sigs.k8s.io/cluster-api-provider-azure@v1.17.0/templates/test/ci/cluster-template-prow-load.yaml (about) 1 apiVersion: cluster.x-k8s.io/v1beta1 2 kind: Cluster 3 metadata: 4 labels: 5 azuredisk-csi: "true" 6 cloud-provider: ${CLOUD_PROVIDER_AZURE_LABEL:=azure} 7 cni: calico 8 cni-windows: ${CLUSTER_NAME}-calico 9 containerd-logger: enabled 10 csi-proxy: enabled 11 storageclass: "true" 12 name: ${CLUSTER_NAME} 13 namespace: default 14 spec: 15 clusterNetwork: 16 pods: 17 cidrBlocks: 18 - 192.168.0.0/16 19 controlPlaneRef: 20 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 21 kind: KubeadmControlPlane 22 name: ${CLUSTER_NAME}-control-plane 23 infrastructureRef: 24 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 25 kind: AzureCluster 26 name: ${CLUSTER_NAME} 27 --- 28 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 29 kind: AzureCluster 30 metadata: 31 name: ${CLUSTER_NAME} 32 namespace: default 33 spec: 34 additionalTags: 35 buildProvenance: ${BUILD_PROVENANCE} 36 creationTimestamp: ${TIMESTAMP} 37 jobName: ${JOB_NAME} 38 identityRef: 39 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 40 kind: AzureClusterIdentity 41 name: ${CLUSTER_IDENTITY_NAME} 42 location: ${AZURE_LOCATION} 43 networkSpec: 44 subnets: 45 - name: control-plane-subnet 46 role: control-plane 47 - name: node-subnet 48 role: node 49 vnet: 50 name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} 51 resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} 52 subscriptionID: ${AZURE_SUBSCRIPTION_ID} 53 --- 54 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 55 kind: KubeadmControlPlane 56 metadata: 57 name: ${CLUSTER_NAME}-control-plane 58 namespace: default 59 spec: 60 kubeadmConfigSpec: 61 clusterConfiguration: 62 apiServer: 63 extraArgs: 64 cloud-provider: external 65 feature-gates: ${K8S_FEATURE_GATES:-""} 66 timeoutForControlPlane: 20m 67 controllerManager: 68 extraArgs: 69 allocate-node-cidrs: "false" 70 cloud-provider: external 71 cluster-name: ${CLUSTER_NAME} 72 v: "4" 73 etcd: 74 local: 75 dataDir: /var/lib/etcddisk/etcd 76 extraArgs: 77 quota-backend-bytes: "8589934592" 78 scheduler: 79 extraArgs: 80 authorization-always-allow-paths: /healthz,/readyz,/livez,/metrics 81 bind-address: 0.0.0.0 82 diskSetup: 83 filesystems: 84 - device: /dev/disk/azure/scsi1/lun0 85 extraOpts: 86 - -E 87 - lazy_itable_init=1,lazy_journal_init=1 88 filesystem: ext4 89 label: etcd_disk 90 - device: ephemeral0.1 91 filesystem: ext4 92 label: ephemeral0 93 replaceFS: ntfs 94 partitions: 95 - device: /dev/disk/azure/scsi1/lun0 96 layout: true 97 overwrite: false 98 tableType: gpt 99 files: 100 - contentFrom: 101 secret: 102 key: control-plane-azure.json 103 name: ${CLUSTER_NAME}-control-plane-azure-json 104 owner: root:root 105 path: /etc/kubernetes/azure.json 106 permissions: "0644" 107 initConfiguration: 108 nodeRegistration: 109 kubeletExtraArgs: 110 cloud-provider: external 111 name: '{{ ds.meta_data["local_hostname"] }}' 112 joinConfiguration: 113 nodeRegistration: 114 kubeletExtraArgs: 115 cloud-provider: external 116 name: '{{ ds.meta_data["local_hostname"] }}' 117 mounts: 118 - - LABEL=etcd_disk 119 - /var/lib/etcddisk 120 postKubeadmCommands: [] 121 preKubeadmCommands: [] 122 machineTemplate: 123 infrastructureRef: 124 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 125 kind: AzureMachineTemplate 126 name: ${CLUSTER_NAME}-control-plane 127 replicas: ${CONTROL_PLANE_MACHINE_COUNT:=1} 128 version: ${KUBERNETES_VERSION} 129 --- 130 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 131 kind: AzureMachineTemplate 132 metadata: 133 name: ${CLUSTER_NAME}-control-plane 134 namespace: default 135 spec: 136 template: 137 spec: 138 dataDisks: 139 - diskSizeGB: 256 140 lun: 0 141 nameSuffix: etcddisk 142 identity: UserAssigned 143 osDisk: 144 diskSizeGB: 128 145 osType: Linux 146 sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} 147 userAssignedIdentities: 148 - providerID: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} 149 vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} 150 --- 151 apiVersion: cluster.x-k8s.io/v1beta1 152 kind: MachineDeployment 153 metadata: 154 name: ${CLUSTER_NAME}-md-0 155 namespace: default 156 spec: 157 clusterName: ${CLUSTER_NAME} 158 replicas: ${WORKER_MACHINE_COUNT:=2} 159 selector: {} 160 template: 161 metadata: 162 labels: 163 nodepool: pool1 164 spec: 165 bootstrap: 166 configRef: 167 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 168 kind: KubeadmConfigTemplate 169 name: ${CLUSTER_NAME}-md-0 170 clusterName: ${CLUSTER_NAME} 171 infrastructureRef: 172 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 173 kind: AzureMachineTemplate 174 name: ${CLUSTER_NAME}-md-0 175 version: ${KUBERNETES_VERSION} 176 --- 177 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 178 kind: AzureMachineTemplate 179 metadata: 180 name: ${CLUSTER_NAME}-md-0 181 namespace: default 182 spec: 183 template: 184 spec: 185 identity: UserAssigned 186 osDisk: 187 diskSizeGB: 128 188 osType: Linux 189 sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} 190 userAssignedIdentities: 191 - providerID: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} 192 vmExtensions: 193 - name: CustomScript 194 protectedSettings: 195 commandToExecute: | 196 #!/bin/sh 197 echo "This script is a no-op used for extension testing purposes ..." 198 touch test_file 199 publisher: Microsoft.Azure.Extensions 200 version: "2.1" 201 vmSize: ${AZURE_NODE_MACHINE_TYPE} 202 --- 203 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 204 kind: KubeadmConfigTemplate 205 metadata: 206 name: ${CLUSTER_NAME}-md-0 207 namespace: default 208 spec: 209 template: 210 spec: 211 files: 212 - contentFrom: 213 secret: 214 key: worker-node-azure.json 215 name: ${CLUSTER_NAME}-md-0-azure-json 216 owner: root:root 217 path: /etc/kubernetes/azure.json 218 permissions: "0644" 219 joinConfiguration: 220 nodeRegistration: 221 kubeletExtraArgs: 222 cloud-provider: external 223 name: '{{ ds.meta_data["local_hostname"] }}' 224 preKubeadmCommands: [] 225 --- 226 apiVersion: cluster.x-k8s.io/v1beta1 227 kind: MachineDeployment 228 metadata: 229 name: ${CLUSTER_NAME}-md-win 230 namespace: default 231 spec: 232 clusterName: ${CLUSTER_NAME} 233 replicas: ${WINDOWS_WORKER_MACHINE_COUNT:-0} 234 selector: {} 235 template: 236 spec: 237 bootstrap: 238 configRef: 239 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 240 kind: KubeadmConfigTemplate 241 name: ${CLUSTER_NAME}-md-win 242 clusterName: ${CLUSTER_NAME} 243 infrastructureRef: 244 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 245 kind: AzureMachineTemplate 246 name: ${CLUSTER_NAME}-md-win 247 version: ${KUBERNETES_VERSION} 248 --- 249 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 250 kind: AzureMachineTemplate 251 metadata: 252 annotations: 253 runtime: containerd 254 name: ${CLUSTER_NAME}-md-win 255 namespace: default 256 spec: 257 template: 258 metadata: 259 annotations: 260 runtime: containerd 261 windowsServerVersion: ${WINDOWS_SERVER_VERSION:=""} 262 spec: 263 identity: UserAssigned 264 osDisk: 265 diskSizeGB: 128 266 managedDisk: 267 storageAccountType: Premium_LRS 268 osType: Windows 269 sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} 270 userAssignedIdentities: 271 - providerID: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} 272 vmSize: ${AZURE_NODE_MACHINE_TYPE} 273 --- 274 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 275 kind: KubeadmConfigTemplate 276 metadata: 277 name: ${CLUSTER_NAME}-md-win 278 namespace: default 279 spec: 280 template: 281 spec: 282 files: 283 - contentFrom: 284 secret: 285 key: worker-node-azure.json 286 name: ${CLUSTER_NAME}-md-win-azure-json 287 owner: root:root 288 path: c:/k/azure.json 289 permissions: "0644" 290 - content: |- 291 Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe 292 Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico-ipam.exe 293 path: C:/defender-exclude-calico.ps1 294 permissions: "0744" 295 - content: | 296 # /tmp is assumed created and required for upstream e2e tests to pass 297 New-Item -ItemType Directory -Force -Path C:\tmp\ 298 path: C:/create-temp-folder.ps1 299 permissions: "0744" 300 - content: | 301 $ErrorActionPreference = 'Stop' 302 303 $$CONTAINERD_URL="${WINDOWS_CONTAINERD_URL}" 304 if($$CONTAINERD_URL -ne ""){ 305 # Kubelet service depends on contianerd service so make a best effort attempt to stop it 306 Stop-Service kubelet -Force -ErrorAction SilentlyContinue 307 Stop-Service containerd -Force 308 echo "downloading containerd: $$CONTAINERD_URL" 309 curl.exe --retry 10 --retry-delay 5 -L "$$CONTAINERD_URL" --output "c:/k/containerd.tar.gz" 310 tar.exe -zxvf c:/k/containerd.tar.gz -C "c:/Program Files/containerd" --strip-components 1 311 312 Start-Service containerd 313 } 314 315 containerd.exe --version 316 containerd-shim-runhcs-v1.exe --version 317 path: C:/replace-containerd.ps1 318 permissions: "0744" 319 - content: | 320 mkdir -Force c:/localdumps 321 reg.exe add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps" /V DumpCount /t REG_DWORD /d 50 /f 322 reg.exe add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps" /V DumpType /t REG_DWORD /d 2 /f 323 reg.exe add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps" /V DumpFolder /t REG_EXPAND_SZ /d "c:/LocalDumps" /f 324 # Enable sftp so we can copy crash dump files during log collection of stfp 325 $sshd_config = "$env:ProgramData\ssh\sshd_config" 326 if (-not (Test-Path $sshd_config)) { mkdir -Force $sshd_config } 327 Add-Content -Path $sshd_config "Subsystem sftp sftp-server.exe" 328 sc.exe stop sshd 329 sc.exe start sshd 330 path: C:/collect-hns-crashes.ps1 331 permissions: "0744" 332 joinConfiguration: 333 nodeRegistration: 334 criSocket: npipe:////./pipe/containerd-containerd 335 kubeletExtraArgs: 336 cloud-provider: external 337 feature-gates: ${NODE_FEATURE_GATES:-""} 338 v: "2" 339 windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS 340 name: '{{ ds.meta_data["local_hostname"] }}' 341 postKubeadmCommands: 342 - nssm set kubelet start SERVICE_AUTO_START 343 - powershell C:/defender-exclude-calico.ps1 344 preKubeadmCommands: 345 - powershell C:/create-temp-folder.ps1 346 - powershell C:/replace-containerd.ps1 347 - powershell C:/collect-hns-crashes.ps1 348 users: 349 - groups: Administrators 350 name: capi 351 sshAuthorizedKeys: 352 - ${AZURE_SSH_PUBLIC_KEY:=""} 353 --- 354 apiVersion: cluster.x-k8s.io/v1beta1 355 kind: MachineHealthCheck 356 metadata: 357 name: ${CLUSTER_NAME}-mhc-0 358 namespace: default 359 spec: 360 clusterName: ${CLUSTER_NAME} 361 maxUnhealthy: 100% 362 selector: 363 matchLabels: 364 nodepool: pool1 365 unhealthyConditions: 366 - status: "True" 367 timeout: 30s 368 type: E2ENodeUnhealthy 369 --- 370 apiVersion: addons.cluster.x-k8s.io/v1beta1 371 kind: ClusterResourceSet 372 metadata: 373 name: ${CLUSTER_NAME}-calico-windows 374 namespace: default 375 spec: 376 clusterSelector: 377 matchLabels: 378 cni-windows: ${CLUSTER_NAME}-calico 379 resources: 380 - kind: ConfigMap 381 name: cni-${CLUSTER_NAME}-calico-windows 382 strategy: ApplyOnce 383 --- 384 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 385 kind: AzureClusterIdentity 386 metadata: 387 labels: 388 clusterctl.cluster.x-k8s.io/move-hierarchy: "true" 389 name: ${CLUSTER_IDENTITY_NAME} 390 namespace: default 391 spec: 392 allowedNamespaces: {} 393 clientID: ${AZURE_CLIENT_ID_USER_ASSIGNED_IDENTITY} 394 tenantID: ${AZURE_TENANT_ID} 395 type: ${CLUSTER_IDENTITY_TYPE:=WorkloadIdentity} 396 --- 397 apiVersion: addons.cluster.x-k8s.io/v1beta1 398 kind: ClusterResourceSet 399 metadata: 400 name: csi-proxy 401 namespace: default 402 spec: 403 clusterSelector: 404 matchLabels: 405 csi-proxy: enabled 406 resources: 407 - kind: ConfigMap 408 name: csi-proxy-addon 409 strategy: ApplyOnce 410 --- 411 apiVersion: addons.cluster.x-k8s.io/v1beta1 412 kind: ClusterResourceSet 413 metadata: 414 name: containerd-logger-${CLUSTER_NAME} 415 namespace: default 416 spec: 417 clusterSelector: 418 matchLabels: 419 containerd-logger: enabled 420 resources: 421 - kind: ConfigMap 422 name: containerd-logger-${CLUSTER_NAME} 423 strategy: ApplyOnce 424 --- 425 apiVersion: addons.cluster.x-k8s.io/v1alpha1 426 kind: HelmChartProxy 427 metadata: 428 name: calico 429 namespace: default 430 spec: 431 chartName: tigera-operator 432 clusterSelector: 433 matchLabels: 434 cni: calico 435 namespace: tigera-operator 436 releaseName: projectcalico 437 repoURL: https://docs.tigera.io/calico/charts 438 valuesTemplate: |- 439 installation: 440 cni: 441 type: Calico 442 calicoNetwork: 443 bgp: Disabled 444 mtu: 1350 445 ipPools: 446 ipPools:{{range $i, $cidr := .Cluster.spec.clusterNetwork.pods.cidrBlocks }} 447 - cidr: {{ $cidr }} 448 encapsulation: VXLAN{{end}} 449 registry: mcr.microsoft.com/oss 450 # Image and registry configuration for the tigera/operator pod. 451 tigeraOperator: 452 image: tigera/operator 453 registry: mcr.microsoft.com/oss 454 calicoctl: 455 image: mcr.microsoft.com/oss/calico/ctl 456 version: ${CALICO_VERSION} 457 --- 458 apiVersion: addons.cluster.x-k8s.io/v1alpha1 459 kind: HelmChartProxy 460 metadata: 461 name: azuredisk-csi-driver-chart 462 namespace: default 463 spec: 464 chartName: azuredisk-csi-driver 465 clusterSelector: 466 matchLabels: 467 azuredisk-csi: "true" 468 namespace: kube-system 469 releaseName: azuredisk-csi-driver-oot 470 repoURL: https://raw.githubusercontent.com/kubernetes-sigs/azuredisk-csi-driver/master/charts 471 valuesTemplate: |- 472 controller: 473 replicas: 1 474 runOnControlPlane: true 475 windows: 476 useHostProcessContainers: {{ hasKey .Cluster.metadata.labels "cni-windows" }} 477 --- 478 apiVersion: addons.cluster.x-k8s.io/v1alpha1 479 kind: HelmChartProxy 480 metadata: 481 name: cloud-provider-azure-chart 482 namespace: default 483 spec: 484 chartName: cloud-provider-azure 485 clusterSelector: 486 matchLabels: 487 cloud-provider: azure 488 releaseName: cloud-provider-azure-oot 489 repoURL: https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/helm/repo 490 valuesTemplate: | 491 infra: 492 clusterName: {{ .Cluster.metadata.name }} 493 cloudControllerManager: 494 clusterCIDR: {{ .Cluster.spec.clusterNetwork.pods.cidrBlocks | join "," }} 495 logVerbosity: 4 496 --- 497 apiVersion: addons.cluster.x-k8s.io/v1alpha1 498 kind: HelmChartProxy 499 metadata: 500 name: cloud-provider-azure-chart-ci 501 namespace: default 502 spec: 503 chartName: cloud-provider-azure 504 clusterSelector: 505 matchLabels: 506 cloud-provider: azure-ci 507 releaseName: cloud-provider-azure-oot 508 repoURL: https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/helm/repo 509 valuesTemplate: | 510 infra: 511 clusterName: {{ .Cluster.metadata.name }} 512 cloudControllerManager: 513 cloudConfig: ${CLOUD_CONFIG:-"/etc/kubernetes/azure.json"} 514 cloudConfigSecretName: ${CONFIG_SECRET_NAME:-""} 515 clusterCIDR: {{ .Cluster.spec.clusterNetwork.pods.cidrBlocks | join "," }} 516 imageName: "${CCM_IMAGE_NAME:-""}" 517 imageRepository: "${IMAGE_REGISTRY:-""}" 518 imageTag: "${IMAGE_TAG_CCM:-""}" 519 logVerbosity: ${CCM_LOG_VERBOSITY:-4} 520 replicas: ${CCM_COUNT:-1} 521 enableDynamicReloading: ${ENABLE_DYNAMIC_RELOADING:-false} 522 cloudNodeManager: 523 imageName: "${CNM_IMAGE_NAME:-""}" 524 imageRepository: "${IMAGE_REGISTRY:-""}" 525 imageTag: "${IMAGE_TAG_CNM:-""}" 526 --- 527 apiVersion: v1 528 data: 529 proxy: | 530 apiVersion: apps/v1 531 kind: DaemonSet 532 metadata: 533 labels: 534 k8s-app: kube-proxy 535 name: kube-proxy-windows 536 namespace: kube-system 537 spec: 538 selector: 539 matchLabels: 540 k8s-app: kube-proxy-windows 541 template: 542 metadata: 543 labels: 544 k8s-app: kube-proxy-windows 545 spec: 546 serviceAccountName: kube-proxy 547 securityContext: 548 windowsOptions: 549 hostProcess: true 550 runAsUserName: "NT AUTHORITY\\system" 551 hostNetwork: true 552 containers: 553 - image: sigwindowstools/kube-proxy:${KUBERNETES_VERSION/+/_}-calico-hostprocess 554 args: ["$env:CONTAINER_SANDBOX_MOUNT_POINT/kube-proxy/start.ps1"] 555 workingDir: "$env:CONTAINER_SANDBOX_MOUNT_POINT/kube-proxy/" 556 name: kube-proxy 557 env: 558 - name: NODE_NAME 559 valueFrom: 560 fieldRef: 561 apiVersion: v1 562 fieldPath: spec.nodeName 563 - name: POD_IP 564 valueFrom: 565 fieldRef: 566 fieldPath: status.podIP 567 - name: KUBEPROXY_PATH 568 valueFrom: 569 configMapKeyRef: 570 name: windows-kubeproxy-ci 571 key: KUBEPROXY_PATH 572 optional: true 573 volumeMounts: 574 - mountPath: /var/lib/kube-proxy 575 name: kube-proxy 576 nodeSelector: 577 kubernetes.io/os: windows 578 tolerations: 579 - key: CriticalAddonsOnly 580 operator: Exists 581 - operator: Exists 582 volumes: 583 - configMap: 584 name: kube-proxy 585 name: kube-proxy 586 updateStrategy: 587 type: RollingUpdate 588 windows-cni: "# strictAffinity required for windows\napiVersion: crd.projectcalico.org/v1\nkind: 589 IPAMConfig\nmetadata:\n name: default\nspec:\n autoAllocateBlocks: true\n strictAffinity: 590 true\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-static-rules\n 591 \ namespace: calico-system\n labels:\n tier: node\n app: calico\ndata:\n 592 \ static-rules.json: |\n {\n \"Provider\": \"azure\",\n \"Version\": 593 \"0.1\",\n \"Rules\": [\n {\n \"Name\": \"EndpointPolicy\",\n 594 \ \"Rule\": {\n \"Id\": \"wireserver\",\n \"Type\": 595 \"ACL\",\n \"Protocol\": 6,\n \"Action\": \"Block\",\n 596 \ \"Direction\": \"Out\",\n \"RemoteAddresses\": \"168.63.129.16/32\",\n 597 \ \"RemotePorts\": \"80\",\n \"Priority\": 200,\n \"RuleType\": 598 \"Switch\"\n }\n }\n ]\n } \n---\nkind: ConfigMap\napiVersion: 599 v1\nmetadata:\n name: calico-config-windows\n namespace: calico-system\n labels:\n 600 \ tier: node\n app: calico\ndata:\n veth_mtu: \"1350\"\n \n cni_network_config: 601 |\n {\n \"name\": \"Calico\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": 602 [\n {\n \"windows_use_single_network\": true,\n \"type\": 603 \"calico\",\n \"mode\": \"vxlan\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n 604 \ \"nodename_file_optional\": true,\n \"log_file_path\": \"c:/cni.log\",\n 605 \ \"log_level\": \"debug\",\n\n \"vxlan_mac_prefix\": \"0E-2A\",\n 606 \ \"vxlan_vni\": 4096,\n \"mtu\": __CNI_MTU__,\n \"policy\": 607 {\n \"type\": \"k8s\"\n },\n\n \"log_level\": \"info\",\n\n 608 \ \"capabilities\": {\"dns\": true},\n \"DNS\": {\n \"Search\": 609 \ [\n \"svc.cluster.local\"\n ]\n },\n\n \"datastore_type\": 610 \"kubernetes\",\n\n \"kubernetes\": {\n \"kubeconfig\": \"__KUBECONFIG_FILEPATH__\"\n 611 \ },\n\n \"ipam\": {\n \"type\": \"calico-ipam\",\n 612 \ \"subnet\": \"usePodCidr\"\n },\n\n \"policies\": 613 \ [\n {\n \"Name\": \"EndpointPolicy\",\n \"Value\": 614 \ {\n \"Type\": \"OutBoundNAT\",\n \"ExceptionList\": 615 \ [\n \"__K8S_SERVICE_CIDR__\"\n ]\n }\n 616 \ },\n {\n \"Name\": \"EndpointPolicy\",\n 617 \ \"Value\": {\n \"Type\": \"SDNROUTE\",\n \"DestinationPrefix\": 618 \ \"__K8S_SERVICE_CIDR__\",\n \"NeedEncap\": true\n }\n 619 \ }\n ]\n }\n ]\n\n }\n---\napiVersion: apps/v1\nkind: 620 DaemonSet\nmetadata:\n name: calico-node-windows\n labels:\n tier: node\n 621 \ app: calico\n namespace: calico-system\nspec:\n selector:\n matchLabels:\n 622 \ app: calico\n template:\n metadata:\n labels:\n tier: node\n 623 \ app: calico\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n 624 \ nodeSelectorTerms:\n - matchExpressions:\n - 625 key: kubernetes.io/os\n operator: In\n values:\n 626 \ - windows\n - key: kubernetes.io/arch\n 627 \ operator: In\n values:\n - 628 amd64\n securityContext:\n windowsOptions:\n hostProcess: 629 true\n runAsUserName: \"NT AUTHORITY\\\\system\"\n hostNetwork: 630 true\n serviceAccountName: calico-node\n tolerations:\n - operator: 631 Exists\n effect: NoSchedule\n # Mark the pod as a critical add-on 632 for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n 633 \ - effect: NoExecute\n operator: Exists\n initContainers:\n # 634 This container installs the CNI binaries\n # and CNI network config file 635 on each node.\n - name: install-cni\n image: sigwindowstools/calico-install:v3.26.1-hostprocess\n 636 \ args: [\"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/install.ps1\"]\n 637 \ imagePullPolicy: Always\n env:\n # Name of the CNI 638 config file to create.\n - name: CNI_CONF_NAME\n value: 639 \"10-calico.conflist\"\n # The CNI network config to install on each 640 node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n 641 \ name: calico-config-windows\n key: cni_network_config\n 642 \ # Set the hostname based on the k8s node name.\n - name: 643 KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: 644 spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n 645 \ valueFrom:\n configMapKeyRef:\n name: 646 calico-config-windows\n key: veth_mtu\n # Prevents 647 the container from sleeping forever.\n - name: SLEEP\n value: 648 \"false\"\n - name: K8S_SERVICE_CIDR\n value: \"10.96.0.0/12\"\n 649 \ volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: 650 cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: 651 cni-net-dir\n - name: kubeadm-config\n mountPath: /etc/kubeadm-config/\n 652 \ securityContext:\n windowsOptions:\n hostProcess: 653 true\n runAsUserName: \"NT AUTHORITY\\\\system\"\n containers:\n 654 \ - name: calico-node-startup\n image: sigwindowstools/calico-node:v3.26.1-hostprocess\n 655 \ args: [\"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/node-service.ps1\"]\n 656 \ workingDir: \"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/\"\n imagePullPolicy: 657 Always\n volumeMounts:\n - name: calico-config-windows\n mountPath: 658 /etc/kube-calico-windows/\n env:\n - name: POD_NAME\n valueFrom:\n 659 \ fieldRef:\n apiVersion: v1\n fieldPath: 660 metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n 661 \ apiVersion: v1\n fieldPath: metadata.namespace\n - 662 name: CNI_IPAM_TYPE\n value: \"calico-ipam\"\n - name: CALICO_NETWORKING_BACKEND\n 663 \ value: \"vxlan\"\n - name: KUBECONFIG\n value: \"C:/etc/cni/net.d/calico-kubeconfig\"\n 664 \ - name: VXLAN_VNI\n value: \"4096\"\n - name: calico-node-felix\n 665 \ image: sigwindowstools/calico-node:v3.26.1-hostprocess\n args: 666 [\"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/felix-service.ps1\"]\n imagePullPolicy: 667 Always\n workingDir: \"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/\"\n volumeMounts:\n 668 \ - name: calico-config-windows\n mountPath: /etc/kube-calico-windows/\n 669 \ - name: calico-static-rules\n mountPath: /calico/static-rules.json\n 670 \ subPath: static-rules.json\n env:\n - name: POD_NAME\n 671 \ valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: 672 metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n 673 \ apiVersion: v1\n fieldPath: metadata.namespace\n - 674 name: VXLAN_VNI\n value: \"4096\"\n - name: KUBECONFIG\n value: 675 \"C:/etc/cni/net.d/calico-kubeconfig\"\n volumes:\n - name: calico-config-windows\n 676 \ configMap:\n name: calico-config-windows\n - name: calico-static-rules\n 677 \ configMap:\n name: calico-static-rules\n # Used to install 678 CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n 679 \ - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n 680 \ - name: kubeadm-config\n configMap:\n name: kubeadm-config\n---\napiVersion: 681 apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamconfigs.crd.projectcalico.org\nspec:\n 682 \ group: crd.projectcalico.org\n names:\n kind: IPAMConfig\n listKind: 683 IPAMConfigList\n plural: ipamconfigs\n singular: ipamconfig\n preserveUnknownFields: 684 false\n scope: Cluster\n versions:\n - name: v1\n schema:\n openAPIV3Schema:\n 685 \ properties:\n apiVersion:\n description: 'APIVersion 686 defines the versioned schema of this representation\n of an object. 687 Servers should convert recognized schemas to the latest\n internal 688 value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n 689 \ type: string\n kind:\n description: 'Kind is a 690 string value representing the REST resource this\n object represents. 691 Servers may infer this from the endpoint the client\n submits requests 692 to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n 693 \ type: string\n metadata:\n type: object\n spec:\n 694 \ description: IPAMConfigSpec contains the specification for an IPAMConfig\n 695 \ resource.\n properties:\n autoAllocateBlocks:\n 696 \ type: boolean\n maxBlocksPerHost:\n description: 697 MaxBlocksPerHost, if non-zero, is the max number of blocks\n that 698 can be affine to each host.\n maximum: 2147483647\n minimum: 699 0\n type: integer\n strictAffinity:\n type: 700 boolean\n required:\n - autoAllocateBlocks\n - 701 strictAffinity\n type: object\n type: object\n served: true\n 702 \ storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n 703 \ conditions: []\n storedVersions: []\n" 704 kind: ConfigMap 705 metadata: 706 annotations: 707 note: generated 708 labels: 709 type: generated 710 name: cni-${CLUSTER_NAME}-calico-windows 711 namespace: default 712 --- 713 apiVersion: v1 714 data: 715 csi-proxy: | 716 apiVersion: apps/v1 717 kind: DaemonSet 718 metadata: 719 labels: 720 k8s-app: csi-proxy 721 name: csi-proxy 722 namespace: kube-system 723 spec: 724 selector: 725 matchLabels: 726 k8s-app: csi-proxy 727 template: 728 metadata: 729 labels: 730 k8s-app: csi-proxy 731 spec: 732 nodeSelector: 733 "kubernetes.io/os": windows 734 securityContext: 735 windowsOptions: 736 hostProcess: true 737 runAsUserName: "NT AUTHORITY\\SYSTEM" 738 hostNetwork: true 739 containers: 740 - name: csi-proxy 741 image: ghcr.io/kubernetes-sigs/sig-windows/csi-proxy:v1.0.2 742 kind: ConfigMap 743 metadata: 744 annotations: 745 note: generated 746 labels: 747 type: generated 748 name: csi-proxy-addon 749 namespace: default 750 --- 751 apiVersion: v1 752 data: 753 containerd-windows-logger: | 754 apiVersion: apps/v1 755 kind: DaemonSet 756 metadata: 757 labels: 758 k8s-app: containerd-logger 759 name: containerd-logger 760 namespace: kube-system 761 spec: 762 selector: 763 matchLabels: 764 k8s-app: containerd-logger 765 template: 766 metadata: 767 labels: 768 k8s-app: containerd-logger 769 spec: 770 securityContext: 771 windowsOptions: 772 hostProcess: true 773 runAsUserName: "NT AUTHORITY\\system" 774 hostNetwork: true 775 containers: 776 - image: ghcr.io/kubernetes-sigs/sig-windows/eventflow-logger:v0.1.0 777 args: [ "config.json" ] 778 name: containerd-logger 779 imagePullPolicy: Always 780 volumeMounts: 781 - name: containerd-logger-config 782 mountPath: /config.json 783 subPath: config.json 784 nodeSelector: 785 kubernetes.io/os: windows 786 tolerations: 787 - key: CriticalAddonsOnly 788 operator: Exists 789 - operator: Exists 790 volumes: 791 - configMap: 792 name: containerd-logger-config 793 name: containerd-logger-config 794 updateStrategy: 795 type: RollingUpdate 796 --- 797 kind: ConfigMap 798 apiVersion: v1 799 metadata: 800 name: containerd-logger-config 801 namespace: kube-system 802 data: 803 config.json: | 804 { 805 "inputs": [ 806 { 807 "type": "ETW", 808 "sessionNamePrefix": "containerd", 809 "cleanupOldSessions": true, 810 "reuseExistingSession": true, 811 "providers": [ 812 { 813 "providerName": "Microsoft.Virtualization.RunHCS", 814 "providerGuid": "0B52781F-B24D-5685-DDF6-69830ED40EC3", 815 "level": "Verbose" 816 }, 817 { 818 "providerName": "ContainerD", 819 "providerGuid": "2acb92c0-eb9b-571a-69cf-8f3410f383ad", 820 "level": "Verbose" 821 } 822 ] 823 } 824 ], 825 "filters": [ 826 { 827 "type": "drop", 828 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == Stats && hasnoproperty error" 829 }, 830 { 831 "type": "drop", 832 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == hcsshim::LayerID && hasnoproperty error" 833 }, 834 { 835 "type": "drop", 836 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == hcsshim::NameToGuid && hasnoproperty error" 837 }, 838 { 839 "type": "drop", 840 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == containerd.task.v2.Task.Stats && hasnoproperty error" 841 }, 842 { 843 "type": "drop", 844 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == containerd.task.v2.Task.State && hasnoproperty error" 845 }, 846 { 847 "type": "drop", 848 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == HcsGetProcessProperties && hasnoproperty error" 849 }, 850 { 851 "type": "drop", 852 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == HcsGetComputeSystemProperties && hasnoproperty error" 853 } 854 ], 855 "outputs": [ 856 { 857 "type": "StdOutput" 858 } 859 ], 860 "schemaVersion": "2016-08-11" 861 } 862 kind: ConfigMap 863 metadata: 864 annotations: 865 note: generated 866 labels: 867 type: generated 868 name: containerd-logger-${CLUSTER_NAME} 869 namespace: default 870 --- 871 apiVersion: addons.cluster.x-k8s.io/v1beta1 872 kind: ClusterResourceSet 873 metadata: 874 name: ${CLUSTER_NAME}-storageclass 875 namespace: default 876 spec: 877 clusterSelector: 878 matchLabels: 879 storageclass: "true" 880 resources: 881 - kind: ConfigMap 882 name: cni-${CLUSTER_NAME}-storageclass 883 strategy: ApplyOnce 884 --- 885 apiVersion: v1 886 data: 887 storageclass: | 888 apiVersion: storage.k8s.io/v1 889 kind: StorageClass 890 metadata: 891 name: default 892 annotations: 893 storageclass.beta.kubernetes.io/is-default-class: "true" 894 labels: 895 kubernetes.io/cluster-service: "true" 896 provisioner: kubernetes.io/azure-disk 897 parameters: 898 kind: Managed 899 storageaccounttype: Standard_LRS 900 cachingmode: ReadOnly 901 volumeBindingMode: WaitForFirstConsumer 902 --- 903 apiVersion: storage.k8s.io/v1 904 kind: StorageClass 905 metadata: 906 name: managed-premium 907 annotations: 908 labels: 909 kubernetes.io/cluster-service: "true" 910 provisioner: kubernetes.io/azure-disk 911 parameters: 912 kind: Managed 913 storageaccounttype: Premium_LRS 914 cachingmode: ReadOnly 915 volumeBindingMode: WaitForFirstConsumer 916 --- 917 apiVersion: storage.k8s.io/v1 918 kind: StorageClass 919 metadata: 920 name: managed-standard 921 annotations: 922 labels: 923 kubernetes.io/cluster-service: "true" 924 provisioner: kubernetes.io/azure-disk 925 parameters: 926 kind: Managed 927 storageaccounttype: Standard_LRS 928 cachingmode: ReadOnly 929 volumeBindingMode: WaitForFirstConsumer 930 kind: ConfigMap 931 metadata: 932 annotations: 933 note: generated 934 labels: 935 type: generated 936 name: storageclass-${CLUSTER_NAME} 937 namespace: default