sigs.k8s.io/cluster-api-provider-azure@v1.17.0/templates/test/ci/cluster-template-prow-machine-pool-ci-version.yaml (about) 1 apiVersion: cluster.x-k8s.io/v1beta1 2 kind: Cluster 3 metadata: 4 labels: 5 cloud-provider: ${CLOUD_PROVIDER_AZURE_LABEL:=azure} 6 cni: calico 7 cni-windows: ${CLUSTER_NAME}-calico 8 containerd-logger: enabled 9 csi-proxy: enabled 10 windows: enabled 11 name: ${CLUSTER_NAME} 12 namespace: default 13 spec: 14 clusterNetwork: 15 pods: 16 cidrBlocks: 17 - 192.168.0.0/16 18 controlPlaneRef: 19 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 20 kind: KubeadmControlPlane 21 name: ${CLUSTER_NAME}-control-plane 22 infrastructureRef: 23 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 24 kind: AzureCluster 25 name: ${CLUSTER_NAME} 26 --- 27 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 28 kind: AzureCluster 29 metadata: 30 name: ${CLUSTER_NAME} 31 namespace: default 32 spec: 33 additionalTags: 34 buildProvenance: ${BUILD_PROVENANCE} 35 creationTimestamp: ${TIMESTAMP} 36 jobName: ${JOB_NAME} 37 identityRef: 38 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 39 kind: AzureClusterIdentity 40 name: ${CLUSTER_IDENTITY_NAME} 41 location: ${AZURE_LOCATION} 42 networkSpec: 43 subnets: 44 - name: control-plane-subnet 45 role: control-plane 46 - name: node-subnet 47 role: node 48 vnet: 49 name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} 50 resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} 51 subscriptionID: ${AZURE_SUBSCRIPTION_ID} 52 --- 53 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 54 kind: KubeadmControlPlane 55 metadata: 56 name: ${CLUSTER_NAME}-control-plane 57 namespace: default 58 spec: 59 kubeadmConfigSpec: 60 clusterConfiguration: 61 apiServer: 62 extraArgs: 63 cloud-provider: external 64 timeoutForControlPlane: 20m 65 controllerManager: 66 extraArgs: 67 allocate-node-cidrs: "false" 68 cloud-provider: external 69 cluster-name: ${CLUSTER_NAME} 70 v: "4" 71 etcd: 72 local: 73 dataDir: /var/lib/etcddisk/etcd 74 extraArgs: 75 quota-backend-bytes: "8589934592" 76 kubernetesVersion: ci/${CI_VERSION} 77 diskSetup: 78 filesystems: 79 - device: /dev/disk/azure/scsi1/lun0 80 extraOpts: 81 - -E 82 - lazy_itable_init=1,lazy_journal_init=1 83 filesystem: ext4 84 label: etcd_disk 85 - device: ephemeral0.1 86 filesystem: ext4 87 label: ephemeral0 88 replaceFS: ntfs 89 partitions: 90 - device: /dev/disk/azure/scsi1/lun0 91 layout: true 92 overwrite: false 93 tableType: gpt 94 files: 95 - contentFrom: 96 secret: 97 key: control-plane-azure.json 98 name: ${CLUSTER_NAME}-control-plane-azure-json 99 owner: root:root 100 path: /etc/kubernetes/azure.json 101 permissions: "0644" 102 - content: | 103 #!/bin/bash 104 105 set -o nounset 106 set -o pipefail 107 set -o errexit 108 [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" 109 110 echo "Use OOT credential provider" 111 mkdir -p /var/lib/kubelet/credential-provider 112 curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider/acr-credential-provider "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider" 113 chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider 114 curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider-config.yaml "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml" 115 chmod 644 /var/lib/kubelet/credential-provider-config.yaml 116 owner: root:root 117 path: /tmp/oot-cred-provider.sh 118 permissions: "0744" 119 - content: | 120 #!/bin/bash 121 122 set -o nounset 123 set -o pipefail 124 set -o errexit 125 [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" 126 127 # This test installs release packages or binaries that are a result of the CI and release builds. 128 # It runs '... --version' commands to verify that the binaries are correctly installed 129 # and finally uninstalls the packages. 130 # For the release packages it tests all versions in the support skew. 131 LINE_SEPARATOR="*************************************************" 132 echo "$$LINE_SEPARATOR" 133 CI_VERSION=${CI_VERSION} 134 if [[ "$${CI_VERSION}" != "" ]]; then 135 CI_DIR=/tmp/k8s-ci 136 mkdir -p $$CI_DIR 137 declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") 138 declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") 139 CONTAINER_EXT="tar" 140 echo "* testing CI version $$CI_VERSION" 141 # Check for semver 142 if [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then 143 VERSION_WITHOUT_PREFIX="${CI_VERSION#v}" 144 DEBIAN_FRONTEND=noninteractive apt-get install -y apt-transport-https curl 145 curl -fsSL https://pkgs.k8s.io/core:/stable:/${KUBERNETES_VERSION}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg 146 echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/${KUBERNETES_VERSION}/deb/ /" | tee /etc/apt/sources.list.d/kubernetes.list 147 apt-get update 148 # replace . with \. 149 VERSION_REGEX="${VERSION_WITHOUT_PREFIX//./\\.}" 150 PACKAGE_VERSION="$(apt-cache madison kubelet|grep $${VERSION_REGEX}- | head -n1 | cut -d '|' -f 2 | tr -d '[:space:]')" 151 for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do 152 echo "* installing package: $$CI_PACKAGE $${PACKAGE_VERSION}" 153 DEBIAN_FRONTEND=noninteractive apt-get install -y $$CI_PACKAGE=$$PACKAGE_VERSION 154 done 155 else 156 CI_URL="https://storage.googleapis.com/k8s-release-dev/ci/$${CI_VERSION}/bin/linux/amd64" 157 for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do 158 echo "* downloading binary: $$CI_URL/$$CI_PACKAGE" 159 wget --inet4-only "$$CI_URL/$$CI_PACKAGE" -nv -O "$$CI_DIR/$$CI_PACKAGE" 160 chmod +x "$$CI_DIR/$$CI_PACKAGE" 161 mv "$$CI_DIR/$$CI_PACKAGE" "/usr/bin/$$CI_PACKAGE" 162 done 163 IMAGE_REGISTRY_PREFIX=registry.k8s.io 164 for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do 165 echo "* downloading package: $$CI_URL/$$CI_CONTAINER.$$CONTAINER_EXT" 166 wget --inet4-only "$$CI_URL/$$CI_CONTAINER.$$CONTAINER_EXT" -nv -O "$$CI_DIR/$$CI_CONTAINER.$$CONTAINER_EXT" 167 $${SUDO} ctr -n k8s.io images import "$$CI_DIR/$$CI_CONTAINER.$$CONTAINER_EXT" || echo "* ignoring expected 'ctr images import' result" 168 $${SUDO} ctr -n k8s.io images tag $$IMAGE_REGISTRY_PREFIX/$$CI_CONTAINER-amd64:"$${CI_VERSION//+/_}" $$IMAGE_REGISTRY_PREFIX/$$CI_CONTAINER:"$${CI_VERSION//+/_}" 169 $${SUDO} ctr -n k8s.io images tag $$IMAGE_REGISTRY_PREFIX/$$CI_CONTAINER-amd64:"$${CI_VERSION//+/_}" gcr.io/k8s-staging-ci-images/$$CI_CONTAINER:"$${CI_VERSION//+/_}" 170 done 171 fi 172 systemctl restart kubelet 173 fi 174 echo "* checking binary versions" 175 echo "ctr version: " $(ctr version) 176 echo "kubeadm version: " $(kubeadm version -o=short) 177 echo "kubectl version: " $(kubectl version --client=true) 178 echo "kubelet version: " $(kubelet --version) 179 echo "$$LINE_SEPARATOR" 180 owner: root:root 181 path: /tmp/kubeadm-bootstrap.sh 182 permissions: "0744" 183 initConfiguration: 184 nodeRegistration: 185 kubeletExtraArgs: 186 cloud-provider: external 187 image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider 188 image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml 189 name: '{{ ds.meta_data["local_hostname"] }}' 190 joinConfiguration: 191 nodeRegistration: 192 kubeletExtraArgs: 193 cloud-provider: external 194 image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider 195 image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml 196 name: '{{ ds.meta_data["local_hostname"] }}' 197 mounts: 198 - - LABEL=etcd_disk 199 - /var/lib/etcddisk 200 postKubeadmCommands: [] 201 preKubeadmCommands: 202 - bash -c /tmp/oot-cred-provider.sh 203 - bash -c /tmp/kubeadm-bootstrap.sh 204 verbosity: 5 205 machineTemplate: 206 infrastructureRef: 207 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 208 kind: AzureMachineTemplate 209 name: ${CLUSTER_NAME}-control-plane 210 replicas: ${CONTROL_PLANE_MACHINE_COUNT:=1} 211 version: ${KUBERNETES_VERSION} 212 --- 213 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 214 kind: AzureMachineTemplate 215 metadata: 216 name: ${CLUSTER_NAME}-control-plane 217 namespace: default 218 spec: 219 template: 220 spec: 221 dataDisks: 222 - diskSizeGB: 256 223 lun: 0 224 nameSuffix: etcddisk 225 identity: UserAssigned 226 image: 227 marketplace: 228 offer: capi 229 publisher: cncf-upstream 230 sku: ubuntu-2204-gen1 231 version: latest 232 osDisk: 233 diskSizeGB: 128 234 osType: Linux 235 sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} 236 userAssignedIdentities: 237 - providerID: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} 238 vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} 239 --- 240 apiVersion: cluster.x-k8s.io/v1beta1 241 kind: MachinePool 242 metadata: 243 name: ${CLUSTER_NAME}-mp-0 244 namespace: default 245 spec: 246 clusterName: ${CLUSTER_NAME} 247 replicas: ${WORKER_MACHINE_COUNT:=2} 248 template: 249 spec: 250 bootstrap: 251 configRef: 252 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 253 kind: KubeadmConfig 254 name: ${CLUSTER_NAME}-mp-0 255 clusterName: ${CLUSTER_NAME} 256 infrastructureRef: 257 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 258 kind: AzureMachinePool 259 name: ${CLUSTER_NAME}-mp-0 260 version: ${KUBERNETES_VERSION} 261 --- 262 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 263 kind: AzureMachinePool 264 metadata: 265 name: ${CLUSTER_NAME}-mp-0 266 namespace: default 267 spec: 268 identity: UserAssigned 269 location: ${AZURE_LOCATION} 270 strategy: 271 rollingUpdate: 272 deletePolicy: Oldest 273 maxSurge: 25% 274 maxUnavailable: 1 275 type: RollingUpdate 276 template: 277 image: 278 marketplace: 279 offer: capi 280 publisher: cncf-upstream 281 sku: ubuntu-2204-gen1 282 version: latest 283 osDisk: 284 diskSizeGB: 30 285 managedDisk: 286 storageAccountType: Premium_LRS 287 osType: Linux 288 sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} 289 vmExtensions: 290 - name: CustomScript 291 protectedSettings: 292 commandToExecute: | 293 #!/bin/sh 294 echo "This script is a no-op used for extension testing purposes ..." 295 touch test_file 296 publisher: Microsoft.Azure.Extensions 297 version: "2.1" 298 vmSize: ${AZURE_NODE_MACHINE_TYPE} 299 userAssignedIdentities: 300 - providerID: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} 301 --- 302 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 303 kind: KubeadmConfig 304 metadata: 305 name: ${CLUSTER_NAME}-mp-0 306 namespace: default 307 spec: 308 files: 309 - content: | 310 #!/bin/bash 311 312 set -o nounset 313 set -o pipefail 314 set -o errexit 315 [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" 316 317 echo "Use OOT credential provider" 318 mkdir -p /var/lib/kubelet/credential-provider 319 curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider/acr-credential-provider "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider" 320 chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider 321 curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider-config.yaml "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml" 322 chmod 644 /var/lib/kubelet/credential-provider-config.yaml 323 owner: root:root 324 path: /tmp/oot-cred-provider.sh 325 permissions: "0744" 326 - content: | 327 #!/bin/bash 328 329 set -o nounset 330 set -o pipefail 331 set -o errexit 332 [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" 333 334 # This test installs release packages or binaries that are a result of the CI and release builds. 335 # It runs '... --version' commands to verify that the binaries are correctly installed 336 # and finally uninstalls the packages. 337 # For the release packages it tests all versions in the support skew. 338 LINE_SEPARATOR="*************************************************" 339 echo "$$LINE_SEPARATOR" 340 CI_VERSION=${CI_VERSION} 341 if [[ "$${CI_VERSION}" != "" ]]; then 342 CI_DIR=/tmp/k8s-ci 343 mkdir -p $$CI_DIR 344 declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") 345 declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") 346 CONTAINER_EXT="tar" 347 echo "* testing CI version $$CI_VERSION" 348 # Check for semver 349 if [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then 350 VERSION_WITHOUT_PREFIX="${CI_VERSION#v}" 351 DEBIAN_FRONTEND=noninteractive apt-get install -y apt-transport-https curl 352 curl -fsSL https://pkgs.k8s.io/core:/stable:/${KUBERNETES_VERSION}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg 353 echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/${KUBERNETES_VERSION}/deb/ /" | tee /etc/apt/sources.list.d/kubernetes.list 354 apt-get update 355 # replace . with \. 356 VERSION_REGEX="${VERSION_WITHOUT_PREFIX//./\\.}" 357 PACKAGE_VERSION="$(apt-cache madison kubelet|grep $${VERSION_REGEX}- | head -n1 | cut -d '|' -f 2 | tr -d '[:space:]')" 358 for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do 359 echo "* installing package: $$CI_PACKAGE $${PACKAGE_VERSION}" 360 DEBIAN_FRONTEND=noninteractive apt-get install -y $$CI_PACKAGE=$$PACKAGE_VERSION 361 done 362 else 363 CI_URL="https://storage.googleapis.com/k8s-release-dev/ci/$${CI_VERSION}/bin/linux/amd64" 364 fi 365 for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do 366 echo "* downloading binary: $$CI_URL/$$CI_PACKAGE" 367 wget --inet4-only "$$CI_URL/$$CI_PACKAGE" -nv -O "$$CI_DIR/$$CI_PACKAGE" 368 chmod +x "$$CI_DIR/$$CI_PACKAGE" 369 mv "$$CI_DIR/$$CI_PACKAGE" "/usr/bin/$$CI_PACKAGE" 370 done 371 IMAGE_REGISTRY_PREFIX=registry.k8s.io 372 for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do 373 echo "* downloading package: $$CI_URL/$$CI_CONTAINER.$$CONTAINER_EXT" 374 wget --inet4-only "$$CI_URL/$$CI_CONTAINER.$$CONTAINER_EXT" -nv -O "$$CI_DIR/$$CI_CONTAINER.$$CONTAINER_EXT" 375 $${SUDO} ctr -n k8s.io images import "$$CI_DIR/$$CI_CONTAINER.$$CONTAINER_EXT" || echo "* ignoring expected 'ctr images import' result" 376 $${SUDO} ctr -n k8s.io images tag $$IMAGE_REGISTRY_PREFIX/$$CI_CONTAINER-amd64:"$${CI_VERSION//+/_}" $$IMAGE_REGISTRY_PREFIX/$$CI_CONTAINER:"$${CI_VERSION//+/_}" 377 $${SUDO} ctr -n k8s.io images tag $$IMAGE_REGISTRY_PREFIX/$$CI_CONTAINER-amd64:"$${CI_VERSION//+/_}" gcr.io/k8s-staging-ci-images/$$CI_CONTAINER:"$${CI_VERSION//+/_}" 378 done 379 fi 380 systemctl restart kubelet 381 fi 382 echo "* checking binary versions" 383 echo "ctr version: " $(ctr version) 384 echo "kubeadm version: " $(kubeadm version -o=short) 385 echo "kubectl version: " $(kubectl version --client=true) 386 echo "kubelet version: " $(kubelet --version) 387 echo "$$LINE_SEPARATOR" 388 owner: root:root 389 path: /tmp/kubeadm-bootstrap.sh 390 permissions: "0744" 391 - contentFrom: 392 secret: 393 key: worker-node-azure.json 394 name: ${CLUSTER_NAME}-mp-0-azure-json 395 owner: root:root 396 path: /etc/kubernetes/azure.json 397 permissions: "0644" 398 joinConfiguration: 399 nodeRegistration: 400 kubeletExtraArgs: 401 cloud-provider: external 402 image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider 403 image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml 404 name: '{{ ds.meta_data["local_hostname"] }}' 405 preKubeadmCommands: 406 - bash -c /tmp/oot-cred-provider.sh 407 - bash -c /tmp/kubeadm-bootstrap.sh 408 --- 409 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 410 kind: AzureClusterIdentity 411 metadata: 412 labels: 413 clusterctl.cluster.x-k8s.io/move-hierarchy: "true" 414 name: ${CLUSTER_IDENTITY_NAME} 415 namespace: default 416 spec: 417 allowedNamespaces: {} 418 clientID: ${AZURE_CLIENT_ID_USER_ASSIGNED_IDENTITY} 419 tenantID: ${AZURE_TENANT_ID} 420 type: ${CLUSTER_IDENTITY_TYPE:=WorkloadIdentity} 421 --- 422 apiVersion: cluster.x-k8s.io/v1beta1 423 kind: MachinePool 424 metadata: 425 name: ${CLUSTER_NAME}-mp-win 426 namespace: default 427 spec: 428 clusterName: ${CLUSTER_NAME} 429 replicas: ${WINDOWS_WORKER_MACHINE_COUNT:-0} 430 template: 431 spec: 432 bootstrap: 433 configRef: 434 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 435 kind: KubeadmConfig 436 name: ${CLUSTER_NAME}-mp-win 437 clusterName: ${CLUSTER_NAME} 438 infrastructureRef: 439 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 440 kind: AzureMachinePool 441 name: ${CLUSTER_NAME}-mp-win 442 version: ${KUBERNETES_VERSION} 443 --- 444 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 445 kind: AzureMachinePool 446 metadata: 447 annotations: 448 runtime: containerd 449 windowsServerVersion: ${WINDOWS_SERVER_VERSION:=""} 450 name: ${CLUSTER_NAME}-mp-win 451 namespace: default 452 spec: 453 identity: UserAssigned 454 location: ${AZURE_LOCATION} 455 template: 456 image: 457 marketplace: 458 offer: capi-windows 459 publisher: cncf-upstream 460 sku: ${WINDOWS_SERVER_VERSION:=windows-2019}-containerd-gen1 461 version: latest 462 osDisk: 463 diskSizeGB: 128 464 managedDisk: 465 storageAccountType: Premium_LRS 466 osType: Windows 467 sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} 468 vmSize: ${AZURE_NODE_MACHINE_TYPE} 469 userAssignedIdentities: 470 - providerID: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} 471 --- 472 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 473 kind: KubeadmConfig 474 metadata: 475 name: ${CLUSTER_NAME}-mp-win 476 namespace: default 477 spec: 478 files: 479 - contentFrom: 480 secret: 481 key: worker-node-azure.json 482 name: ${CLUSTER_NAME}-mp-win-azure-json 483 owner: root:root 484 path: c:/k/azure.json 485 permissions: "0644" 486 - content: Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe 487 path: C:/defender-exclude-calico.ps1 488 permissions: "0744" 489 - content: | 490 $ErrorActionPreference = 'Stop' 491 492 Stop-Service kubelet -Force 493 494 $$CI_VERSION="${CI_VERSION}" 495 if($$CI_VERSION -ne "") 496 { 497 $$binaries=@("kubeadm", "kubectl", "kubelet", "kube-proxy") 498 $$ci_url="https://storage.googleapis.com/k8s-release-dev/ci/$$CI_VERSION/bin/windows/amd64" 499 foreach ( $$binary in $$binaries ) 500 { 501 echo "downloading binary: $$ci_url/$$binary.exe" 502 curl.exe --retry 10 --retry-delay 5 "$$ci_url/$$binary.exe" --output "c:/k/$$binary.exe" 503 } 504 } 505 506 # Tag it to the ci version. The image knows how to use the copy locally with the configmap 507 # that is applied at at this stage (windows-kubeproxy-ci.yaml) 508 ctr.exe -n k8s.io images pull docker.io/sigwindowstools/kube-proxy:v1.23.1-calico-hostprocess 509 ctr.exe -n k8s.io images tag docker.io/sigwindowstools/kube-proxy:v1.23.1-calico-hostprocess "docker.io/sigwindowstools/kube-proxy:${CI_VERSION/+/_}-calico-hostprocess" 510 511 kubeadm.exe version -o=short 512 kubectl.exe version --client=true 513 kubelet.exe --version 514 path: C:/replace-k8s-binaries.ps1 515 permissions: "0744" 516 - content: | 517 $ErrorActionPreference = 'Stop' 518 519 echo "Use OOT credential provider" 520 mkdir C:\var\lib\kubelet\credential-provider 521 curl.exe --retry 10 --retry-delay 5 -L "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider.exe" --output C:\var\lib\kubelet\credential-provider\acr-credential-provider.exe 522 cp C:\var\lib\kubelet\credential-provider\acr-credential-provider.exe C:\var\lib\kubelet\credential-provider\acr-credential-provider 523 curl.exe --retry 10 --retry-delay 5 -L "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config-win.yaml" --output C:\var\lib\kubelet\credential-provider-config.yaml 524 path: C:/oot-cred-provider.ps1 525 permissions: "0744" 526 joinConfiguration: 527 nodeRegistration: 528 criSocket: npipe:////./pipe/containerd-containerd 529 kubeletExtraArgs: 530 cloud-provider: external 531 image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider 532 image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml 533 pod-infra-container-image: mcr.microsoft.com/oss/kubernetes/pause:3.9 534 name: '{{ ds.meta_data["local_hostname"] }}' 535 postKubeadmCommands: 536 - nssm set kubelet start SERVICE_AUTO_START 537 - powershell C:/defender-exclude-calico.ps1 538 preKubeadmCommands: 539 - powershell c:/create-external-network.ps1 540 - powershell C:/replace-k8s-binaries.ps1 541 - powershell C:/oot-cred-provider.ps1 542 users: 543 - groups: Administrators 544 name: capi 545 sshAuthorizedKeys: 546 - ${AZURE_SSH_PUBLIC_KEY:=""} 547 --- 548 apiVersion: addons.cluster.x-k8s.io/v1beta1 549 kind: ClusterResourceSet 550 metadata: 551 name: ${CLUSTER_NAME}-calico-windows 552 namespace: default 553 spec: 554 clusterSelector: 555 matchLabels: 556 cni-windows: ${CLUSTER_NAME}-calico 557 resources: 558 - kind: ConfigMap 559 name: cni-${CLUSTER_NAME}-calico-windows 560 strategy: ApplyOnce 561 --- 562 apiVersion: addons.cluster.x-k8s.io/v1beta1 563 kind: ClusterResourceSet 564 metadata: 565 name: csi-proxy 566 namespace: default 567 spec: 568 clusterSelector: 569 matchLabels: 570 csi-proxy: enabled 571 resources: 572 - kind: ConfigMap 573 name: csi-proxy-addon 574 strategy: ApplyOnce 575 --- 576 apiVersion: addons.cluster.x-k8s.io/v1beta1 577 kind: ClusterResourceSet 578 metadata: 579 name: containerd-logger-${CLUSTER_NAME} 580 namespace: default 581 spec: 582 clusterSelector: 583 matchLabels: 584 containerd-logger: enabled 585 resources: 586 - kind: ConfigMap 587 name: containerd-logger-${CLUSTER_NAME} 588 strategy: ApplyOnce 589 --- 590 apiVersion: addons.cluster.x-k8s.io/v1alpha1 591 kind: HelmChartProxy 592 metadata: 593 name: calico 594 namespace: default 595 spec: 596 chartName: tigera-operator 597 clusterSelector: 598 matchLabels: 599 cni: calico 600 namespace: tigera-operator 601 releaseName: projectcalico 602 repoURL: https://docs.tigera.io/calico/charts 603 valuesTemplate: |- 604 installation: 605 cni: 606 type: Calico 607 calicoNetwork: 608 bgp: Disabled 609 mtu: 1350 610 ipPools: 611 ipPools:{{range $i, $cidr := .Cluster.spec.clusterNetwork.pods.cidrBlocks }} 612 - cidr: {{ $cidr }} 613 encapsulation: VXLAN{{end}} 614 registry: mcr.microsoft.com/oss 615 # Image and registry configuration for the tigera/operator pod. 616 tigeraOperator: 617 image: tigera/operator 618 registry: mcr.microsoft.com/oss 619 calicoctl: 620 image: mcr.microsoft.com/oss/calico/ctl 621 version: ${CALICO_VERSION} 622 --- 623 apiVersion: addons.cluster.x-k8s.io/v1alpha1 624 kind: HelmChartProxy 625 metadata: 626 name: azuredisk-csi-driver-chart 627 namespace: default 628 spec: 629 chartName: azuredisk-csi-driver 630 clusterSelector: 631 matchLabels: 632 azuredisk-csi: "true" 633 namespace: kube-system 634 releaseName: azuredisk-csi-driver-oot 635 repoURL: https://raw.githubusercontent.com/kubernetes-sigs/azuredisk-csi-driver/master/charts 636 valuesTemplate: |- 637 controller: 638 replicas: 1 639 runOnControlPlane: true 640 windows: 641 useHostProcessContainers: {{ hasKey .Cluster.metadata.labels "cni-windows" }} 642 --- 643 apiVersion: addons.cluster.x-k8s.io/v1alpha1 644 kind: HelmChartProxy 645 metadata: 646 name: cloud-provider-azure-chart 647 namespace: default 648 spec: 649 chartName: cloud-provider-azure 650 clusterSelector: 651 matchLabels: 652 cloud-provider: azure 653 releaseName: cloud-provider-azure-oot 654 repoURL: https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/helm/repo 655 valuesTemplate: | 656 infra: 657 clusterName: {{ .Cluster.metadata.name }} 658 cloudControllerManager: 659 clusterCIDR: {{ .Cluster.spec.clusterNetwork.pods.cidrBlocks | join "," }} 660 logVerbosity: 4 661 --- 662 apiVersion: addons.cluster.x-k8s.io/v1alpha1 663 kind: HelmChartProxy 664 metadata: 665 name: cloud-provider-azure-chart-ci 666 namespace: default 667 spec: 668 chartName: cloud-provider-azure 669 clusterSelector: 670 matchLabels: 671 cloud-provider: azure-ci 672 releaseName: cloud-provider-azure-oot 673 repoURL: https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/helm/repo 674 valuesTemplate: | 675 infra: 676 clusterName: {{ .Cluster.metadata.name }} 677 cloudControllerManager: 678 cloudConfig: ${CLOUD_CONFIG:-"/etc/kubernetes/azure.json"} 679 cloudConfigSecretName: ${CONFIG_SECRET_NAME:-""} 680 clusterCIDR: {{ .Cluster.spec.clusterNetwork.pods.cidrBlocks | join "," }} 681 imageName: "${CCM_IMAGE_NAME:-""}" 682 imageRepository: "${IMAGE_REGISTRY:-""}" 683 imageTag: "${IMAGE_TAG_CCM:-""}" 684 logVerbosity: ${CCM_LOG_VERBOSITY:-4} 685 replicas: ${CCM_COUNT:-1} 686 enableDynamicReloading: ${ENABLE_DYNAMIC_RELOADING:-false} 687 cloudNodeManager: 688 imageName: "${CNM_IMAGE_NAME:-""}" 689 imageRepository: "${IMAGE_REGISTRY:-""}" 690 imageTag: "${IMAGE_TAG_CNM:-""}" 691 --- 692 apiVersion: v1 693 data: 694 kube-proxy-patch: |- 695 apiVersion: v1 696 kind: ConfigMap 697 metadata: 698 name: windows-kubeproxy-ci 699 namespace: kube-system 700 data: 701 KUBEPROXY_PATH: "c:/k/kube-proxy.exe" 702 proxy: | 703 apiVersion: apps/v1 704 kind: DaemonSet 705 metadata: 706 labels: 707 k8s-app: kube-proxy 708 name: kube-proxy-windows 709 namespace: kube-system 710 spec: 711 selector: 712 matchLabels: 713 k8s-app: kube-proxy-windows 714 template: 715 metadata: 716 labels: 717 k8s-app: kube-proxy-windows 718 spec: 719 serviceAccountName: kube-proxy 720 securityContext: 721 windowsOptions: 722 hostProcess: true 723 runAsUserName: "NT AUTHORITY\\system" 724 hostNetwork: true 725 containers: 726 - image: sigwindowstools/kube-proxy:${KUBERNETES_VERSION/+/_}-calico-hostprocess 727 args: ["$env:CONTAINER_SANDBOX_MOUNT_POINT/kube-proxy/start.ps1"] 728 workingDir: "$env:CONTAINER_SANDBOX_MOUNT_POINT/kube-proxy/" 729 name: kube-proxy 730 env: 731 - name: NODE_NAME 732 valueFrom: 733 fieldRef: 734 apiVersion: v1 735 fieldPath: spec.nodeName 736 - name: POD_IP 737 valueFrom: 738 fieldRef: 739 fieldPath: status.podIP 740 - name: KUBEPROXY_PATH 741 valueFrom: 742 configMapKeyRef: 743 name: windows-kubeproxy-ci 744 key: KUBEPROXY_PATH 745 optional: true 746 volumeMounts: 747 - mountPath: /var/lib/kube-proxy 748 name: kube-proxy 749 nodeSelector: 750 kubernetes.io/os: windows 751 tolerations: 752 - key: CriticalAddonsOnly 753 operator: Exists 754 - operator: Exists 755 volumes: 756 - configMap: 757 name: kube-proxy 758 name: kube-proxy 759 updateStrategy: 760 type: RollingUpdate 761 windows-cni: "# strictAffinity required for windows\napiVersion: crd.projectcalico.org/v1\nkind: 762 IPAMConfig\nmetadata:\n name: default\nspec:\n autoAllocateBlocks: true\n strictAffinity: 763 true\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-static-rules\n 764 \ namespace: calico-system\n labels:\n tier: node\n app: calico\ndata:\n 765 \ static-rules.json: |\n {\n \"Provider\": \"azure\",\n \"Version\": 766 \"0.1\",\n \"Rules\": [\n {\n \"Name\": \"EndpointPolicy\",\n 767 \ \"Rule\": {\n \"Id\": \"wireserver\",\n \"Type\": 768 \"ACL\",\n \"Protocol\": 6,\n \"Action\": \"Block\",\n 769 \ \"Direction\": \"Out\",\n \"RemoteAddresses\": \"168.63.129.16/32\",\n 770 \ \"RemotePorts\": \"80\",\n \"Priority\": 200,\n \"RuleType\": 771 \"Switch\"\n }\n }\n ]\n } \n---\nkind: ConfigMap\napiVersion: 772 v1\nmetadata:\n name: calico-config-windows\n namespace: calico-system\n labels:\n 773 \ tier: node\n app: calico\ndata:\n veth_mtu: \"1350\"\n \n cni_network_config: 774 |\n {\n \"name\": \"Calico\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": 775 [\n {\n \"windows_use_single_network\": true,\n \"type\": 776 \"calico\",\n \"mode\": \"vxlan\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n 777 \ \"nodename_file_optional\": true,\n \"log_file_path\": \"c:/cni.log\",\n 778 \ \"log_level\": \"debug\",\n\n \"vxlan_mac_prefix\": \"0E-2A\",\n 779 \ \"vxlan_vni\": 4096,\n \"mtu\": __CNI_MTU__,\n \"policy\": 780 {\n \"type\": \"k8s\"\n },\n\n \"log_level\": \"info\",\n\n 781 \ \"capabilities\": {\"dns\": true},\n \"DNS\": {\n \"Search\": 782 \ [\n \"svc.cluster.local\"\n ]\n },\n\n \"datastore_type\": 783 \"kubernetes\",\n\n \"kubernetes\": {\n \"kubeconfig\": \"__KUBECONFIG_FILEPATH__\"\n 784 \ },\n\n \"ipam\": {\n \"type\": \"calico-ipam\",\n 785 \ \"subnet\": \"usePodCidr\"\n },\n\n \"policies\": 786 \ [\n {\n \"Name\": \"EndpointPolicy\",\n \"Value\": 787 \ {\n \"Type\": \"OutBoundNAT\",\n \"ExceptionList\": 788 \ [\n \"__K8S_SERVICE_CIDR__\"\n ]\n }\n 789 \ },\n {\n \"Name\": \"EndpointPolicy\",\n 790 \ \"Value\": {\n \"Type\": \"SDNROUTE\",\n \"DestinationPrefix\": 791 \ \"__K8S_SERVICE_CIDR__\",\n \"NeedEncap\": true\n }\n 792 \ }\n ]\n }\n ]\n\n }\n---\napiVersion: apps/v1\nkind: 793 DaemonSet\nmetadata:\n name: calico-node-windows\n labels:\n tier: node\n 794 \ app: calico\n namespace: calico-system\nspec:\n selector:\n matchLabels:\n 795 \ app: calico\n template:\n metadata:\n labels:\n tier: node\n 796 \ app: calico\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n 797 \ nodeSelectorTerms:\n - matchExpressions:\n - 798 key: kubernetes.io/os\n operator: In\n values:\n 799 \ - windows\n - key: kubernetes.io/arch\n 800 \ operator: In\n values:\n - 801 amd64\n securityContext:\n windowsOptions:\n hostProcess: 802 true\n runAsUserName: \"NT AUTHORITY\\\\system\"\n hostNetwork: 803 true\n serviceAccountName: calico-node\n tolerations:\n - operator: 804 Exists\n effect: NoSchedule\n # Mark the pod as a critical add-on 805 for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n 806 \ - effect: NoExecute\n operator: Exists\n initContainers:\n # 807 This container installs the CNI binaries\n # and CNI network config file 808 on each node.\n - name: install-cni\n image: sigwindowstools/calico-install:v3.26.1-hostprocess\n 809 \ args: [\"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/install.ps1\"]\n 810 \ imagePullPolicy: Always\n env:\n # Name of the CNI 811 config file to create.\n - name: CNI_CONF_NAME\n value: 812 \"10-calico.conflist\"\n # The CNI network config to install on each 813 node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n 814 \ name: calico-config-windows\n key: cni_network_config\n 815 \ # Set the hostname based on the k8s node name.\n - name: 816 KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: 817 spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n 818 \ valueFrom:\n configMapKeyRef:\n name: 819 calico-config-windows\n key: veth_mtu\n # Prevents 820 the container from sleeping forever.\n - name: SLEEP\n value: 821 \"false\"\n - name: K8S_SERVICE_CIDR\n value: \"10.96.0.0/12\"\n 822 \ volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: 823 cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: 824 cni-net-dir\n - name: kubeadm-config\n mountPath: /etc/kubeadm-config/\n 825 \ securityContext:\n windowsOptions:\n hostProcess: 826 true\n runAsUserName: \"NT AUTHORITY\\\\system\"\n containers:\n 827 \ - name: calico-node-startup\n image: sigwindowstools/calico-node:v3.26.1-hostprocess\n 828 \ args: [\"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/node-service.ps1\"]\n 829 \ workingDir: \"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/\"\n imagePullPolicy: 830 Always\n volumeMounts:\n - name: calico-config-windows\n mountPath: 831 /etc/kube-calico-windows/\n env:\n - name: POD_NAME\n valueFrom:\n 832 \ fieldRef:\n apiVersion: v1\n fieldPath: 833 metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n 834 \ apiVersion: v1\n fieldPath: metadata.namespace\n - 835 name: CNI_IPAM_TYPE\n value: \"calico-ipam\"\n - name: CALICO_NETWORKING_BACKEND\n 836 \ value: \"vxlan\"\n - name: KUBECONFIG\n value: \"C:/etc/cni/net.d/calico-kubeconfig\"\n 837 \ - name: VXLAN_VNI\n value: \"4096\"\n - name: calico-node-felix\n 838 \ image: sigwindowstools/calico-node:v3.26.1-hostprocess\n args: 839 [\"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/felix-service.ps1\"]\n imagePullPolicy: 840 Always\n workingDir: \"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/\"\n volumeMounts:\n 841 \ - name: calico-config-windows\n mountPath: /etc/kube-calico-windows/\n 842 \ - name: calico-static-rules\n mountPath: /calico/static-rules.json\n 843 \ subPath: static-rules.json\n env:\n - name: POD_NAME\n 844 \ valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: 845 metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n 846 \ apiVersion: v1\n fieldPath: metadata.namespace\n - 847 name: VXLAN_VNI\n value: \"4096\"\n - name: KUBECONFIG\n value: 848 \"C:/etc/cni/net.d/calico-kubeconfig\"\n volumes:\n - name: calico-config-windows\n 849 \ configMap:\n name: calico-config-windows\n - name: calico-static-rules\n 850 \ configMap:\n name: calico-static-rules\n # Used to install 851 CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n 852 \ - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n 853 \ - name: kubeadm-config\n configMap:\n name: kubeadm-config\n---\napiVersion: 854 apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamconfigs.crd.projectcalico.org\nspec:\n 855 \ group: crd.projectcalico.org\n names:\n kind: IPAMConfig\n listKind: 856 IPAMConfigList\n plural: ipamconfigs\n singular: ipamconfig\n preserveUnknownFields: 857 false\n scope: Cluster\n versions:\n - name: v1\n schema:\n openAPIV3Schema:\n 858 \ properties:\n apiVersion:\n description: 'APIVersion 859 defines the versioned schema of this representation\n of an object. 860 Servers should convert recognized schemas to the latest\n internal 861 value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n 862 \ type: string\n kind:\n description: 'Kind is a 863 string value representing the REST resource this\n object represents. 864 Servers may infer this from the endpoint the client\n submits requests 865 to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n 866 \ type: string\n metadata:\n type: object\n spec:\n 867 \ description: IPAMConfigSpec contains the specification for an IPAMConfig\n 868 \ resource.\n properties:\n autoAllocateBlocks:\n 869 \ type: boolean\n maxBlocksPerHost:\n description: 870 MaxBlocksPerHost, if non-zero, is the max number of blocks\n that 871 can be affine to each host.\n maximum: 2147483647\n minimum: 872 0\n type: integer\n strictAffinity:\n type: 873 boolean\n required:\n - autoAllocateBlocks\n - 874 strictAffinity\n type: object\n type: object\n served: true\n 875 \ storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n 876 \ conditions: []\n storedVersions: []\n" 877 kind: ConfigMap 878 metadata: 879 annotations: 880 note: generated 881 labels: 882 type: generated 883 name: cni-${CLUSTER_NAME}-calico-windows 884 namespace: default 885 --- 886 apiVersion: v1 887 data: 888 csi-proxy: | 889 apiVersion: apps/v1 890 kind: DaemonSet 891 metadata: 892 labels: 893 k8s-app: csi-proxy 894 name: csi-proxy 895 namespace: kube-system 896 spec: 897 selector: 898 matchLabels: 899 k8s-app: csi-proxy 900 template: 901 metadata: 902 labels: 903 k8s-app: csi-proxy 904 spec: 905 nodeSelector: 906 "kubernetes.io/os": windows 907 securityContext: 908 windowsOptions: 909 hostProcess: true 910 runAsUserName: "NT AUTHORITY\\SYSTEM" 911 hostNetwork: true 912 containers: 913 - name: csi-proxy 914 image: ghcr.io/kubernetes-sigs/sig-windows/csi-proxy:v1.0.2 915 kind: ConfigMap 916 metadata: 917 annotations: 918 note: generated 919 labels: 920 type: generated 921 name: csi-proxy-addon 922 namespace: default 923 --- 924 apiVersion: v1 925 data: 926 containerd-windows-logger: | 927 apiVersion: apps/v1 928 kind: DaemonSet 929 metadata: 930 labels: 931 k8s-app: containerd-logger 932 name: containerd-logger 933 namespace: kube-system 934 spec: 935 selector: 936 matchLabels: 937 k8s-app: containerd-logger 938 template: 939 metadata: 940 labels: 941 k8s-app: containerd-logger 942 spec: 943 securityContext: 944 windowsOptions: 945 hostProcess: true 946 runAsUserName: "NT AUTHORITY\\system" 947 hostNetwork: true 948 containers: 949 - image: ghcr.io/kubernetes-sigs/sig-windows/eventflow-logger:v0.1.0 950 args: [ "config.json" ] 951 name: containerd-logger 952 imagePullPolicy: Always 953 volumeMounts: 954 - name: containerd-logger-config 955 mountPath: /config.json 956 subPath: config.json 957 nodeSelector: 958 kubernetes.io/os: windows 959 tolerations: 960 - key: CriticalAddonsOnly 961 operator: Exists 962 - operator: Exists 963 volumes: 964 - configMap: 965 name: containerd-logger-config 966 name: containerd-logger-config 967 updateStrategy: 968 type: RollingUpdate 969 --- 970 kind: ConfigMap 971 apiVersion: v1 972 metadata: 973 name: containerd-logger-config 974 namespace: kube-system 975 data: 976 config.json: | 977 { 978 "inputs": [ 979 { 980 "type": "ETW", 981 "sessionNamePrefix": "containerd", 982 "cleanupOldSessions": true, 983 "reuseExistingSession": true, 984 "providers": [ 985 { 986 "providerName": "Microsoft.Virtualization.RunHCS", 987 "providerGuid": "0B52781F-B24D-5685-DDF6-69830ED40EC3", 988 "level": "Verbose" 989 }, 990 { 991 "providerName": "ContainerD", 992 "providerGuid": "2acb92c0-eb9b-571a-69cf-8f3410f383ad", 993 "level": "Verbose" 994 } 995 ] 996 } 997 ], 998 "filters": [ 999 { 1000 "type": "drop", 1001 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == Stats && hasnoproperty error" 1002 }, 1003 { 1004 "type": "drop", 1005 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == hcsshim::LayerID && hasnoproperty error" 1006 }, 1007 { 1008 "type": "drop", 1009 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == hcsshim::NameToGuid && hasnoproperty error" 1010 }, 1011 { 1012 "type": "drop", 1013 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == containerd.task.v2.Task.Stats && hasnoproperty error" 1014 }, 1015 { 1016 "type": "drop", 1017 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == containerd.task.v2.Task.State && hasnoproperty error" 1018 }, 1019 { 1020 "type": "drop", 1021 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == HcsGetProcessProperties && hasnoproperty error" 1022 }, 1023 { 1024 "type": "drop", 1025 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == HcsGetComputeSystemProperties && hasnoproperty error" 1026 } 1027 ], 1028 "outputs": [ 1029 { 1030 "type": "StdOutput" 1031 } 1032 ], 1033 "schemaVersion": "2016-08-11" 1034 } 1035 kind: ConfigMap 1036 metadata: 1037 annotations: 1038 note: generated 1039 labels: 1040 type: generated 1041 name: containerd-logger-${CLUSTER_NAME} 1042 namespace: default