sigs.k8s.io/cluster-api-provider-azure@v1.17.0/test/e2e/data/infrastructure-azure/v1.16.1/cluster-template-prow.yaml (about) 1 apiVersion: cluster.x-k8s.io/v1beta1 2 kind: Cluster 3 metadata: 4 labels: 5 cloud-provider: ${CLOUD_PROVIDER_AZURE_LABEL:=azure} 6 cni: calico 7 cni-windows: ${CLUSTER_NAME}-calico 8 containerd-logger: enabled 9 csi-proxy: enabled 10 name: ${CLUSTER_NAME} 11 namespace: default 12 spec: 13 clusterNetwork: 14 pods: 15 cidrBlocks: 16 - 192.168.0.0/16 17 controlPlaneRef: 18 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 19 kind: KubeadmControlPlane 20 name: ${CLUSTER_NAME}-control-plane 21 infrastructureRef: 22 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 23 kind: AzureCluster 24 name: ${CLUSTER_NAME} 25 --- 26 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 27 kind: AzureCluster 28 metadata: 29 name: ${CLUSTER_NAME} 30 namespace: default 31 spec: 32 additionalTags: 33 buildProvenance: ${BUILD_PROVENANCE} 34 creationTimestamp: ${TIMESTAMP} 35 jobName: ${JOB_NAME} 36 identityRef: 37 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 38 kind: AzureClusterIdentity 39 name: ${CLUSTER_IDENTITY_NAME} 40 location: ${AZURE_LOCATION} 41 networkSpec: 42 subnets: 43 - name: control-plane-subnet 44 role: control-plane 45 - name: node-subnet 46 role: node 47 vnet: 48 name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} 49 resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} 50 subscriptionID: ${AZURE_SUBSCRIPTION_ID} 51 --- 52 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 53 kind: KubeadmControlPlane 54 metadata: 55 name: ${CLUSTER_NAME}-control-plane 56 namespace: default 57 spec: 58 kubeadmConfigSpec: 59 clusterConfiguration: 60 apiServer: 61 extraArgs: 62 cloud-provider: external 63 feature-gates: ${K8S_FEATURE_GATES:-""} 64 timeoutForControlPlane: 20m 65 controllerManager: 66 extraArgs: 67 allocate-node-cidrs: "false" 68 cloud-provider: external 69 cluster-name: ${CLUSTER_NAME} 70 v: "4" 71 etcd: 72 local: 73 dataDir: /var/lib/etcddisk/etcd 74 extraArgs: 75 quota-backend-bytes: "8589934592" 76 diskSetup: 77 filesystems: 78 - device: /dev/disk/azure/scsi1/lun0 79 extraOpts: 80 - -E 81 - lazy_itable_init=1,lazy_journal_init=1 82 filesystem: ext4 83 label: etcd_disk 84 - device: ephemeral0.1 85 filesystem: ext4 86 label: ephemeral0 87 replaceFS: ntfs 88 partitions: 89 - device: /dev/disk/azure/scsi1/lun0 90 layout: true 91 overwrite: false 92 tableType: gpt 93 files: 94 - contentFrom: 95 secret: 96 key: control-plane-azure.json 97 name: ${CLUSTER_NAME}-control-plane-azure-json 98 owner: root:root 99 path: /etc/kubernetes/azure.json 100 permissions: "0644" 101 initConfiguration: 102 nodeRegistration: 103 kubeletExtraArgs: 104 cloud-provider: external 105 name: '{{ ds.meta_data["local_hostname"] }}' 106 joinConfiguration: 107 nodeRegistration: 108 kubeletExtraArgs: 109 cloud-provider: external 110 name: '{{ ds.meta_data["local_hostname"] }}' 111 mounts: 112 - - LABEL=etcd_disk 113 - /var/lib/etcddisk 114 postKubeadmCommands: [] 115 preKubeadmCommands: [] 116 machineTemplate: 117 infrastructureRef: 118 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 119 kind: AzureMachineTemplate 120 name: ${CLUSTER_NAME}-control-plane 121 replicas: ${CONTROL_PLANE_MACHINE_COUNT:=1} 122 version: ${KUBERNETES_VERSION} 123 --- 124 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 125 kind: AzureMachineTemplate 126 metadata: 127 name: ${CLUSTER_NAME}-control-plane 128 namespace: default 129 spec: 130 template: 131 spec: 132 dataDisks: 133 - diskSizeGB: 256 134 lun: 0 135 nameSuffix: etcddisk 136 identity: UserAssigned 137 osDisk: 138 diskSizeGB: 128 139 osType: Linux 140 sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} 141 userAssignedIdentities: 142 - providerID: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} 143 vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} 144 --- 145 apiVersion: cluster.x-k8s.io/v1beta1 146 kind: MachineDeployment 147 metadata: 148 name: ${CLUSTER_NAME}-md-0 149 namespace: default 150 spec: 151 clusterName: ${CLUSTER_NAME} 152 replicas: ${WORKER_MACHINE_COUNT:=2} 153 selector: {} 154 template: 155 metadata: 156 labels: 157 nodepool: pool1 158 spec: 159 bootstrap: 160 configRef: 161 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 162 kind: KubeadmConfigTemplate 163 name: ${CLUSTER_NAME}-md-0 164 clusterName: ${CLUSTER_NAME} 165 infrastructureRef: 166 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 167 kind: AzureMachineTemplate 168 name: ${CLUSTER_NAME}-md-0 169 version: ${KUBERNETES_VERSION} 170 --- 171 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 172 kind: AzureMachineTemplate 173 metadata: 174 name: ${CLUSTER_NAME}-md-0 175 namespace: default 176 spec: 177 template: 178 spec: 179 osDisk: 180 diskSizeGB: 128 181 osType: Linux 182 sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} 183 vmExtensions: 184 - name: CustomScript 185 protectedSettings: 186 commandToExecute: | 187 #!/bin/sh 188 echo "This script is a no-op used for extension testing purposes ..." 189 touch test_file 190 publisher: Microsoft.Azure.Extensions 191 version: "2.1" 192 vmSize: ${AZURE_NODE_MACHINE_TYPE} 193 --- 194 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 195 kind: KubeadmConfigTemplate 196 metadata: 197 name: ${CLUSTER_NAME}-md-0 198 namespace: default 199 spec: 200 template: 201 spec: 202 files: 203 - contentFrom: 204 secret: 205 key: worker-node-azure.json 206 name: ${CLUSTER_NAME}-md-0-azure-json 207 owner: root:root 208 path: /etc/kubernetes/azure.json 209 permissions: "0644" 210 joinConfiguration: 211 nodeRegistration: 212 kubeletExtraArgs: 213 cloud-provider: external 214 name: '{{ ds.meta_data["local_hostname"] }}' 215 preKubeadmCommands: [] 216 --- 217 apiVersion: cluster.x-k8s.io/v1beta1 218 kind: MachineDeployment 219 metadata: 220 name: ${CLUSTER_NAME}-md-win 221 namespace: default 222 spec: 223 clusterName: ${CLUSTER_NAME} 224 replicas: ${WINDOWS_WORKER_MACHINE_COUNT:-0} 225 selector: {} 226 template: 227 spec: 228 bootstrap: 229 configRef: 230 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 231 kind: KubeadmConfigTemplate 232 name: ${CLUSTER_NAME}-md-win 233 clusterName: ${CLUSTER_NAME} 234 infrastructureRef: 235 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 236 kind: AzureMachineTemplate 237 name: ${CLUSTER_NAME}-md-win 238 version: ${KUBERNETES_VERSION} 239 --- 240 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 241 kind: AzureMachineTemplate 242 metadata: 243 annotations: 244 runtime: containerd 245 name: ${CLUSTER_NAME}-md-win 246 namespace: default 247 spec: 248 template: 249 metadata: 250 annotations: 251 runtime: containerd 252 windowsServerVersion: ${WINDOWS_SERVER_VERSION:=""} 253 spec: 254 identity: UserAssigned 255 osDisk: 256 diskSizeGB: 128 257 managedDisk: 258 storageAccountType: Premium_LRS 259 osType: Windows 260 sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} 261 userAssignedIdentities: 262 - providerID: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} 263 vmSize: ${AZURE_NODE_MACHINE_TYPE} 264 --- 265 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 266 kind: KubeadmConfigTemplate 267 metadata: 268 name: ${CLUSTER_NAME}-md-win 269 namespace: default 270 spec: 271 template: 272 spec: 273 files: 274 - contentFrom: 275 secret: 276 key: worker-node-azure.json 277 name: ${CLUSTER_NAME}-md-win-azure-json 278 owner: root:root 279 path: c:/k/azure.json 280 permissions: "0644" 281 - content: |- 282 Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe 283 Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico-ipam.exe 284 path: C:/defender-exclude-calico.ps1 285 permissions: "0744" 286 - content: | 287 # /tmp is assumed created and required for upstream e2e tests to pass 288 New-Item -ItemType Directory -Force -Path C:\tmp\ 289 path: C:/create-temp-folder.ps1 290 permissions: "0744" 291 - content: | 292 $ErrorActionPreference = 'Stop' 293 294 $$CONTAINERD_URL="${WINDOWS_CONTAINERD_URL}" 295 if($$CONTAINERD_URL -ne ""){ 296 # Kubelet service depends on contianerd service so make a best effort attempt to stop it 297 Stop-Service kubelet -Force -ErrorAction SilentlyContinue 298 Stop-Service containerd -Force 299 echo "downloading containerd: $$CONTAINERD_URL" 300 curl.exe --retry 10 --retry-delay 5 -L "$$CONTAINERD_URL" --output "c:/k/containerd.tar.gz" 301 tar.exe -zxvf c:/k/containerd.tar.gz -C "c:/Program Files/containerd" --strip-components 1 302 303 Start-Service containerd 304 } 305 306 containerd.exe --version 307 containerd-shim-runhcs-v1.exe --version 308 path: C:/replace-containerd.ps1 309 permissions: "0744" 310 - content: | 311 mkdir -Force c:/localdumps 312 reg.exe add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps" /V DumpCount /t REG_DWORD /d 50 /f 313 reg.exe add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps" /V DumpType /t REG_DWORD /d 2 /f 314 reg.exe add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps" /V DumpFolder /t REG_EXPAND_SZ /d "c:/LocalDumps" /f 315 # Enable sftp so we can copy crash dump files during log collection of stfp 316 $sshd_config = "$env:ProgramData\ssh\sshd_config" 317 if (-not (Test-Path $sshd_config)) { mkdir -Force $sshd_config } 318 Add-Content -Path $sshd_config "Subsystem sftp sftp-server.exe" 319 sc.exe stop sshd 320 sc.exe start sshd 321 path: C:/collect-hns-crashes.ps1 322 permissions: "0744" 323 joinConfiguration: 324 nodeRegistration: 325 criSocket: npipe:////./pipe/containerd-containerd 326 kubeletExtraArgs: 327 cloud-provider: external 328 feature-gates: ${NODE_FEATURE_GATES:-""} 329 v: "2" 330 windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS 331 name: '{{ ds.meta_data["local_hostname"] }}' 332 postKubeadmCommands: 333 - nssm set kubelet start SERVICE_AUTO_START 334 - powershell C:/defender-exclude-calico.ps1 335 preKubeadmCommands: 336 - powershell C:/create-temp-folder.ps1 337 - powershell C:/replace-containerd.ps1 338 - powershell C:/collect-hns-crashes.ps1 339 users: 340 - groups: Administrators 341 name: capi 342 sshAuthorizedKeys: 343 - ${AZURE_SSH_PUBLIC_KEY:=""} 344 --- 345 apiVersion: cluster.x-k8s.io/v1beta1 346 kind: MachineHealthCheck 347 metadata: 348 name: ${CLUSTER_NAME}-mhc-0 349 namespace: default 350 spec: 351 clusterName: ${CLUSTER_NAME} 352 maxUnhealthy: 100% 353 selector: 354 matchLabels: 355 nodepool: pool1 356 unhealthyConditions: 357 - status: "True" 358 timeout: 30s 359 type: E2ENodeUnhealthy 360 --- 361 apiVersion: addons.cluster.x-k8s.io/v1beta1 362 kind: ClusterResourceSet 363 metadata: 364 name: ${CLUSTER_NAME}-calico-windows 365 namespace: default 366 spec: 367 clusterSelector: 368 matchLabels: 369 cni-windows: ${CLUSTER_NAME}-calico 370 resources: 371 - kind: ConfigMap 372 name: cni-${CLUSTER_NAME}-calico-windows 373 strategy: ApplyOnce 374 --- 375 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 376 kind: AzureClusterIdentity 377 metadata: 378 labels: 379 clusterctl.cluster.x-k8s.io/move-hierarchy: "true" 380 name: ${CLUSTER_IDENTITY_NAME} 381 namespace: default 382 spec: 383 allowedNamespaces: {} 384 clientID: ${AZURE_CLIENT_ID_CLOUD_PROVIDER} 385 resourceID: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} 386 tenantID: ${AZURE_TENANT_ID} 387 type: UserAssignedMSI 388 --- 389 apiVersion: addons.cluster.x-k8s.io/v1beta1 390 kind: ClusterResourceSet 391 metadata: 392 name: csi-proxy 393 namespace: default 394 spec: 395 clusterSelector: 396 matchLabels: 397 csi-proxy: enabled 398 resources: 399 - kind: ConfigMap 400 name: csi-proxy-addon 401 strategy: ApplyOnce 402 --- 403 apiVersion: addons.cluster.x-k8s.io/v1beta1 404 kind: ClusterResourceSet 405 metadata: 406 name: containerd-logger-${CLUSTER_NAME} 407 namespace: default 408 spec: 409 clusterSelector: 410 matchLabels: 411 containerd-logger: enabled 412 resources: 413 - kind: ConfigMap 414 name: containerd-logger-${CLUSTER_NAME} 415 strategy: ApplyOnce 416 --- 417 apiVersion: addons.cluster.x-k8s.io/v1alpha1 418 kind: HelmChartProxy 419 metadata: 420 name: calico 421 namespace: default 422 spec: 423 chartName: tigera-operator 424 clusterSelector: 425 matchLabels: 426 cni: calico 427 namespace: tigera-operator 428 releaseName: projectcalico 429 repoURL: https://docs.tigera.io/calico/charts 430 valuesTemplate: |- 431 installation: 432 cni: 433 type: Calico 434 calicoNetwork: 435 bgp: Disabled 436 mtu: 1350 437 ipPools: 438 ipPools:{{range $i, $cidr := .Cluster.spec.clusterNetwork.pods.cidrBlocks }} 439 - cidr: {{ $cidr }} 440 encapsulation: VXLAN{{end}} 441 registry: mcr.microsoft.com/oss 442 # Image and registry configuration for the tigera/operator pod. 443 tigeraOperator: 444 image: tigera/operator 445 registry: mcr.microsoft.com/oss 446 calicoctl: 447 image: mcr.microsoft.com/oss/calico/ctl 448 version: ${CALICO_VERSION} 449 --- 450 apiVersion: addons.cluster.x-k8s.io/v1alpha1 451 kind: HelmChartProxy 452 metadata: 453 name: azuredisk-csi-driver-chart 454 namespace: default 455 spec: 456 chartName: azuredisk-csi-driver 457 clusterSelector: 458 matchLabels: 459 azuredisk-csi: "true" 460 namespace: kube-system 461 releaseName: azuredisk-csi-driver-oot 462 repoURL: https://raw.githubusercontent.com/kubernetes-sigs/azuredisk-csi-driver/master/charts 463 valuesTemplate: |- 464 controller: 465 replicas: 1 466 runOnControlPlane: true 467 windows: 468 useHostProcessContainers: {{ hasKey .Cluster.metadata.labels "cni-windows" }} 469 --- 470 apiVersion: addons.cluster.x-k8s.io/v1alpha1 471 kind: HelmChartProxy 472 metadata: 473 name: cloud-provider-azure-chart 474 namespace: default 475 spec: 476 chartName: cloud-provider-azure 477 clusterSelector: 478 matchLabels: 479 cloud-provider: azure 480 releaseName: cloud-provider-azure-oot 481 repoURL: https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/helm/repo 482 valuesTemplate: | 483 infra: 484 clusterName: {{ .Cluster.metadata.name }} 485 cloudControllerManager: 486 clusterCIDR: {{ .Cluster.spec.clusterNetwork.pods.cidrBlocks | join "," }} 487 logVerbosity: 4 488 --- 489 apiVersion: addons.cluster.x-k8s.io/v1alpha1 490 kind: HelmChartProxy 491 metadata: 492 name: cloud-provider-azure-chart-ci 493 namespace: default 494 spec: 495 chartName: cloud-provider-azure 496 clusterSelector: 497 matchLabels: 498 cloud-provider: azure-ci 499 releaseName: cloud-provider-azure-oot 500 repoURL: https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/helm/repo 501 valuesTemplate: | 502 infra: 503 clusterName: {{ .Cluster.metadata.name }} 504 cloudControllerManager: 505 cloudConfig: ${CLOUD_CONFIG:-"/etc/kubernetes/azure.json"} 506 cloudConfigSecretName: ${CONFIG_SECRET_NAME:-""} 507 clusterCIDR: {{ .Cluster.spec.clusterNetwork.pods.cidrBlocks | join "," }} 508 imageName: "${CCM_IMAGE_NAME:-""}" 509 imageRepository: "${IMAGE_REGISTRY:-""}" 510 imageTag: "${IMAGE_TAG_CCM:-""}" 511 logVerbosity: ${CCM_LOG_VERBOSITY:-4} 512 replicas: ${CCM_COUNT:-1} 513 enableDynamicReloading: ${ENABLE_DYNAMIC_RELOADING:-false} 514 cloudNodeManager: 515 imageName: "${CNM_IMAGE_NAME:-""}" 516 imageRepository: "${IMAGE_REGISTRY:-""}" 517 imageTag: "${IMAGE_TAG_CNM:-""}" 518 --- 519 apiVersion: v1 520 data: 521 proxy: | 522 apiVersion: apps/v1 523 kind: DaemonSet 524 metadata: 525 labels: 526 k8s-app: kube-proxy 527 name: kube-proxy-windows 528 namespace: kube-system 529 spec: 530 selector: 531 matchLabels: 532 k8s-app: kube-proxy-windows 533 template: 534 metadata: 535 labels: 536 k8s-app: kube-proxy-windows 537 spec: 538 serviceAccountName: kube-proxy 539 securityContext: 540 windowsOptions: 541 hostProcess: true 542 runAsUserName: "NT AUTHORITY\\system" 543 hostNetwork: true 544 containers: 545 - image: sigwindowstools/kube-proxy:${KUBERNETES_VERSION/+/_}-calico-hostprocess 546 args: ["$env:CONTAINER_SANDBOX_MOUNT_POINT/kube-proxy/start.ps1"] 547 workingDir: "$env:CONTAINER_SANDBOX_MOUNT_POINT/kube-proxy/" 548 name: kube-proxy 549 env: 550 - name: NODE_NAME 551 valueFrom: 552 fieldRef: 553 apiVersion: v1 554 fieldPath: spec.nodeName 555 - name: POD_IP 556 valueFrom: 557 fieldRef: 558 fieldPath: status.podIP 559 - name: KUBEPROXY_PATH 560 valueFrom: 561 configMapKeyRef: 562 name: windows-kubeproxy-ci 563 key: KUBEPROXY_PATH 564 optional: true 565 volumeMounts: 566 - mountPath: /var/lib/kube-proxy 567 name: kube-proxy 568 nodeSelector: 569 kubernetes.io/os: windows 570 tolerations: 571 - key: CriticalAddonsOnly 572 operator: Exists 573 - operator: Exists 574 volumes: 575 - configMap: 576 name: kube-proxy 577 name: kube-proxy 578 updateStrategy: 579 type: RollingUpdate 580 windows-cni: "# strictAffinity required for windows\napiVersion: crd.projectcalico.org/v1\nkind: 581 IPAMConfig\nmetadata:\n name: default\nspec:\n autoAllocateBlocks: true\n strictAffinity: 582 true\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-static-rules\n 583 \ namespace: calico-system\n labels:\n tier: node\n app: calico\ndata:\n 584 \ static-rules.json: |\n {\n \"Provider\": \"azure\",\n \"Version\": 585 \"0.1\",\n \"Rules\": [\n {\n \"Name\": \"EndpointPolicy\",\n 586 \ \"Rule\": {\n \"Id\": \"wireserver\",\n \"Type\": 587 \"ACL\",\n \"Protocol\": 6,\n \"Action\": \"Block\",\n 588 \ \"Direction\": \"Out\",\n \"RemoteAddresses\": \"168.63.129.16/32\",\n 589 \ \"RemotePorts\": \"80\",\n \"Priority\": 200,\n \"RuleType\": 590 \"Switch\"\n }\n }\n ]\n } \n---\nkind: ConfigMap\napiVersion: 591 v1\nmetadata:\n name: calico-config-windows\n namespace: calico-system\n labels:\n 592 \ tier: node\n app: calico\ndata:\n veth_mtu: \"1350\"\n \n cni_network_config: 593 |\n {\n \"name\": \"Calico\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": 594 [\n {\n \"windows_use_single_network\": true,\n \"type\": 595 \"calico\",\n \"mode\": \"vxlan\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n 596 \ \"nodename_file_optional\": true,\n \"log_file_path\": \"c:/cni.log\",\n 597 \ \"log_level\": \"debug\",\n\n \"vxlan_mac_prefix\": \"0E-2A\",\n 598 \ \"vxlan_vni\": 4096,\n \"mtu\": __CNI_MTU__,\n \"policy\": 599 {\n \"type\": \"k8s\"\n },\n\n \"log_level\": \"info\",\n\n 600 \ \"capabilities\": {\"dns\": true},\n \"DNS\": {\n \"Search\": 601 \ [\n \"svc.cluster.local\"\n ]\n },\n\n \"datastore_type\": 602 \"kubernetes\",\n\n \"kubernetes\": {\n \"kubeconfig\": \"__KUBECONFIG_FILEPATH__\"\n 603 \ },\n\n \"ipam\": {\n \"type\": \"calico-ipam\",\n 604 \ \"subnet\": \"usePodCidr\"\n },\n\n \"policies\": 605 \ [\n {\n \"Name\": \"EndpointPolicy\",\n \"Value\": 606 \ {\n \"Type\": \"OutBoundNAT\",\n \"ExceptionList\": 607 \ [\n \"__K8S_SERVICE_CIDR__\"\n ]\n }\n 608 \ },\n {\n \"Name\": \"EndpointPolicy\",\n 609 \ \"Value\": {\n \"Type\": \"SDNROUTE\",\n \"DestinationPrefix\": 610 \ \"__K8S_SERVICE_CIDR__\",\n \"NeedEncap\": true\n }\n 611 \ }\n ]\n }\n ]\n\n }\n---\napiVersion: apps/v1\nkind: 612 DaemonSet\nmetadata:\n name: calico-node-windows\n labels:\n tier: node\n 613 \ app: calico\n namespace: calico-system\nspec:\n selector:\n matchLabels:\n 614 \ app: calico\n template:\n metadata:\n labels:\n tier: node\n 615 \ app: calico\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n 616 \ nodeSelectorTerms:\n - matchExpressions:\n - 617 key: kubernetes.io/os\n operator: In\n values:\n 618 \ - windows\n - key: kubernetes.io/arch\n 619 \ operator: In\n values:\n - 620 amd64\n securityContext:\n windowsOptions:\n hostProcess: 621 true\n runAsUserName: \"NT AUTHORITY\\\\system\"\n hostNetwork: 622 true\n serviceAccountName: calico-node\n tolerations:\n - operator: 623 Exists\n effect: NoSchedule\n # Mark the pod as a critical add-on 624 for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n 625 \ - effect: NoExecute\n operator: Exists\n initContainers:\n # 626 This container installs the CNI binaries\n # and CNI network config file 627 on each node.\n - name: install-cni\n image: sigwindowstools/calico-install:v3.26.1-hostprocess\n 628 \ args: [\"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/install.ps1\"]\n 629 \ imagePullPolicy: Always\n env:\n # Name of the CNI 630 config file to create.\n - name: CNI_CONF_NAME\n value: 631 \"10-calico.conflist\"\n # The CNI network config to install on each 632 node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n 633 \ name: calico-config-windows\n key: cni_network_config\n 634 \ # Set the hostname based on the k8s node name.\n - name: 635 KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: 636 spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n 637 \ valueFrom:\n configMapKeyRef:\n name: 638 calico-config-windows\n key: veth_mtu\n # Prevents 639 the container from sleeping forever.\n - name: SLEEP\n value: 640 \"false\"\n - name: K8S_SERVICE_CIDR\n value: \"10.96.0.0/12\"\n 641 \ volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: 642 cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: 643 cni-net-dir\n - name: kubeadm-config\n mountPath: /etc/kubeadm-config/\n 644 \ securityContext:\n windowsOptions:\n hostProcess: 645 true\n runAsUserName: \"NT AUTHORITY\\\\system\"\n containers:\n 646 \ - name: calico-node-startup\n image: sigwindowstools/calico-node:v3.26.1-hostprocess\n 647 \ args: [\"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/node-service.ps1\"]\n 648 \ workingDir: \"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/\"\n imagePullPolicy: 649 Always\n volumeMounts:\n - name: calico-config-windows\n mountPath: 650 /etc/kube-calico-windows/\n env:\n - name: POD_NAME\n valueFrom:\n 651 \ fieldRef:\n apiVersion: v1\n fieldPath: 652 metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n 653 \ apiVersion: v1\n fieldPath: metadata.namespace\n - 654 name: CNI_IPAM_TYPE\n value: \"calico-ipam\"\n - name: CALICO_NETWORKING_BACKEND\n 655 \ value: \"vxlan\"\n - name: KUBECONFIG\n value: \"C:/etc/cni/net.d/calico-kubeconfig\"\n 656 \ - name: VXLAN_VNI\n value: \"4096\"\n - name: calico-node-felix\n 657 \ image: sigwindowstools/calico-node:v3.26.1-hostprocess\n args: 658 [\"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/felix-service.ps1\"]\n imagePullPolicy: 659 Always\n workingDir: \"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/\"\n volumeMounts:\n 660 \ - name: calico-config-windows\n mountPath: /etc/kube-calico-windows/\n 661 \ - name: calico-static-rules\n mountPath: /calico/static-rules.json\n 662 \ subPath: static-rules.json\n env:\n - name: POD_NAME\n 663 \ valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: 664 metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n 665 \ apiVersion: v1\n fieldPath: metadata.namespace\n - 666 name: VXLAN_VNI\n value: \"4096\"\n - name: KUBECONFIG\n value: 667 \"C:/etc/cni/net.d/calico-kubeconfig\"\n volumes:\n - name: calico-config-windows\n 668 \ configMap:\n name: calico-config-windows\n - name: calico-static-rules\n 669 \ configMap:\n name: calico-static-rules\n # Used to install 670 CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n 671 \ - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n 672 \ - name: kubeadm-config\n configMap:\n name: kubeadm-config\n---\napiVersion: 673 apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamconfigs.crd.projectcalico.org\nspec:\n 674 \ group: crd.projectcalico.org\n names:\n kind: IPAMConfig\n listKind: 675 IPAMConfigList\n plural: ipamconfigs\n singular: ipamconfig\n preserveUnknownFields: 676 false\n scope: Cluster\n versions:\n - name: v1\n schema:\n openAPIV3Schema:\n 677 \ properties:\n apiVersion:\n description: 'APIVersion 678 defines the versioned schema of this representation\n of an object. 679 Servers should convert recognized schemas to the latest\n internal 680 value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n 681 \ type: string\n kind:\n description: 'Kind is a 682 string value representing the REST resource this\n object represents. 683 Servers may infer this from the endpoint the client\n submits requests 684 to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n 685 \ type: string\n metadata:\n type: object\n spec:\n 686 \ description: IPAMConfigSpec contains the specification for an IPAMConfig\n 687 \ resource.\n properties:\n autoAllocateBlocks:\n 688 \ type: boolean\n maxBlocksPerHost:\n description: 689 MaxBlocksPerHost, if non-zero, is the max number of blocks\n that 690 can be affine to each host.\n maximum: 2147483647\n minimum: 691 0\n type: integer\n strictAffinity:\n type: 692 boolean\n required:\n - autoAllocateBlocks\n - 693 strictAffinity\n type: object\n type: object\n served: true\n 694 \ storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n 695 \ conditions: []\n storedVersions: []\n" 696 kind: ConfigMap 697 metadata: 698 annotations: 699 note: generated 700 labels: 701 type: generated 702 name: cni-${CLUSTER_NAME}-calico-windows 703 namespace: default 704 --- 705 apiVersion: v1 706 data: 707 csi-proxy: | 708 apiVersion: apps/v1 709 kind: DaemonSet 710 metadata: 711 labels: 712 k8s-app: csi-proxy 713 name: csi-proxy 714 namespace: kube-system 715 spec: 716 selector: 717 matchLabels: 718 k8s-app: csi-proxy 719 template: 720 metadata: 721 labels: 722 k8s-app: csi-proxy 723 spec: 724 nodeSelector: 725 "kubernetes.io/os": windows 726 securityContext: 727 windowsOptions: 728 hostProcess: true 729 runAsUserName: "NT AUTHORITY\\SYSTEM" 730 hostNetwork: true 731 containers: 732 - name: csi-proxy 733 image: ghcr.io/kubernetes-sigs/sig-windows/csi-proxy:v1.0.2 734 kind: ConfigMap 735 metadata: 736 annotations: 737 note: generated 738 labels: 739 type: generated 740 name: csi-proxy-addon 741 namespace: default 742 --- 743 apiVersion: v1 744 data: 745 containerd-windows-logger: | 746 apiVersion: apps/v1 747 kind: DaemonSet 748 metadata: 749 labels: 750 k8s-app: containerd-logger 751 name: containerd-logger 752 namespace: kube-system 753 spec: 754 selector: 755 matchLabels: 756 k8s-app: containerd-logger 757 template: 758 metadata: 759 labels: 760 k8s-app: containerd-logger 761 spec: 762 securityContext: 763 windowsOptions: 764 hostProcess: true 765 runAsUserName: "NT AUTHORITY\\system" 766 hostNetwork: true 767 containers: 768 - image: ghcr.io/kubernetes-sigs/sig-windows/eventflow-logger:v0.1.0 769 args: [ "config.json" ] 770 name: containerd-logger 771 imagePullPolicy: Always 772 volumeMounts: 773 - name: containerd-logger-config 774 mountPath: /config.json 775 subPath: config.json 776 nodeSelector: 777 kubernetes.io/os: windows 778 tolerations: 779 - key: CriticalAddonsOnly 780 operator: Exists 781 - operator: Exists 782 volumes: 783 - configMap: 784 name: containerd-logger-config 785 name: containerd-logger-config 786 updateStrategy: 787 type: RollingUpdate 788 --- 789 kind: ConfigMap 790 apiVersion: v1 791 metadata: 792 name: containerd-logger-config 793 namespace: kube-system 794 data: 795 config.json: | 796 { 797 "inputs": [ 798 { 799 "type": "ETW", 800 "sessionNamePrefix": "containerd", 801 "cleanupOldSessions": true, 802 "reuseExistingSession": true, 803 "providers": [ 804 { 805 "providerName": "Microsoft.Virtualization.RunHCS", 806 "providerGuid": "0B52781F-B24D-5685-DDF6-69830ED40EC3", 807 "level": "Verbose" 808 }, 809 { 810 "providerName": "ContainerD", 811 "providerGuid": "2acb92c0-eb9b-571a-69cf-8f3410f383ad", 812 "level": "Verbose" 813 } 814 ] 815 } 816 ], 817 "filters": [ 818 { 819 "type": "drop", 820 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == Stats && hasnoproperty error" 821 }, 822 { 823 "type": "drop", 824 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == hcsshim::LayerID && hasnoproperty error" 825 }, 826 { 827 "type": "drop", 828 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == hcsshim::NameToGuid && hasnoproperty error" 829 }, 830 { 831 "type": "drop", 832 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == containerd.task.v2.Task.Stats && hasnoproperty error" 833 }, 834 { 835 "type": "drop", 836 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == containerd.task.v2.Task.State && hasnoproperty error" 837 }, 838 { 839 "type": "drop", 840 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == HcsGetProcessProperties && hasnoproperty error" 841 }, 842 { 843 "type": "drop", 844 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == HcsGetComputeSystemProperties && hasnoproperty error" 845 } 846 ], 847 "outputs": [ 848 { 849 "type": "StdOutput" 850 } 851 ], 852 "schemaVersion": "2016-08-11" 853 } 854 kind: ConfigMap 855 metadata: 856 annotations: 857 note: generated 858 labels: 859 type: generated 860 name: containerd-logger-${CLUSTER_NAME} 861 namespace: default