sigs.k8s.io/cluster-api-provider-azure@v1.14.3/templates/test/ci/cluster-template-prow.yaml (about) 1 apiVersion: cluster.x-k8s.io/v1beta1 2 kind: Cluster 3 metadata: 4 labels: 5 cloud-provider: ${CLOUD_PROVIDER_AZURE_LABEL:=azure} 6 cni: calico 7 cni-windows: ${CLUSTER_NAME}-calico 8 containerd-logger: enabled 9 csi-proxy: enabled 10 name: ${CLUSTER_NAME} 11 namespace: default 12 spec: 13 clusterNetwork: 14 pods: 15 cidrBlocks: 16 - 192.168.0.0/16 17 controlPlaneRef: 18 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 19 kind: KubeadmControlPlane 20 name: ${CLUSTER_NAME}-control-plane 21 infrastructureRef: 22 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 23 kind: AzureCluster 24 name: ${CLUSTER_NAME} 25 --- 26 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 27 kind: AzureCluster 28 metadata: 29 name: ${CLUSTER_NAME} 30 namespace: default 31 spec: 32 additionalTags: 33 buildProvenance: ${BUILD_PROVENANCE} 34 creationTimestamp: ${TIMESTAMP} 35 jobName: ${JOB_NAME} 36 identityRef: 37 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 38 kind: AzureClusterIdentity 39 name: ${CLUSTER_IDENTITY_NAME} 40 location: ${AZURE_LOCATION} 41 networkSpec: 42 subnets: 43 - name: control-plane-subnet 44 role: control-plane 45 - name: node-subnet 46 role: node 47 vnet: 48 name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} 49 resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} 50 subscriptionID: ${AZURE_SUBSCRIPTION_ID} 51 --- 52 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 53 kind: KubeadmControlPlane 54 metadata: 55 name: ${CLUSTER_NAME}-control-plane 56 namespace: default 57 spec: 58 kubeadmConfigSpec: 59 clusterConfiguration: 60 apiServer: 61 extraArgs: 62 cloud-provider: external 63 feature-gates: ${K8S_FEATURE_GATES:-""} 64 timeoutForControlPlane: 20m 65 controllerManager: 66 extraArgs: 67 allocate-node-cidrs: "false" 68 cloud-provider: external 69 cluster-name: ${CLUSTER_NAME} 70 v: "4" 71 etcd: 72 local: 73 dataDir: /var/lib/etcddisk/etcd 74 extraArgs: 75 quota-backend-bytes: "8589934592" 76 diskSetup: 77 filesystems: 78 - device: /dev/disk/azure/scsi1/lun0 79 extraOpts: 80 - -E 81 - lazy_itable_init=1,lazy_journal_init=1 82 filesystem: ext4 83 label: etcd_disk 84 - device: ephemeral0.1 85 filesystem: ext4 86 label: ephemeral0 87 replaceFS: ntfs 88 partitions: 89 - device: /dev/disk/azure/scsi1/lun0 90 layout: true 91 overwrite: false 92 tableType: gpt 93 files: 94 - contentFrom: 95 secret: 96 key: control-plane-azure.json 97 name: ${CLUSTER_NAME}-control-plane-azure-json 98 owner: root:root 99 path: /etc/kubernetes/azure.json 100 permissions: "0644" 101 initConfiguration: 102 nodeRegistration: 103 kubeletExtraArgs: 104 cloud-provider: external 105 name: '{{ ds.meta_data["local_hostname"] }}' 106 joinConfiguration: 107 nodeRegistration: 108 kubeletExtraArgs: 109 cloud-provider: external 110 name: '{{ ds.meta_data["local_hostname"] }}' 111 mounts: 112 - - LABEL=etcd_disk 113 - /var/lib/etcddisk 114 postKubeadmCommands: [] 115 preKubeadmCommands: [] 116 machineTemplate: 117 infrastructureRef: 118 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 119 kind: AzureMachineTemplate 120 name: ${CLUSTER_NAME}-control-plane 121 replicas: ${CONTROL_PLANE_MACHINE_COUNT:=1} 122 version: ${KUBERNETES_VERSION} 123 --- 124 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 125 kind: AzureMachineTemplate 126 metadata: 127 name: ${CLUSTER_NAME}-control-plane 128 namespace: default 129 spec: 130 template: 131 spec: 132 dataDisks: 133 - diskSizeGB: 256 134 lun: 0 135 nameSuffix: etcddisk 136 osDisk: 137 diskSizeGB: 128 138 osType: Linux 139 sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} 140 vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} 141 --- 142 apiVersion: cluster.x-k8s.io/v1beta1 143 kind: MachineDeployment 144 metadata: 145 name: ${CLUSTER_NAME}-md-0 146 namespace: default 147 spec: 148 clusterName: ${CLUSTER_NAME} 149 replicas: ${WORKER_MACHINE_COUNT:=2} 150 selector: {} 151 template: 152 metadata: 153 labels: 154 nodepool: pool1 155 spec: 156 bootstrap: 157 configRef: 158 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 159 kind: KubeadmConfigTemplate 160 name: ${CLUSTER_NAME}-md-0 161 clusterName: ${CLUSTER_NAME} 162 infrastructureRef: 163 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 164 kind: AzureMachineTemplate 165 name: ${CLUSTER_NAME}-md-0 166 version: ${KUBERNETES_VERSION} 167 --- 168 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 169 kind: AzureMachineTemplate 170 metadata: 171 name: ${CLUSTER_NAME}-md-0 172 namespace: default 173 spec: 174 template: 175 spec: 176 osDisk: 177 diskSizeGB: 128 178 osType: Linux 179 sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} 180 vmExtensions: 181 - name: CustomScript 182 protectedSettings: 183 commandToExecute: | 184 #!/bin/sh 185 echo "This script is a no-op used for extension testing purposes ..." 186 touch test_file 187 publisher: Microsoft.Azure.Extensions 188 version: "2.1" 189 vmSize: ${AZURE_NODE_MACHINE_TYPE} 190 --- 191 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 192 kind: KubeadmConfigTemplate 193 metadata: 194 name: ${CLUSTER_NAME}-md-0 195 namespace: default 196 spec: 197 template: 198 spec: 199 files: 200 - contentFrom: 201 secret: 202 key: worker-node-azure.json 203 name: ${CLUSTER_NAME}-md-0-azure-json 204 owner: root:root 205 path: /etc/kubernetes/azure.json 206 permissions: "0644" 207 joinConfiguration: 208 nodeRegistration: 209 kubeletExtraArgs: 210 cloud-provider: external 211 name: '{{ ds.meta_data["local_hostname"] }}' 212 preKubeadmCommands: [] 213 --- 214 apiVersion: cluster.x-k8s.io/v1beta1 215 kind: MachineDeployment 216 metadata: 217 name: ${CLUSTER_NAME}-md-win 218 namespace: default 219 spec: 220 clusterName: ${CLUSTER_NAME} 221 replicas: ${WINDOWS_WORKER_MACHINE_COUNT:-0} 222 selector: {} 223 template: 224 spec: 225 bootstrap: 226 configRef: 227 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 228 kind: KubeadmConfigTemplate 229 name: ${CLUSTER_NAME}-md-win 230 clusterName: ${CLUSTER_NAME} 231 infrastructureRef: 232 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 233 kind: AzureMachineTemplate 234 name: ${CLUSTER_NAME}-md-win 235 version: ${KUBERNETES_VERSION} 236 --- 237 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 238 kind: AzureMachineTemplate 239 metadata: 240 annotations: 241 runtime: containerd 242 name: ${CLUSTER_NAME}-md-win 243 namespace: default 244 spec: 245 template: 246 metadata: 247 annotations: 248 runtime: containerd 249 windowsServerVersion: ${WINDOWS_SERVER_VERSION:=""} 250 spec: 251 osDisk: 252 diskSizeGB: 128 253 managedDisk: 254 storageAccountType: Premium_LRS 255 osType: Windows 256 sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} 257 vmSize: ${AZURE_NODE_MACHINE_TYPE} 258 --- 259 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 260 kind: KubeadmConfigTemplate 261 metadata: 262 name: ${CLUSTER_NAME}-md-win 263 namespace: default 264 spec: 265 template: 266 spec: 267 files: 268 - contentFrom: 269 secret: 270 key: worker-node-azure.json 271 name: ${CLUSTER_NAME}-md-win-azure-json 272 owner: root:root 273 path: c:/k/azure.json 274 permissions: "0644" 275 - content: |- 276 Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe 277 Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico-ipam.exe 278 path: C:/defender-exclude-calico.ps1 279 permissions: "0744" 280 - content: | 281 # /tmp is assumed created and required for upstream e2e tests to pass 282 New-Item -ItemType Directory -Force -Path C:\tmp\ 283 path: C:/create-temp-folder.ps1 284 permissions: "0744" 285 - content: | 286 $ErrorActionPreference = 'Stop' 287 288 $$CONTAINERD_URL="${WINDOWS_CONTAINERD_URL}" 289 if($$CONTAINERD_URL -ne ""){ 290 # Kubelet service depends on contianerd service so make a best effort attempt to stop it 291 Stop-Service kubelet -Force -ErrorAction SilentlyContinue 292 Stop-Service containerd -Force 293 echo "downloading containerd: $$CONTAINERD_URL" 294 curl.exe --retry 10 --retry-delay 5 -L "$$CONTAINERD_URL" --output "c:/k/containerd.tar.gz" 295 tar.exe -zxvf c:/k/containerd.tar.gz -C "c:/Program Files/containerd" --strip-components 1 296 297 Start-Service containerd 298 } 299 300 containerd.exe --version 301 containerd-shim-runhcs-v1.exe --version 302 path: C:/replace-containerd.ps1 303 permissions: "0744" 304 - content: | 305 mkdir -Force c:/localdumps 306 reg.exe add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps" /V DumpCount /t REG_DWORD /d 50 /f 307 reg.exe add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps" /V DumpType /t REG_DWORD /d 2 /f 308 reg.exe add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps" /V DumpFolder /t REG_EXPAND_SZ /d "c:/LocalDumps" /f 309 # Enable sftp so we can copy crash dump files during log collection of stfp 310 $sshd_config = "$env:ProgramData\ssh\sshd_config" 311 if (-not (Test-Path $sshd_config)) { mkdir -Force $sshd_config } 312 Add-Content -Path $sshd_config "Subsystem sftp sftp-server.exe" 313 sc.exe stop sshd 314 sc.exe start sshd 315 path: C:/collect-hns-crashes.ps1 316 permissions: "0744" 317 joinConfiguration: 318 nodeRegistration: 319 criSocket: npipe:////./pipe/containerd-containerd 320 kubeletExtraArgs: 321 cloud-provider: external 322 feature-gates: ${NODE_FEATURE_GATES:-""} 323 v: "2" 324 windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS 325 name: '{{ ds.meta_data["local_hostname"] }}' 326 postKubeadmCommands: 327 - nssm set kubelet start SERVICE_AUTO_START 328 - powershell C:/defender-exclude-calico.ps1 329 preKubeadmCommands: 330 - powershell C:/create-temp-folder.ps1 331 - powershell C:/replace-containerd.ps1 332 - powershell C:/collect-hns-crashes.ps1 333 users: 334 - groups: Administrators 335 name: capi 336 sshAuthorizedKeys: 337 - ${AZURE_SSH_PUBLIC_KEY:=""} 338 --- 339 apiVersion: cluster.x-k8s.io/v1beta1 340 kind: MachineHealthCheck 341 metadata: 342 name: ${CLUSTER_NAME}-mhc-0 343 namespace: default 344 spec: 345 clusterName: ${CLUSTER_NAME} 346 maxUnhealthy: 100% 347 selector: 348 matchLabels: 349 nodepool: pool1 350 unhealthyConditions: 351 - status: "True" 352 timeout: 30s 353 type: E2ENodeUnhealthy 354 --- 355 apiVersion: addons.cluster.x-k8s.io/v1beta1 356 kind: ClusterResourceSet 357 metadata: 358 name: ${CLUSTER_NAME}-calico-windows 359 namespace: default 360 spec: 361 clusterSelector: 362 matchLabels: 363 cni-windows: ${CLUSTER_NAME}-calico 364 resources: 365 - kind: ConfigMap 366 name: cni-${CLUSTER_NAME}-calico-windows 367 strategy: ApplyOnce 368 --- 369 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 370 kind: AzureClusterIdentity 371 metadata: 372 labels: 373 clusterctl.cluster.x-k8s.io/move-hierarchy: "true" 374 name: ${CLUSTER_IDENTITY_NAME} 375 namespace: default 376 spec: 377 allowedNamespaces: {} 378 clientID: ${AZURE_CLIENT_ID} 379 clientSecret: 380 name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} 381 namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} 382 tenantID: ${AZURE_TENANT_ID} 383 type: ServicePrincipal 384 --- 385 apiVersion: addons.cluster.x-k8s.io/v1beta1 386 kind: ClusterResourceSet 387 metadata: 388 name: csi-proxy 389 namespace: default 390 spec: 391 clusterSelector: 392 matchLabels: 393 csi-proxy: enabled 394 resources: 395 - kind: ConfigMap 396 name: csi-proxy-addon 397 strategy: ApplyOnce 398 --- 399 apiVersion: addons.cluster.x-k8s.io/v1beta1 400 kind: ClusterResourceSet 401 metadata: 402 name: containerd-logger-${CLUSTER_NAME} 403 namespace: default 404 spec: 405 clusterSelector: 406 matchLabels: 407 containerd-logger: enabled 408 resources: 409 - kind: ConfigMap 410 name: containerd-logger-${CLUSTER_NAME} 411 strategy: ApplyOnce 412 --- 413 apiVersion: addons.cluster.x-k8s.io/v1alpha1 414 kind: HelmChartProxy 415 metadata: 416 name: calico 417 namespace: default 418 spec: 419 chartName: tigera-operator 420 clusterSelector: 421 matchLabels: 422 cni: calico 423 namespace: tigera-operator 424 releaseName: projectcalico 425 repoURL: https://docs.tigera.io/calico/charts 426 valuesTemplate: |- 427 installation: 428 cni: 429 type: Calico 430 calicoNetwork: 431 bgp: Disabled 432 mtu: 1350 433 ipPools: 434 ipPools:{{range $i, $cidr := .Cluster.spec.clusterNetwork.pods.cidrBlocks }} 435 - cidr: {{ $cidr }} 436 encapsulation: VXLAN{{end}} 437 registry: mcr.microsoft.com/oss 438 # Image and registry configuration for the tigera/operator pod. 439 tigeraOperator: 440 image: tigera/operator 441 registry: mcr.microsoft.com/oss 442 calicoctl: 443 image: mcr.microsoft.com/oss/calico/ctl 444 version: ${CALICO_VERSION} 445 --- 446 apiVersion: addons.cluster.x-k8s.io/v1alpha1 447 kind: HelmChartProxy 448 metadata: 449 name: azuredisk-csi-driver-chart 450 namespace: default 451 spec: 452 chartName: azuredisk-csi-driver 453 clusterSelector: 454 matchLabels: 455 azuredisk-csi: "true" 456 namespace: kube-system 457 releaseName: azuredisk-csi-driver-oot 458 repoURL: https://raw.githubusercontent.com/kubernetes-sigs/azuredisk-csi-driver/master/charts 459 valuesTemplate: |- 460 controller: 461 replicas: 1 462 runOnControlPlane: true 463 windows: 464 useHostProcessContainers: {{ hasKey .Cluster.metadata.labels "cni-windows" }} 465 --- 466 apiVersion: addons.cluster.x-k8s.io/v1alpha1 467 kind: HelmChartProxy 468 metadata: 469 name: cloud-provider-azure-chart 470 namespace: default 471 spec: 472 chartName: cloud-provider-azure 473 clusterSelector: 474 matchLabels: 475 cloud-provider: azure 476 releaseName: cloud-provider-azure-oot 477 repoURL: https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/helm/repo 478 valuesTemplate: | 479 infra: 480 clusterName: {{ .Cluster.metadata.name }} 481 cloudControllerManager: 482 clusterCIDR: {{ .Cluster.spec.clusterNetwork.pods.cidrBlocks | join "," }} 483 logVerbosity: 4 484 --- 485 apiVersion: addons.cluster.x-k8s.io/v1alpha1 486 kind: HelmChartProxy 487 metadata: 488 name: cloud-provider-azure-chart-ci 489 namespace: default 490 spec: 491 chartName: cloud-provider-azure 492 clusterSelector: 493 matchLabels: 494 cloud-provider: azure-ci 495 releaseName: cloud-provider-azure-oot 496 repoURL: https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/helm/repo 497 valuesTemplate: | 498 infra: 499 clusterName: {{ .Cluster.metadata.name }} 500 cloudControllerManager: 501 cloudConfig: ${CLOUD_CONFIG:-"/etc/kubernetes/azure.json"} 502 cloudConfigSecretName: ${CONFIG_SECRET_NAME:-""} 503 clusterCIDR: {{ .Cluster.spec.clusterNetwork.pods.cidrBlocks | join "," }} 504 imageName: "${CCM_IMAGE_NAME:-""}" 505 imageRepository: "${IMAGE_REGISTRY:-""}" 506 imageTag: "${IMAGE_TAG_CCM:-""}" 507 logVerbosity: ${CCM_LOG_VERBOSITY:-4} 508 replicas: ${CCM_COUNT:-1} 509 enableDynamicReloading: ${ENABLE_DYNAMIC_RELOADING:-false} 510 cloudNodeManager: 511 imageName: "${CNM_IMAGE_NAME:-""}" 512 imageRepository: "${IMAGE_REGISTRY:-""}" 513 imageTag: "${IMAGE_TAG_CNM:-""}" 514 --- 515 apiVersion: v1 516 data: 517 proxy: | 518 apiVersion: apps/v1 519 kind: DaemonSet 520 metadata: 521 labels: 522 k8s-app: kube-proxy 523 name: kube-proxy-windows 524 namespace: kube-system 525 spec: 526 selector: 527 matchLabels: 528 k8s-app: kube-proxy-windows 529 template: 530 metadata: 531 labels: 532 k8s-app: kube-proxy-windows 533 spec: 534 serviceAccountName: kube-proxy 535 securityContext: 536 windowsOptions: 537 hostProcess: true 538 runAsUserName: "NT AUTHORITY\\system" 539 hostNetwork: true 540 containers: 541 - image: sigwindowstools/kube-proxy:${KUBERNETES_VERSION/+/_}-calico-hostprocess 542 args: ["$env:CONTAINER_SANDBOX_MOUNT_POINT/kube-proxy/start.ps1"] 543 workingDir: "$env:CONTAINER_SANDBOX_MOUNT_POINT/kube-proxy/" 544 name: kube-proxy 545 env: 546 - name: NODE_NAME 547 valueFrom: 548 fieldRef: 549 apiVersion: v1 550 fieldPath: spec.nodeName 551 - name: POD_IP 552 valueFrom: 553 fieldRef: 554 fieldPath: status.podIP 555 - name: KUBEPROXY_PATH 556 valueFrom: 557 configMapKeyRef: 558 name: windows-kubeproxy-ci 559 key: KUBEPROXY_PATH 560 optional: true 561 volumeMounts: 562 - mountPath: /var/lib/kube-proxy 563 name: kube-proxy 564 nodeSelector: 565 kubernetes.io/os: windows 566 tolerations: 567 - key: CriticalAddonsOnly 568 operator: Exists 569 - operator: Exists 570 volumes: 571 - configMap: 572 name: kube-proxy 573 name: kube-proxy 574 updateStrategy: 575 type: RollingUpdate 576 windows-cni: "# strictAffinity required for windows\napiVersion: crd.projectcalico.org/v1\nkind: 577 IPAMConfig\nmetadata:\n name: default\nspec:\n autoAllocateBlocks: true\n strictAffinity: 578 true\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-static-rules\n 579 \ namespace: calico-system\n labels:\n tier: node\n app: calico\ndata:\n 580 \ static-rules.json: |\n {\n \"Provider\": \"azure\",\n \"Version\": 581 \"0.1\",\n \"Rules\": [\n {\n \"Name\": \"EndpointPolicy\",\n 582 \ \"Rule\": {\n \"Id\": \"wireserver\",\n \"Type\": 583 \"ACL\",\n \"Protocol\": 6,\n \"Action\": \"Block\",\n 584 \ \"Direction\": \"Out\",\n \"RemoteAddresses\": \"168.63.129.16/32\",\n 585 \ \"RemotePorts\": \"80\",\n \"Priority\": 200,\n \"RuleType\": 586 \"Switch\"\n }\n }\n ]\n } \n---\nkind: ConfigMap\napiVersion: 587 v1\nmetadata:\n name: calico-config-windows\n namespace: calico-system\n labels:\n 588 \ tier: node\n app: calico\ndata:\n veth_mtu: \"1350\"\n \n cni_network_config: 589 |\n {\n \"name\": \"Calico\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": 590 [\n {\n \"windows_use_single_network\": true,\n \"type\": 591 \"calico\",\n \"mode\": \"vxlan\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n 592 \ \"nodename_file_optional\": true,\n \"log_file_path\": \"c:/cni.log\",\n 593 \ \"log_level\": \"debug\",\n\n \"vxlan_mac_prefix\": \"0E-2A\",\n 594 \ \"vxlan_vni\": 4096,\n \"mtu\": __CNI_MTU__,\n \"policy\": 595 {\n \"type\": \"k8s\"\n },\n\n \"log_level\": \"info\",\n\n 596 \ \"capabilities\": {\"dns\": true},\n \"DNS\": {\n \"Search\": 597 \ [\n \"svc.cluster.local\"\n ]\n },\n\n \"datastore_type\": 598 \"kubernetes\",\n\n \"kubernetes\": {\n \"kubeconfig\": \"__KUBECONFIG_FILEPATH__\"\n 599 \ },\n\n \"ipam\": {\n \"type\": \"calico-ipam\",\n 600 \ \"subnet\": \"usePodCidr\"\n },\n\n \"policies\": 601 \ [\n {\n \"Name\": \"EndpointPolicy\",\n \"Value\": 602 \ {\n \"Type\": \"OutBoundNAT\",\n \"ExceptionList\": 603 \ [\n \"__K8S_SERVICE_CIDR__\"\n ]\n }\n 604 \ },\n {\n \"Name\": \"EndpointPolicy\",\n 605 \ \"Value\": {\n \"Type\": \"SDNROUTE\",\n \"DestinationPrefix\": 606 \ \"__K8S_SERVICE_CIDR__\",\n \"NeedEncap\": true\n }\n 607 \ }\n ]\n }\n ]\n\n }\n---\napiVersion: apps/v1\nkind: 608 DaemonSet\nmetadata:\n name: calico-node-windows\n labels:\n tier: node\n 609 \ app: calico\n namespace: calico-system\nspec:\n selector:\n matchLabels:\n 610 \ app: calico\n template:\n metadata:\n labels:\n tier: node\n 611 \ app: calico\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n 612 \ nodeSelectorTerms:\n - matchExpressions:\n - 613 key: kubernetes.io/os\n operator: In\n values:\n 614 \ - windows\n - key: kubernetes.io/arch\n 615 \ operator: In\n values:\n - 616 amd64\n securityContext:\n windowsOptions:\n hostProcess: 617 true\n runAsUserName: \"NT AUTHORITY\\\\system\"\n hostNetwork: 618 true\n serviceAccountName: calico-node\n tolerations:\n - operator: 619 Exists\n effect: NoSchedule\n # Mark the pod as a critical add-on 620 for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n 621 \ - effect: NoExecute\n operator: Exists\n initContainers:\n # 622 This container installs the CNI binaries\n # and CNI network config file 623 on each node.\n - name: install-cni\n image: sigwindowstools/calico-install:v3.26.1-hostprocess\n 624 \ args: [\"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/install.ps1\"]\n 625 \ imagePullPolicy: Always\n env:\n # Name of the CNI 626 config file to create.\n - name: CNI_CONF_NAME\n value: 627 \"10-calico.conflist\"\n # The CNI network config to install on each 628 node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n 629 \ name: calico-config-windows\n key: cni_network_config\n 630 \ # Set the hostname based on the k8s node name.\n - name: 631 KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: 632 spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n 633 \ valueFrom:\n configMapKeyRef:\n name: 634 calico-config-windows\n key: veth_mtu\n # Prevents 635 the container from sleeping forever.\n - name: SLEEP\n value: 636 \"false\"\n - name: K8S_SERVICE_CIDR\n value: \"10.96.0.0/12\"\n 637 \ volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: 638 cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: 639 cni-net-dir\n - name: kubeadm-config\n mountPath: /etc/kubeadm-config/\n 640 \ securityContext:\n windowsOptions:\n hostProcess: 641 true\n runAsUserName: \"NT AUTHORITY\\\\system\"\n containers:\n 642 \ - name: calico-node-startup\n image: sigwindowstools/calico-node:v3.26.1-hostprocess\n 643 \ args: [\"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/node-service.ps1\"]\n 644 \ workingDir: \"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/\"\n imagePullPolicy: 645 Always\n volumeMounts:\n - name: calico-config-windows\n mountPath: 646 /etc/kube-calico-windows/\n env:\n - name: POD_NAME\n valueFrom:\n 647 \ fieldRef:\n apiVersion: v1\n fieldPath: 648 metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n 649 \ apiVersion: v1\n fieldPath: metadata.namespace\n - 650 name: CNI_IPAM_TYPE\n value: \"calico-ipam\"\n - name: CALICO_NETWORKING_BACKEND\n 651 \ value: \"vxlan\"\n - name: KUBECONFIG\n value: \"C:/etc/cni/net.d/calico-kubeconfig\"\n 652 \ - name: VXLAN_VNI\n value: \"4096\"\n - name: calico-node-felix\n 653 \ image: sigwindowstools/calico-node:v3.26.1-hostprocess\n args: 654 [\"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/felix-service.ps1\"]\n imagePullPolicy: 655 Always\n workingDir: \"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/\"\n volumeMounts:\n 656 \ - name: calico-config-windows\n mountPath: /etc/kube-calico-windows/\n 657 \ - name: calico-static-rules\n mountPath: /calico/static-rules.json\n 658 \ subPath: static-rules.json\n env:\n - name: POD_NAME\n 659 \ valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: 660 metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n 661 \ apiVersion: v1\n fieldPath: metadata.namespace\n - 662 name: VXLAN_VNI\n value: \"4096\"\n - name: KUBECONFIG\n value: 663 \"C:/etc/cni/net.d/calico-kubeconfig\"\n volumes:\n - name: calico-config-windows\n 664 \ configMap:\n name: calico-config-windows\n - name: calico-static-rules\n 665 \ configMap:\n name: calico-static-rules\n # Used to install 666 CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n 667 \ - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n 668 \ - name: kubeadm-config\n configMap:\n name: kubeadm-config\n---\napiVersion: 669 apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamconfigs.crd.projectcalico.org\nspec:\n 670 \ group: crd.projectcalico.org\n names:\n kind: IPAMConfig\n listKind: 671 IPAMConfigList\n plural: ipamconfigs\n singular: ipamconfig\n preserveUnknownFields: 672 false\n scope: Cluster\n versions:\n - name: v1\n schema:\n openAPIV3Schema:\n 673 \ properties:\n apiVersion:\n description: 'APIVersion 674 defines the versioned schema of this representation\n of an object. 675 Servers should convert recognized schemas to the latest\n internal 676 value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n 677 \ type: string\n kind:\n description: 'Kind is a 678 string value representing the REST resource this\n object represents. 679 Servers may infer this from the endpoint the client\n submits requests 680 to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n 681 \ type: string\n metadata:\n type: object\n spec:\n 682 \ description: IPAMConfigSpec contains the specification for an IPAMConfig\n 683 \ resource.\n properties:\n autoAllocateBlocks:\n 684 \ type: boolean\n maxBlocksPerHost:\n description: 685 MaxBlocksPerHost, if non-zero, is the max number of blocks\n that 686 can be affine to each host.\n maximum: 2147483647\n minimum: 687 0\n type: integer\n strictAffinity:\n type: 688 boolean\n required:\n - autoAllocateBlocks\n - 689 strictAffinity\n type: object\n type: object\n served: true\n 690 \ storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n 691 \ conditions: []\n storedVersions: []\n" 692 kind: ConfigMap 693 metadata: 694 annotations: 695 note: generated 696 labels: 697 type: generated 698 name: cni-${CLUSTER_NAME}-calico-windows 699 namespace: default 700 --- 701 apiVersion: v1 702 data: 703 csi-proxy: | 704 apiVersion: apps/v1 705 kind: DaemonSet 706 metadata: 707 labels: 708 k8s-app: csi-proxy 709 name: csi-proxy 710 namespace: kube-system 711 spec: 712 selector: 713 matchLabels: 714 k8s-app: csi-proxy 715 template: 716 metadata: 717 labels: 718 k8s-app: csi-proxy 719 spec: 720 nodeSelector: 721 "kubernetes.io/os": windows 722 securityContext: 723 windowsOptions: 724 hostProcess: true 725 runAsUserName: "NT AUTHORITY\\SYSTEM" 726 hostNetwork: true 727 containers: 728 - name: csi-proxy 729 image: ghcr.io/kubernetes-sigs/sig-windows/csi-proxy:v1.0.2 730 kind: ConfigMap 731 metadata: 732 annotations: 733 note: generated 734 labels: 735 type: generated 736 name: csi-proxy-addon 737 namespace: default 738 --- 739 apiVersion: v1 740 data: 741 containerd-windows-logger: | 742 apiVersion: apps/v1 743 kind: DaemonSet 744 metadata: 745 labels: 746 k8s-app: containerd-logger 747 name: containerd-logger 748 namespace: kube-system 749 spec: 750 selector: 751 matchLabels: 752 k8s-app: containerd-logger 753 template: 754 metadata: 755 labels: 756 k8s-app: containerd-logger 757 spec: 758 securityContext: 759 windowsOptions: 760 hostProcess: true 761 runAsUserName: "NT AUTHORITY\\system" 762 hostNetwork: true 763 containers: 764 - image: ghcr.io/kubernetes-sigs/sig-windows/eventflow-logger:v0.1.0 765 args: [ "config.json" ] 766 name: containerd-logger 767 imagePullPolicy: Always 768 volumeMounts: 769 - name: containerd-logger-config 770 mountPath: /config.json 771 subPath: config.json 772 nodeSelector: 773 kubernetes.io/os: windows 774 tolerations: 775 - key: CriticalAddonsOnly 776 operator: Exists 777 - operator: Exists 778 volumes: 779 - configMap: 780 name: containerd-logger-config 781 name: containerd-logger-config 782 updateStrategy: 783 type: RollingUpdate 784 --- 785 kind: ConfigMap 786 apiVersion: v1 787 metadata: 788 name: containerd-logger-config 789 namespace: kube-system 790 data: 791 config.json: | 792 { 793 "inputs": [ 794 { 795 "type": "ETW", 796 "sessionNamePrefix": "containerd", 797 "cleanupOldSessions": true, 798 "reuseExistingSession": true, 799 "providers": [ 800 { 801 "providerName": "Microsoft.Virtualization.RunHCS", 802 "providerGuid": "0B52781F-B24D-5685-DDF6-69830ED40EC3", 803 "level": "Verbose" 804 }, 805 { 806 "providerName": "ContainerD", 807 "providerGuid": "2acb92c0-eb9b-571a-69cf-8f3410f383ad", 808 "level": "Verbose" 809 } 810 ] 811 } 812 ], 813 "filters": [ 814 { 815 "type": "drop", 816 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == Stats && hasnoproperty error" 817 }, 818 { 819 "type": "drop", 820 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == hcsshim::LayerID && hasnoproperty error" 821 }, 822 { 823 "type": "drop", 824 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == hcsshim::NameToGuid && hasnoproperty error" 825 }, 826 { 827 "type": "drop", 828 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == containerd.task.v2.Task.Stats && hasnoproperty error" 829 }, 830 { 831 "type": "drop", 832 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == containerd.task.v2.Task.State && hasnoproperty error" 833 }, 834 { 835 "type": "drop", 836 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == HcsGetProcessProperties && hasnoproperty error" 837 }, 838 { 839 "type": "drop", 840 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == HcsGetComputeSystemProperties && hasnoproperty error" 841 } 842 ], 843 "outputs": [ 844 { 845 "type": "StdOutput" 846 } 847 ], 848 "schemaVersion": "2016-08-11" 849 } 850 kind: ConfigMap 851 metadata: 852 annotations: 853 note: generated 854 labels: 855 type: generated 856 name: containerd-logger-${CLUSTER_NAME} 857 namespace: default