sigs.k8s.io/cluster-api-provider-azure@v1.17.0/templates/test/ci/cluster-template-prow.yaml (about) 1 apiVersion: cluster.x-k8s.io/v1beta1 2 kind: Cluster 3 metadata: 4 labels: 5 cloud-provider: ${CLOUD_PROVIDER_AZURE_LABEL:=azure} 6 cni: calico 7 cni-windows: ${CLUSTER_NAME}-calico 8 containerd-logger: enabled 9 csi-proxy: enabled 10 name: ${CLUSTER_NAME} 11 namespace: default 12 spec: 13 clusterNetwork: 14 pods: 15 cidrBlocks: 16 - 192.168.0.0/16 17 controlPlaneRef: 18 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 19 kind: KubeadmControlPlane 20 name: ${CLUSTER_NAME}-control-plane 21 infrastructureRef: 22 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 23 kind: AzureCluster 24 name: ${CLUSTER_NAME} 25 --- 26 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 27 kind: AzureCluster 28 metadata: 29 name: ${CLUSTER_NAME} 30 namespace: default 31 spec: 32 additionalTags: 33 buildProvenance: ${BUILD_PROVENANCE} 34 creationTimestamp: ${TIMESTAMP} 35 jobName: ${JOB_NAME} 36 identityRef: 37 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 38 kind: AzureClusterIdentity 39 name: ${CLUSTER_IDENTITY_NAME} 40 location: ${AZURE_LOCATION} 41 networkSpec: 42 subnets: 43 - name: control-plane-subnet 44 role: control-plane 45 - name: node-subnet 46 role: node 47 vnet: 48 name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} 49 resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} 50 subscriptionID: ${AZURE_SUBSCRIPTION_ID} 51 --- 52 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 53 kind: KubeadmControlPlane 54 metadata: 55 name: ${CLUSTER_NAME}-control-plane 56 namespace: default 57 spec: 58 kubeadmConfigSpec: 59 clusterConfiguration: 60 apiServer: 61 extraArgs: 62 cloud-provider: external 63 feature-gates: ${K8S_FEATURE_GATES:-""} 64 timeoutForControlPlane: 20m 65 controllerManager: 66 extraArgs: 67 allocate-node-cidrs: "false" 68 cloud-provider: external 69 cluster-name: ${CLUSTER_NAME} 70 v: "4" 71 etcd: 72 local: 73 dataDir: /var/lib/etcddisk/etcd 74 extraArgs: 75 quota-backend-bytes: "8589934592" 76 diskSetup: 77 filesystems: 78 - device: /dev/disk/azure/scsi1/lun0 79 extraOpts: 80 - -E 81 - lazy_itable_init=1,lazy_journal_init=1 82 filesystem: ext4 83 label: etcd_disk 84 - device: ephemeral0.1 85 filesystem: ext4 86 label: ephemeral0 87 replaceFS: ntfs 88 partitions: 89 - device: /dev/disk/azure/scsi1/lun0 90 layout: true 91 overwrite: false 92 tableType: gpt 93 files: 94 - contentFrom: 95 secret: 96 key: control-plane-azure.json 97 name: ${CLUSTER_NAME}-control-plane-azure-json 98 owner: root:root 99 path: /etc/kubernetes/azure.json 100 permissions: "0644" 101 initConfiguration: 102 nodeRegistration: 103 kubeletExtraArgs: 104 cloud-provider: external 105 name: '{{ ds.meta_data["local_hostname"] }}' 106 joinConfiguration: 107 nodeRegistration: 108 kubeletExtraArgs: 109 cloud-provider: external 110 name: '{{ ds.meta_data["local_hostname"] }}' 111 mounts: 112 - - LABEL=etcd_disk 113 - /var/lib/etcddisk 114 postKubeadmCommands: [] 115 preKubeadmCommands: [] 116 machineTemplate: 117 infrastructureRef: 118 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 119 kind: AzureMachineTemplate 120 name: ${CLUSTER_NAME}-control-plane 121 replicas: ${CONTROL_PLANE_MACHINE_COUNT:=1} 122 version: ${KUBERNETES_VERSION} 123 --- 124 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 125 kind: AzureMachineTemplate 126 metadata: 127 name: ${CLUSTER_NAME}-control-plane 128 namespace: default 129 spec: 130 template: 131 spec: 132 dataDisks: 133 - diskSizeGB: 256 134 lun: 0 135 nameSuffix: etcddisk 136 identity: UserAssigned 137 osDisk: 138 diskSizeGB: 128 139 osType: Linux 140 sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} 141 userAssignedIdentities: 142 - providerID: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} 143 vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} 144 --- 145 apiVersion: cluster.x-k8s.io/v1beta1 146 kind: MachineDeployment 147 metadata: 148 name: ${CLUSTER_NAME}-md-0 149 namespace: default 150 spec: 151 clusterName: ${CLUSTER_NAME} 152 replicas: ${WORKER_MACHINE_COUNT:=2} 153 selector: {} 154 template: 155 metadata: 156 labels: 157 nodepool: pool1 158 spec: 159 bootstrap: 160 configRef: 161 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 162 kind: KubeadmConfigTemplate 163 name: ${CLUSTER_NAME}-md-0 164 clusterName: ${CLUSTER_NAME} 165 infrastructureRef: 166 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 167 kind: AzureMachineTemplate 168 name: ${CLUSTER_NAME}-md-0 169 version: ${KUBERNETES_VERSION} 170 --- 171 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 172 kind: AzureMachineTemplate 173 metadata: 174 name: ${CLUSTER_NAME}-md-0 175 namespace: default 176 spec: 177 template: 178 spec: 179 identity: UserAssigned 180 osDisk: 181 diskSizeGB: 128 182 osType: Linux 183 sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} 184 userAssignedIdentities: 185 - providerID: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} 186 vmExtensions: 187 - name: CustomScript 188 protectedSettings: 189 commandToExecute: | 190 #!/bin/sh 191 echo "This script is a no-op used for extension testing purposes ..." 192 touch test_file 193 publisher: Microsoft.Azure.Extensions 194 version: "2.1" 195 vmSize: ${AZURE_NODE_MACHINE_TYPE} 196 --- 197 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 198 kind: KubeadmConfigTemplate 199 metadata: 200 name: ${CLUSTER_NAME}-md-0 201 namespace: default 202 spec: 203 template: 204 spec: 205 files: 206 - contentFrom: 207 secret: 208 key: worker-node-azure.json 209 name: ${CLUSTER_NAME}-md-0-azure-json 210 owner: root:root 211 path: /etc/kubernetes/azure.json 212 permissions: "0644" 213 joinConfiguration: 214 nodeRegistration: 215 kubeletExtraArgs: 216 cloud-provider: external 217 name: '{{ ds.meta_data["local_hostname"] }}' 218 preKubeadmCommands: [] 219 --- 220 apiVersion: cluster.x-k8s.io/v1beta1 221 kind: MachineDeployment 222 metadata: 223 name: ${CLUSTER_NAME}-md-win 224 namespace: default 225 spec: 226 clusterName: ${CLUSTER_NAME} 227 replicas: ${WINDOWS_WORKER_MACHINE_COUNT:-0} 228 selector: {} 229 template: 230 spec: 231 bootstrap: 232 configRef: 233 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 234 kind: KubeadmConfigTemplate 235 name: ${CLUSTER_NAME}-md-win 236 clusterName: ${CLUSTER_NAME} 237 infrastructureRef: 238 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 239 kind: AzureMachineTemplate 240 name: ${CLUSTER_NAME}-md-win 241 version: ${KUBERNETES_VERSION} 242 --- 243 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 244 kind: AzureMachineTemplate 245 metadata: 246 annotations: 247 runtime: containerd 248 name: ${CLUSTER_NAME}-md-win 249 namespace: default 250 spec: 251 template: 252 metadata: 253 annotations: 254 runtime: containerd 255 windowsServerVersion: ${WINDOWS_SERVER_VERSION:=""} 256 spec: 257 identity: UserAssigned 258 osDisk: 259 diskSizeGB: 128 260 managedDisk: 261 storageAccountType: Premium_LRS 262 osType: Windows 263 sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} 264 userAssignedIdentities: 265 - providerID: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} 266 vmSize: ${AZURE_NODE_MACHINE_TYPE} 267 --- 268 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 269 kind: KubeadmConfigTemplate 270 metadata: 271 name: ${CLUSTER_NAME}-md-win 272 namespace: default 273 spec: 274 template: 275 spec: 276 files: 277 - contentFrom: 278 secret: 279 key: worker-node-azure.json 280 name: ${CLUSTER_NAME}-md-win-azure-json 281 owner: root:root 282 path: c:/k/azure.json 283 permissions: "0644" 284 - content: |- 285 Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe 286 Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico-ipam.exe 287 path: C:/defender-exclude-calico.ps1 288 permissions: "0744" 289 - content: | 290 # /tmp is assumed created and required for upstream e2e tests to pass 291 New-Item -ItemType Directory -Force -Path C:\tmp\ 292 path: C:/create-temp-folder.ps1 293 permissions: "0744" 294 - content: | 295 $ErrorActionPreference = 'Stop' 296 297 $$CONTAINERD_URL="${WINDOWS_CONTAINERD_URL}" 298 if($$CONTAINERD_URL -ne ""){ 299 # Kubelet service depends on contianerd service so make a best effort attempt to stop it 300 Stop-Service kubelet -Force -ErrorAction SilentlyContinue 301 Stop-Service containerd -Force 302 echo "downloading containerd: $$CONTAINERD_URL" 303 curl.exe --retry 10 --retry-delay 5 -L "$$CONTAINERD_URL" --output "c:/k/containerd.tar.gz" 304 tar.exe -zxvf c:/k/containerd.tar.gz -C "c:/Program Files/containerd" --strip-components 1 305 306 Start-Service containerd 307 } 308 309 containerd.exe --version 310 containerd-shim-runhcs-v1.exe --version 311 path: C:/replace-containerd.ps1 312 permissions: "0744" 313 - content: | 314 mkdir -Force c:/localdumps 315 reg.exe add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps" /V DumpCount /t REG_DWORD /d 50 /f 316 reg.exe add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps" /V DumpType /t REG_DWORD /d 2 /f 317 reg.exe add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps" /V DumpFolder /t REG_EXPAND_SZ /d "c:/LocalDumps" /f 318 # Enable sftp so we can copy crash dump files during log collection of stfp 319 $sshd_config = "$env:ProgramData\ssh\sshd_config" 320 if (-not (Test-Path $sshd_config)) { mkdir -Force $sshd_config } 321 Add-Content -Path $sshd_config "Subsystem sftp sftp-server.exe" 322 sc.exe stop sshd 323 sc.exe start sshd 324 path: C:/collect-hns-crashes.ps1 325 permissions: "0744" 326 joinConfiguration: 327 nodeRegistration: 328 criSocket: npipe:////./pipe/containerd-containerd 329 kubeletExtraArgs: 330 cloud-provider: external 331 feature-gates: ${NODE_FEATURE_GATES:-""} 332 v: "2" 333 windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS 334 name: '{{ ds.meta_data["local_hostname"] }}' 335 postKubeadmCommands: 336 - nssm set kubelet start SERVICE_AUTO_START 337 - powershell C:/defender-exclude-calico.ps1 338 preKubeadmCommands: 339 - powershell C:/create-temp-folder.ps1 340 - powershell C:/replace-containerd.ps1 341 - powershell C:/collect-hns-crashes.ps1 342 users: 343 - groups: Administrators 344 name: capi 345 sshAuthorizedKeys: 346 - ${AZURE_SSH_PUBLIC_KEY:=""} 347 --- 348 apiVersion: cluster.x-k8s.io/v1beta1 349 kind: MachineHealthCheck 350 metadata: 351 name: ${CLUSTER_NAME}-mhc-0 352 namespace: default 353 spec: 354 clusterName: ${CLUSTER_NAME} 355 maxUnhealthy: 100% 356 selector: 357 matchLabels: 358 nodepool: pool1 359 unhealthyConditions: 360 - status: "True" 361 timeout: 30s 362 type: E2ENodeUnhealthy 363 --- 364 apiVersion: addons.cluster.x-k8s.io/v1beta1 365 kind: ClusterResourceSet 366 metadata: 367 name: ${CLUSTER_NAME}-calico-windows 368 namespace: default 369 spec: 370 clusterSelector: 371 matchLabels: 372 cni-windows: ${CLUSTER_NAME}-calico 373 resources: 374 - kind: ConfigMap 375 name: cni-${CLUSTER_NAME}-calico-windows 376 strategy: ApplyOnce 377 --- 378 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 379 kind: AzureClusterIdentity 380 metadata: 381 labels: 382 clusterctl.cluster.x-k8s.io/move-hierarchy: "true" 383 name: ${CLUSTER_IDENTITY_NAME} 384 namespace: default 385 spec: 386 allowedNamespaces: {} 387 clientID: ${AZURE_CLIENT_ID_USER_ASSIGNED_IDENTITY} 388 tenantID: ${AZURE_TENANT_ID} 389 type: ${CLUSTER_IDENTITY_TYPE:=WorkloadIdentity} 390 --- 391 apiVersion: addons.cluster.x-k8s.io/v1beta1 392 kind: ClusterResourceSet 393 metadata: 394 name: csi-proxy 395 namespace: default 396 spec: 397 clusterSelector: 398 matchLabels: 399 csi-proxy: enabled 400 resources: 401 - kind: ConfigMap 402 name: csi-proxy-addon 403 strategy: ApplyOnce 404 --- 405 apiVersion: addons.cluster.x-k8s.io/v1beta1 406 kind: ClusterResourceSet 407 metadata: 408 name: containerd-logger-${CLUSTER_NAME} 409 namespace: default 410 spec: 411 clusterSelector: 412 matchLabels: 413 containerd-logger: enabled 414 resources: 415 - kind: ConfigMap 416 name: containerd-logger-${CLUSTER_NAME} 417 strategy: ApplyOnce 418 --- 419 apiVersion: addons.cluster.x-k8s.io/v1alpha1 420 kind: HelmChartProxy 421 metadata: 422 name: calico 423 namespace: default 424 spec: 425 chartName: tigera-operator 426 clusterSelector: 427 matchLabels: 428 cni: calico 429 namespace: tigera-operator 430 releaseName: projectcalico 431 repoURL: https://docs.tigera.io/calico/charts 432 valuesTemplate: |- 433 installation: 434 cni: 435 type: Calico 436 calicoNetwork: 437 bgp: Disabled 438 mtu: 1350 439 ipPools: 440 ipPools:{{range $i, $cidr := .Cluster.spec.clusterNetwork.pods.cidrBlocks }} 441 - cidr: {{ $cidr }} 442 encapsulation: VXLAN{{end}} 443 registry: mcr.microsoft.com/oss 444 # Image and registry configuration for the tigera/operator pod. 445 tigeraOperator: 446 image: tigera/operator 447 registry: mcr.microsoft.com/oss 448 calicoctl: 449 image: mcr.microsoft.com/oss/calico/ctl 450 version: ${CALICO_VERSION} 451 --- 452 apiVersion: addons.cluster.x-k8s.io/v1alpha1 453 kind: HelmChartProxy 454 metadata: 455 name: azuredisk-csi-driver-chart 456 namespace: default 457 spec: 458 chartName: azuredisk-csi-driver 459 clusterSelector: 460 matchLabels: 461 azuredisk-csi: "true" 462 namespace: kube-system 463 releaseName: azuredisk-csi-driver-oot 464 repoURL: https://raw.githubusercontent.com/kubernetes-sigs/azuredisk-csi-driver/master/charts 465 valuesTemplate: |- 466 controller: 467 replicas: 1 468 runOnControlPlane: true 469 windows: 470 useHostProcessContainers: {{ hasKey .Cluster.metadata.labels "cni-windows" }} 471 --- 472 apiVersion: addons.cluster.x-k8s.io/v1alpha1 473 kind: HelmChartProxy 474 metadata: 475 name: cloud-provider-azure-chart 476 namespace: default 477 spec: 478 chartName: cloud-provider-azure 479 clusterSelector: 480 matchLabels: 481 cloud-provider: azure 482 releaseName: cloud-provider-azure-oot 483 repoURL: https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/helm/repo 484 valuesTemplate: | 485 infra: 486 clusterName: {{ .Cluster.metadata.name }} 487 cloudControllerManager: 488 clusterCIDR: {{ .Cluster.spec.clusterNetwork.pods.cidrBlocks | join "," }} 489 logVerbosity: 4 490 --- 491 apiVersion: addons.cluster.x-k8s.io/v1alpha1 492 kind: HelmChartProxy 493 metadata: 494 name: cloud-provider-azure-chart-ci 495 namespace: default 496 spec: 497 chartName: cloud-provider-azure 498 clusterSelector: 499 matchLabels: 500 cloud-provider: azure-ci 501 releaseName: cloud-provider-azure-oot 502 repoURL: https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/helm/repo 503 valuesTemplate: | 504 infra: 505 clusterName: {{ .Cluster.metadata.name }} 506 cloudControllerManager: 507 cloudConfig: ${CLOUD_CONFIG:-"/etc/kubernetes/azure.json"} 508 cloudConfigSecretName: ${CONFIG_SECRET_NAME:-""} 509 clusterCIDR: {{ .Cluster.spec.clusterNetwork.pods.cidrBlocks | join "," }} 510 imageName: "${CCM_IMAGE_NAME:-""}" 511 imageRepository: "${IMAGE_REGISTRY:-""}" 512 imageTag: "${IMAGE_TAG_CCM:-""}" 513 logVerbosity: ${CCM_LOG_VERBOSITY:-4} 514 replicas: ${CCM_COUNT:-1} 515 enableDynamicReloading: ${ENABLE_DYNAMIC_RELOADING:-false} 516 cloudNodeManager: 517 imageName: "${CNM_IMAGE_NAME:-""}" 518 imageRepository: "${IMAGE_REGISTRY:-""}" 519 imageTag: "${IMAGE_TAG_CNM:-""}" 520 --- 521 apiVersion: v1 522 data: 523 proxy: | 524 apiVersion: apps/v1 525 kind: DaemonSet 526 metadata: 527 labels: 528 k8s-app: kube-proxy 529 name: kube-proxy-windows 530 namespace: kube-system 531 spec: 532 selector: 533 matchLabels: 534 k8s-app: kube-proxy-windows 535 template: 536 metadata: 537 labels: 538 k8s-app: kube-proxy-windows 539 spec: 540 serviceAccountName: kube-proxy 541 securityContext: 542 windowsOptions: 543 hostProcess: true 544 runAsUserName: "NT AUTHORITY\\system" 545 hostNetwork: true 546 containers: 547 - image: sigwindowstools/kube-proxy:${KUBERNETES_VERSION/+/_}-calico-hostprocess 548 args: ["$env:CONTAINER_SANDBOX_MOUNT_POINT/kube-proxy/start.ps1"] 549 workingDir: "$env:CONTAINER_SANDBOX_MOUNT_POINT/kube-proxy/" 550 name: kube-proxy 551 env: 552 - name: NODE_NAME 553 valueFrom: 554 fieldRef: 555 apiVersion: v1 556 fieldPath: spec.nodeName 557 - name: POD_IP 558 valueFrom: 559 fieldRef: 560 fieldPath: status.podIP 561 - name: KUBEPROXY_PATH 562 valueFrom: 563 configMapKeyRef: 564 name: windows-kubeproxy-ci 565 key: KUBEPROXY_PATH 566 optional: true 567 volumeMounts: 568 - mountPath: /var/lib/kube-proxy 569 name: kube-proxy 570 nodeSelector: 571 kubernetes.io/os: windows 572 tolerations: 573 - key: CriticalAddonsOnly 574 operator: Exists 575 - operator: Exists 576 volumes: 577 - configMap: 578 name: kube-proxy 579 name: kube-proxy 580 updateStrategy: 581 type: RollingUpdate 582 windows-cni: "# strictAffinity required for windows\napiVersion: crd.projectcalico.org/v1\nkind: 583 IPAMConfig\nmetadata:\n name: default\nspec:\n autoAllocateBlocks: true\n strictAffinity: 584 true\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-static-rules\n 585 \ namespace: calico-system\n labels:\n tier: node\n app: calico\ndata:\n 586 \ static-rules.json: |\n {\n \"Provider\": \"azure\",\n \"Version\": 587 \"0.1\",\n \"Rules\": [\n {\n \"Name\": \"EndpointPolicy\",\n 588 \ \"Rule\": {\n \"Id\": \"wireserver\",\n \"Type\": 589 \"ACL\",\n \"Protocol\": 6,\n \"Action\": \"Block\",\n 590 \ \"Direction\": \"Out\",\n \"RemoteAddresses\": \"168.63.129.16/32\",\n 591 \ \"RemotePorts\": \"80\",\n \"Priority\": 200,\n \"RuleType\": 592 \"Switch\"\n }\n }\n ]\n } \n---\nkind: ConfigMap\napiVersion: 593 v1\nmetadata:\n name: calico-config-windows\n namespace: calico-system\n labels:\n 594 \ tier: node\n app: calico\ndata:\n veth_mtu: \"1350\"\n \n cni_network_config: 595 |\n {\n \"name\": \"Calico\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": 596 [\n {\n \"windows_use_single_network\": true,\n \"type\": 597 \"calico\",\n \"mode\": \"vxlan\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n 598 \ \"nodename_file_optional\": true,\n \"log_file_path\": \"c:/cni.log\",\n 599 \ \"log_level\": \"debug\",\n\n \"vxlan_mac_prefix\": \"0E-2A\",\n 600 \ \"vxlan_vni\": 4096,\n \"mtu\": __CNI_MTU__,\n \"policy\": 601 {\n \"type\": \"k8s\"\n },\n\n \"log_level\": \"info\",\n\n 602 \ \"capabilities\": {\"dns\": true},\n \"DNS\": {\n \"Search\": 603 \ [\n \"svc.cluster.local\"\n ]\n },\n\n \"datastore_type\": 604 \"kubernetes\",\n\n \"kubernetes\": {\n \"kubeconfig\": \"__KUBECONFIG_FILEPATH__\"\n 605 \ },\n\n \"ipam\": {\n \"type\": \"calico-ipam\",\n 606 \ \"subnet\": \"usePodCidr\"\n },\n\n \"policies\": 607 \ [\n {\n \"Name\": \"EndpointPolicy\",\n \"Value\": 608 \ {\n \"Type\": \"OutBoundNAT\",\n \"ExceptionList\": 609 \ [\n \"__K8S_SERVICE_CIDR__\"\n ]\n }\n 610 \ },\n {\n \"Name\": \"EndpointPolicy\",\n 611 \ \"Value\": {\n \"Type\": \"SDNROUTE\",\n \"DestinationPrefix\": 612 \ \"__K8S_SERVICE_CIDR__\",\n \"NeedEncap\": true\n }\n 613 \ }\n ]\n }\n ]\n\n }\n---\napiVersion: apps/v1\nkind: 614 DaemonSet\nmetadata:\n name: calico-node-windows\n labels:\n tier: node\n 615 \ app: calico\n namespace: calico-system\nspec:\n selector:\n matchLabels:\n 616 \ app: calico\n template:\n metadata:\n labels:\n tier: node\n 617 \ app: calico\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n 618 \ nodeSelectorTerms:\n - matchExpressions:\n - 619 key: kubernetes.io/os\n operator: In\n values:\n 620 \ - windows\n - key: kubernetes.io/arch\n 621 \ operator: In\n values:\n - 622 amd64\n securityContext:\n windowsOptions:\n hostProcess: 623 true\n runAsUserName: \"NT AUTHORITY\\\\system\"\n hostNetwork: 624 true\n serviceAccountName: calico-node\n tolerations:\n - operator: 625 Exists\n effect: NoSchedule\n # Mark the pod as a critical add-on 626 for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n 627 \ - effect: NoExecute\n operator: Exists\n initContainers:\n # 628 This container installs the CNI binaries\n # and CNI network config file 629 on each node.\n - name: install-cni\n image: sigwindowstools/calico-install:v3.26.1-hostprocess\n 630 \ args: [\"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/install.ps1\"]\n 631 \ imagePullPolicy: Always\n env:\n # Name of the CNI 632 config file to create.\n - name: CNI_CONF_NAME\n value: 633 \"10-calico.conflist\"\n # The CNI network config to install on each 634 node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n 635 \ name: calico-config-windows\n key: cni_network_config\n 636 \ # Set the hostname based on the k8s node name.\n - name: 637 KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: 638 spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n 639 \ valueFrom:\n configMapKeyRef:\n name: 640 calico-config-windows\n key: veth_mtu\n # Prevents 641 the container from sleeping forever.\n - name: SLEEP\n value: 642 \"false\"\n - name: K8S_SERVICE_CIDR\n value: \"10.96.0.0/12\"\n 643 \ volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: 644 cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: 645 cni-net-dir\n - name: kubeadm-config\n mountPath: /etc/kubeadm-config/\n 646 \ securityContext:\n windowsOptions:\n hostProcess: 647 true\n runAsUserName: \"NT AUTHORITY\\\\system\"\n containers:\n 648 \ - name: calico-node-startup\n image: sigwindowstools/calico-node:v3.26.1-hostprocess\n 649 \ args: [\"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/node-service.ps1\"]\n 650 \ workingDir: \"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/\"\n imagePullPolicy: 651 Always\n volumeMounts:\n - name: calico-config-windows\n mountPath: 652 /etc/kube-calico-windows/\n env:\n - name: POD_NAME\n valueFrom:\n 653 \ fieldRef:\n apiVersion: v1\n fieldPath: 654 metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n 655 \ apiVersion: v1\n fieldPath: metadata.namespace\n - 656 name: CNI_IPAM_TYPE\n value: \"calico-ipam\"\n - name: CALICO_NETWORKING_BACKEND\n 657 \ value: \"vxlan\"\n - name: KUBECONFIG\n value: \"C:/etc/cni/net.d/calico-kubeconfig\"\n 658 \ - name: VXLAN_VNI\n value: \"4096\"\n - name: calico-node-felix\n 659 \ image: sigwindowstools/calico-node:v3.26.1-hostprocess\n args: 660 [\"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/felix-service.ps1\"]\n imagePullPolicy: 661 Always\n workingDir: \"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/\"\n volumeMounts:\n 662 \ - name: calico-config-windows\n mountPath: /etc/kube-calico-windows/\n 663 \ - name: calico-static-rules\n mountPath: /calico/static-rules.json\n 664 \ subPath: static-rules.json\n env:\n - name: POD_NAME\n 665 \ valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: 666 metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n 667 \ apiVersion: v1\n fieldPath: metadata.namespace\n - 668 name: VXLAN_VNI\n value: \"4096\"\n - name: KUBECONFIG\n value: 669 \"C:/etc/cni/net.d/calico-kubeconfig\"\n volumes:\n - name: calico-config-windows\n 670 \ configMap:\n name: calico-config-windows\n - name: calico-static-rules\n 671 \ configMap:\n name: calico-static-rules\n # Used to install 672 CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n 673 \ - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n 674 \ - name: kubeadm-config\n configMap:\n name: kubeadm-config\n---\napiVersion: 675 apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamconfigs.crd.projectcalico.org\nspec:\n 676 \ group: crd.projectcalico.org\n names:\n kind: IPAMConfig\n listKind: 677 IPAMConfigList\n plural: ipamconfigs\n singular: ipamconfig\n preserveUnknownFields: 678 false\n scope: Cluster\n versions:\n - name: v1\n schema:\n openAPIV3Schema:\n 679 \ properties:\n apiVersion:\n description: 'APIVersion 680 defines the versioned schema of this representation\n of an object. 681 Servers should convert recognized schemas to the latest\n internal 682 value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n 683 \ type: string\n kind:\n description: 'Kind is a 684 string value representing the REST resource this\n object represents. 685 Servers may infer this from the endpoint the client\n submits requests 686 to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n 687 \ type: string\n metadata:\n type: object\n spec:\n 688 \ description: IPAMConfigSpec contains the specification for an IPAMConfig\n 689 \ resource.\n properties:\n autoAllocateBlocks:\n 690 \ type: boolean\n maxBlocksPerHost:\n description: 691 MaxBlocksPerHost, if non-zero, is the max number of blocks\n that 692 can be affine to each host.\n maximum: 2147483647\n minimum: 693 0\n type: integer\n strictAffinity:\n type: 694 boolean\n required:\n - autoAllocateBlocks\n - 695 strictAffinity\n type: object\n type: object\n served: true\n 696 \ storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n 697 \ conditions: []\n storedVersions: []\n" 698 kind: ConfigMap 699 metadata: 700 annotations: 701 note: generated 702 labels: 703 type: generated 704 name: cni-${CLUSTER_NAME}-calico-windows 705 namespace: default 706 --- 707 apiVersion: v1 708 data: 709 csi-proxy: | 710 apiVersion: apps/v1 711 kind: DaemonSet 712 metadata: 713 labels: 714 k8s-app: csi-proxy 715 name: csi-proxy 716 namespace: kube-system 717 spec: 718 selector: 719 matchLabels: 720 k8s-app: csi-proxy 721 template: 722 metadata: 723 labels: 724 k8s-app: csi-proxy 725 spec: 726 nodeSelector: 727 "kubernetes.io/os": windows 728 securityContext: 729 windowsOptions: 730 hostProcess: true 731 runAsUserName: "NT AUTHORITY\\SYSTEM" 732 hostNetwork: true 733 containers: 734 - name: csi-proxy 735 image: ghcr.io/kubernetes-sigs/sig-windows/csi-proxy:v1.0.2 736 kind: ConfigMap 737 metadata: 738 annotations: 739 note: generated 740 labels: 741 type: generated 742 name: csi-proxy-addon 743 namespace: default 744 --- 745 apiVersion: v1 746 data: 747 containerd-windows-logger: | 748 apiVersion: apps/v1 749 kind: DaemonSet 750 metadata: 751 labels: 752 k8s-app: containerd-logger 753 name: containerd-logger 754 namespace: kube-system 755 spec: 756 selector: 757 matchLabels: 758 k8s-app: containerd-logger 759 template: 760 metadata: 761 labels: 762 k8s-app: containerd-logger 763 spec: 764 securityContext: 765 windowsOptions: 766 hostProcess: true 767 runAsUserName: "NT AUTHORITY\\system" 768 hostNetwork: true 769 containers: 770 - image: ghcr.io/kubernetes-sigs/sig-windows/eventflow-logger:v0.1.0 771 args: [ "config.json" ] 772 name: containerd-logger 773 imagePullPolicy: Always 774 volumeMounts: 775 - name: containerd-logger-config 776 mountPath: /config.json 777 subPath: config.json 778 nodeSelector: 779 kubernetes.io/os: windows 780 tolerations: 781 - key: CriticalAddonsOnly 782 operator: Exists 783 - operator: Exists 784 volumes: 785 - configMap: 786 name: containerd-logger-config 787 name: containerd-logger-config 788 updateStrategy: 789 type: RollingUpdate 790 --- 791 kind: ConfigMap 792 apiVersion: v1 793 metadata: 794 name: containerd-logger-config 795 namespace: kube-system 796 data: 797 config.json: | 798 { 799 "inputs": [ 800 { 801 "type": "ETW", 802 "sessionNamePrefix": "containerd", 803 "cleanupOldSessions": true, 804 "reuseExistingSession": true, 805 "providers": [ 806 { 807 "providerName": "Microsoft.Virtualization.RunHCS", 808 "providerGuid": "0B52781F-B24D-5685-DDF6-69830ED40EC3", 809 "level": "Verbose" 810 }, 811 { 812 "providerName": "ContainerD", 813 "providerGuid": "2acb92c0-eb9b-571a-69cf-8f3410f383ad", 814 "level": "Verbose" 815 } 816 ] 817 } 818 ], 819 "filters": [ 820 { 821 "type": "drop", 822 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == Stats && hasnoproperty error" 823 }, 824 { 825 "type": "drop", 826 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == hcsshim::LayerID && hasnoproperty error" 827 }, 828 { 829 "type": "drop", 830 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == hcsshim::NameToGuid && hasnoproperty error" 831 }, 832 { 833 "type": "drop", 834 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == containerd.task.v2.Task.Stats && hasnoproperty error" 835 }, 836 { 837 "type": "drop", 838 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == containerd.task.v2.Task.State && hasnoproperty error" 839 }, 840 { 841 "type": "drop", 842 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == HcsGetProcessProperties && hasnoproperty error" 843 }, 844 { 845 "type": "drop", 846 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == HcsGetComputeSystemProperties && hasnoproperty error" 847 } 848 ], 849 "outputs": [ 850 { 851 "type": "StdOutput" 852 } 853 ], 854 "schemaVersion": "2016-08-11" 855 } 856 kind: ConfigMap 857 metadata: 858 annotations: 859 note: generated 860 labels: 861 type: generated 862 name: containerd-logger-${CLUSTER_NAME} 863 namespace: default