION} 234 - name: sshKeyName 235 value: ${AWS_SSH_KEY_NAME} 236 - name: controlPlaneMachineType 237 value: ${AWS_CONTROL_PLANE_MACHINE_TYPE} 238 - name: workerMachineType 239 value: ${AWS_NODE_MACHINE_TYPE} 240 - name: bastionEnabled 241 value: true 242 - name: vpcAZUsageLimit 243 value: 1 244 - name: identityRef 245 value: 246 kind: AWSClusterRoleIdentity 247 name: ${MULTI_TENANCY_NESTED_IDENTITY_NAME} 248 version: ${KUBERNETES_VERSION} 249 workers: 250 machineDeployments: 251 - class: default-worker 252 name: md-0 253 replicas: ${WORKER_MACHINE_COUNT} 254 --- 255 apiVersion: v1 256 data: ${CNI_RESOURCES} 257 kind: ConfigMap 258 metadata: 259 name: cni-${CLUSTER_NAME}-crs-0 260 --- 261 apiVersion: addons.cluster.x-k8s.io/v1beta1 262 kind: ClusterResourceSet 263 metadata: 264 name: ${CLUSTER_NAME}-crs-0 265 spec: 266 clusterSelector: 267 matchLabels: 268 cni: ${CLUSTER_NAME}-crs-0 269 resources: 270 - kind: ConfigMap 271 name: cni-${CLUSTER_NAME}-crs-0 272 strategy: ApplyOnce 273 --- 274 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 275 kind: AWSClusterRoleIdentity 276 metadata: 277 name: ${MULTI_TENANCY_JUMP_IDENTITY_NAME} 278 spec: 279 allowedNamespaces: {} 280 durationSeconds: 900 281 roleARN: ${MULTI_TENANCY_JUMP_ROLE_ARN} 282 sessionName: ${MULTI_TENANCY_JUMP_IDENTITY_NAME}-session 283 sourceIdentityRef: 284 kind: AWSClusterControllerIdentity 285 name: default 286 --- 287 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 288 kind: AWSClusterRoleIdentity 289 metadata: 290 name: ${MULTI_TENANCY_NESTED_IDENTITY_NAME} 291 spec: 292 allowedNamespaces: {} 293 roleARN: ${MULTI_TENANCY_NESTED_ROLE_ARN} 294 sessionName: ${MULTI_TENANCY_NESTED_IDENTITY_NAME}-session 295 sourceIdentityRef: 296 kind: AWSClusterRoleIdentity 297 name: ${MULTI_TENANCY_JUMP_IDENTITY_NAME}