diff --git a/charts/cluster-api-runtime-extensions-nutanix/defaultclusterclasses/nutanix-cluster-class.yaml b/charts/cluster-api-runtime-extensions-nutanix/defaultclusterclasses/nutanix-cluster-class.yaml new file mode 100644 index 000000000..58e511c35 --- /dev/null +++ b/charts/cluster-api-runtime-extensions-nutanix/defaultclusterclasses/nutanix-cluster-class.yaml @@ -0,0 +1,305 @@ +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: nutanix-quick-start-kcfg-0 +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + eviction-hard: nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<15%,memory.available<100Mi,imagefs.inodesFree<10% + tls-cipher-suites: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + postKubeadmCommands: + - echo "after kubeadm call" > /var/log/postkubeadm.log + preKubeadmCommands: + - echo "before kubeadm call" > /var/log/prekubeadm.log + - hostnamectl set-hostname "{{ ds.meta_data.hostname }}" + verbosity: 10 +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: nutanix-quick-start +spec: + controlPlane: + machineHealthCheck: + maxUnhealthy: 40% + nodeStartupTimeout: 10m + unhealthyConditions: + - status: "False" + timeout: 300s + type: Ready + - status: Unknown + timeout: 300s + type: Ready + - status: "True" + timeout: 300s + type: MemoryPressure + - status: "True" + timeout: 300s + type: DiskPressure + - status: "True" + timeout: 300s + type: PIDPressure + - status: "True" + timeout: 300s + type: NetworkUnavailable + machineInfrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: NutanixMachineTemplate + name: nutanix-quick-start-cp-nmt + ref: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + name: nutanix-quick-start-kcpt + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: NutanixClusterTemplate + name: nutanix-quick-start-nct + patches: + - external: + discoverVariablesExtension: nutanixclusterconfigvars.cluster-api-runtime-extensions-nutanix + generateExtension: nutanixclusterconfigpatch.cluster-api-runtime-extensions-nutanix + name: cluster-config + - external: + discoverVariablesExtension: nutanixworkerconfigvars.cluster-api-runtime-extensions-nutanix + generateExtension: nutanixworkerconfigpatch.cluster-api-runtime-extensions-nutanix + name: worker-config + workers: + machineDeployments: + - class: nutanix-quick-start-worker + machineHealthCheck: + maxUnhealthy: 40% + nodeStartupTimeout: 10m + unhealthyConditions: + - status: "False" + timeout: 300s + type: Ready + - status: Unknown + timeout: 300s + type: Ready + - status: "True" + timeout: 300s + type: MemoryPressure + - status: "True" + timeout: 300s + type: DiskPressure + - status: "True" + timeout: 300s + type: PIDPressure + - status: "True" + timeout: 300s + type: NetworkUnavailable + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: nutanix-quick-start-kcfg-0 + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: NutanixMachineTemplate + name: nutanix-quick-start-md-nmt +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlaneTemplate +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: nutanix-quick-start-kcpt +spec: + template: + spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + certSANs: + - localhost + - 127.0.0.1 + - 0.0.0.0 + extraArgs: + cloud-provider: external + tls-cipher-suites: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + controllerManager: + extraArgs: + cloud-provider: external + tls-cipher-suites: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + scheduler: + extraArgs: + tls-cipher-suites: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + files: + - content: | + apiVersion: v1 + kind: Pod + metadata: + name: kube-vip + namespace: kube-system + spec: + containers: + - name: kube-vip + image: ghcr.io/kube-vip/kube-vip:v0.6.4 + imagePullPolicy: IfNotPresent + args: + - manager + env: + - name: vip_arp + value: "true" + - name: address + value: "${CONTROL_PLANE_ENDPOINT_IP}" + - name: port + value: "${CONTROL_PLANE_ENDPOINT_PORT=6443}" + - name: vip_cidr + value: "32" + - name: cp_enable + value: "true" + - name: cp_namespace + value: kube-system + - name: vip_ddns + value: "false" + - name: vip_leaderelection + value: "true" + - name: vip_leaseduration + value: "15" + - name: vip_renewdeadline + value: "10" + - name: vip_retryperiod + value: "2" + - name: svc_enable + value: "${KUBEVIP_SVC_ENABLE=false}" + - name: lb_enable + value: "${KUBEVIP_LB_ENABLE=false}" + - name: enableServicesElection + value: "${KUBEVIP_SVC_ELECTION=false}" + securityContext: + capabilities: + add: + - NET_ADMIN + - SYS_TIME + - NET_RAW + volumeMounts: + - mountPath: /etc/kubernetes/admin.conf + name: kubeconfig + resources: {} + hostNetwork: true + hostAliases: + - hostnames: + - kubernetes + ip: 127.0.0.1 + volumes: + - name: kubeconfig + hostPath: + type: FileOrCreate + path: /etc/kubernetes/admin.conf + status: {} + owner: root:root + path: /etc/kubernetes/manifests/kube-vip.yaml + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + eviction-hard: nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<15%,memory.available<100Mi,imagefs.inodesFree<10% + tls-cipher-suites: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + eviction-hard: nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<15%,memory.available<100Mi,imagefs.inodesFree<10% + tls-cipher-suites: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + postKubeadmCommands: + - echo export KUBECONFIG=/etc/kubernetes/admin.conf >> /root/.bashrc + - | + KUBERNETES_VERSION_NO_V=${KUBERNETES_VERSION#v} + VERSION_TO_COMPARE=1.29.0 + if [ "$(printf '%s\n' "$KUBERNETES_VERSION_NO_V" "$VERSION_TO_COMPARE" | sort -V | head -n1)" != "$KUBERNETES_VERSION_NO_V" ]; then + if [ -f /run/kubeadm/kubeadm.yaml ]; then + sed -i 's#path: /etc/kubernetes/super-admin.conf#path: /etc/kubernetes/admin.conf#' /etc/kubernetes/manifests/kube-vip.yaml; + fi + fi + - echo "after kubeadm call" > /var/log/postkubeadm.log + preKubeadmCommands: + - echo "before kubeadm call" > /var/log/prekubeadm.log + - hostnamectl set-hostname "{{ ds.meta_data.hostname }}" + - echo "::1 ipv6-localhost ipv6-loopback" >/etc/hosts + - echo "127.0.0.1 localhost" >>/etc/hosts + - echo "127.0.0.1 kubernetes" >>/etc/hosts + - echo "127.0.0.1 {{ ds.meta_data.hostname }}" >> /etc/hosts + - | + KUBERNETES_VERSION_NO_V=${KUBERNETES_VERSION#v} + VERSION_TO_COMPARE=1.29.0 + if [ "$(printf '%s\n' "$KUBERNETES_VERSION_NO_V" "$VERSION_TO_COMPARE" | sort -V | head -n1)" != "$KUBERNETES_VERSION_NO_V" ]; then + if [ -f /run/kubeadm/kubeadm.yaml ]; then + sed -i 's#path: /etc/kubernetes/admin.conf#path: /etc/kubernetes/super-admin.conf#' /etc/kubernetes/manifests/kube-vip.yaml; + fi + fi + useExperimentalRetryJoin: true + verbosity: 10 +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: NutanixClusterTemplate +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: nutanix-quick-start-nct +spec: + template: + spec: + failureDomains: [] +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: NutanixMachineTemplate +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: nutanix-quick-start-cp-nmt +spec: + template: + spec: + bootType: legacy + cluster: + name: "" + type: name + image: + name: "" + type: name + memorySize: 4Gi + providerID: nutanix://vm-uuid + subnet: + - name: "" + type: name + systemDiskSize: 40Gi + vcpuSockets: 2 + vcpusPerSocket: 1 +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: NutanixMachineTemplate +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: nutanix-quick-start-md-nmt +spec: + template: + spec: + bootType: legacy + cluster: + name: "" + type: name + image: + name: "" + type: name + memorySize: 4Gi + providerID: nutanix://vm-uuid + subnet: + - name: "" + type: name + systemDiskSize: 40Gi + vcpuSockets: 2 + vcpusPerSocket: 1 diff --git a/examples/capi-quick-start/nutanix-cluster-calico-crs.yaml b/examples/capi-quick-start/nutanix-cluster-calico-crs.yaml new file mode 100644 index 000000000..36688ac95 --- /dev/null +++ b/examples/capi-quick-start/nutanix-cluster-calico-crs.yaml @@ -0,0 +1,384 @@ +apiVersion: v1 +binaryData: + ca.crt: ${NUTANIX_ADDITIONAL_TRUST_BUNDLE=""} +kind: ConfigMap +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: ${CLUSTER_NAME}-pc-trusted-ca-bundle +--- +apiVersion: v1 +data: + nutanix-ccm.yaml: | + --- + apiVersion: v1 + kind: ConfigMap + metadata: + name: nutanix-ccm-pc-trusted-ca-bundle + namespace: kube-system + binaryData: + ca.crt: ${NUTANIX_ADDITIONAL_TRUST_BUNDLE=""} + --- + # Source: nutanix-cloud-provider/templates/rbac.yaml + apiVersion: v1 + kind: ServiceAccount + metadata: + name: cloud-controller-manager + namespace: kube-system + --- + # Source: nutanix-cloud-provider/templates/cm.yaml + kind: ConfigMap + apiVersion: v1 + metadata: + name: nutanix-config + namespace: kube-system + data: + nutanix_config.json: |- + { + "prismCentral": { + "address": "${NUTANIX_ENDPOINT}", + "port": ${NUTANIX_PORT=9440}, + "insecure": ${NUTANIX_INSECURE=false}, + "credentialRef": { + "kind": "secret", + "name": "nutanix-creds", + "namespace": "kube-system" + }, + "additionalTrustBundle": { + "kind": "ConfigMap", + "name": "nutanix-ccm-pc-trusted-ca-bundle", + "namespace": "kube-system" + } + }, + "enableCustomLabeling": ${CCM_CUSTOM_LABEL=false}, + "topologyDiscovery": { + "type": "Prism" + } + } + --- + # Source: nutanix-cloud-provider/templates/rbac.yaml + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + name: system:cloud-controller-manager + rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update + - apiGroups: + - "" + resources: + - nodes + verbs: + - "*" + - apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - list + - watch + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + --- + # Source: nutanix-cloud-provider/templates/rbac.yaml + kind: ClusterRoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: system:cloud-controller-manager + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager + subjects: + - kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system + --- + # Source: nutanix-cloud-provider/templates/cloud-provider-nutanix-deployment.yaml + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + k8s-app: nutanix-cloud-controller-manager + name: nutanix-cloud-controller-manager + namespace: kube-system + spec: + replicas: 1 + selector: + matchLabels: + k8s-app: nutanix-cloud-controller-manager + strategy: + type: Recreate + template: + metadata: + labels: + k8s-app: nutanix-cloud-controller-manager + spec: + hostNetwork: true + priorityClassName: system-cluster-critical + nodeSelector: + node-role.kubernetes.io/control-plane: "" + serviceAccountName: cloud-controller-manager + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + k8s-app: nutanix-cloud-controller-manager + topologyKey: kubernetes.io/hostname + dnsPolicy: Default + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 120 + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 120 + - effect: NoSchedule + key: node.cloudprovider.kubernetes.io/uninitialized + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists + containers: + - image: "${CCM_REPO=ghcr.io/nutanix-cloud-native/cloud-provider-nutanix/controller}:${CCM_TAG=v0.3.2}" + imagePullPolicy: IfNotPresent + name: nutanix-cloud-controller-manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: + - "--leader-elect=true" + - "--cloud-config=/etc/cloud/nutanix_config.json" + resources: + requests: + cpu: 100m + memory: 50Mi + volumeMounts: + - mountPath: /etc/cloud + name: nutanix-config-volume + readOnly: true + volumes: + - name: nutanix-config-volume + configMap: + name: nutanix-config +kind: ConfigMap +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: nutanix-ccm +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: ${CLUSTER_NAME}-pc-creds +stringData: + credentials: | + [ + { + "type": "basic_auth", + "data": { + "prismCentral":{ + "username": "${NUTANIX_USER}", + "password": "${NUTANIX_PASSWORD}" + } + } + } + ] +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: nutanix-ccm-secret +stringData: + nutanix-ccm-secret.yaml: | + apiVersion: v1 + kind: Secret + metadata: + name: nutanix-creds + namespace: kube-system + stringData: + credentials: | + [ + { + "type": "basic_auth", + "data": { + "prismCentral":{ + "username": "${NUTANIX_USER}", + "password": "${NUTANIX_PASSWORD}" + }, + "prismElements": null + } + } + ] +type: addons.cluster.x-k8s.io/resource-set +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: nutanix-ccm-crs +spec: + clusterSelector: + matchLabels: + ccm: nutanix + resources: + - kind: ConfigMap + name: nutanix-ccm + - kind: Secret + name: nutanix-ccm-secret + - kind: ConfigMap + name: nutanix-ccm-pc-trusted-ca-bundle + strategy: ApplyOnce +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + ccm: nutanix + cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} + cluster.x-k8s.io/provider: nutanix + name: ${CLUSTER_NAME} +spec: + clusterNetwork: + pods: + cidrBlocks: + - ${POD_CIDR:-192.168.0.0/16} + serviceDomain: ${SERVICE_DOMAIN:="cluster.local"} + services: + cidrBlocks: + - ${SERVICE_CIDR:-10.128.0.0/12} + topology: + class: nutanix-quick-start + controlPlane: + metadata: {} + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + variables: + - name: clusterConfig + value: + addons: + clusterAutoscaler: + strategy: ClusterResourceSet + cni: + provider: Calico + strategy: ClusterResourceSet + nfd: + strategy: ClusterResourceSet + controlPlane: + nutanix: + machineDetails: + bootType: legacy + cluster: + name: ${NUTANIX_PRISM_ELEMENT_CLUSTER_NAME} + type: name + image: + name: ${NUTANIX_MACHINE_TEMPLATE_IMAGE_NAME} + type: name + memorySize: 4Gi + subnet: + - name: ${NUTANIX_SUBNET_NAME} + type: name + systemDiskSize: 40Gi + vcpuSockets: 2 + vcpusPerSocket: 1 + nutanix: + controlPlaneEndpoint: + host: ${CONTROL_PLANE_ENDPOINT_IP} + port: ${CONTROL_PLANE_ENDPOINT_PORT} + prismCentralEndpoint: + additionalTrustBundle: ${CLUSTER_NAME}-pc-trusted-ca-bundle + credentialSecret: ${CLUSTER_NAME}-pc-creds + host: ${NUTANIX_ENDPOINT} + insecure: ${NUTANIX_INSECURE} + port: 9440 + - name: workerConfig + value: + nutanix: + machineDetails: + bootType: legacy + cluster: + name: ${NUTANIX_PRISM_ELEMENT_CLUSTER_NAME} + type: name + image: + name: ${NUTANIX_MACHINE_TEMPLATE_IMAGE_NAME} + type: name + memorySize: 4Gi + subnet: + - name: ${NUTANIX_SUBNET_NAME} + type: name + systemDiskSize: 40Gi + vcpuSockets: 2 + vcpusPerSocket: 1 + version: ${KUBERNETES_VERSION} + workers: + machineDeployments: + - class: nutanix-quick-start-worker + metadata: + annotations: + cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "${WORKER_MACHINE_COUNT}" + cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "${WORKER_MACHINE_COUNT}" + name: md-0 diff --git a/examples/capi-quick-start/nutanix-cluster-calico-helm-addon.yaml b/examples/capi-quick-start/nutanix-cluster-calico-helm-addon.yaml new file mode 100644 index 000000000..19cb1961a --- /dev/null +++ b/examples/capi-quick-start/nutanix-cluster-calico-helm-addon.yaml @@ -0,0 +1,384 @@ +apiVersion: v1 +binaryData: + ca.crt: ${NUTANIX_ADDITIONAL_TRUST_BUNDLE=""} +kind: ConfigMap +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: ${CLUSTER_NAME}-pc-trusted-ca-bundle +--- +apiVersion: v1 +data: + nutanix-ccm.yaml: | + --- + apiVersion: v1 + kind: ConfigMap + metadata: + name: nutanix-ccm-pc-trusted-ca-bundle + namespace: kube-system + binaryData: + ca.crt: ${NUTANIX_ADDITIONAL_TRUST_BUNDLE=""} + --- + # Source: nutanix-cloud-provider/templates/rbac.yaml + apiVersion: v1 + kind: ServiceAccount + metadata: + name: cloud-controller-manager + namespace: kube-system + --- + # Source: nutanix-cloud-provider/templates/cm.yaml + kind: ConfigMap + apiVersion: v1 + metadata: + name: nutanix-config + namespace: kube-system + data: + nutanix_config.json: |- + { + "prismCentral": { + "address": "${NUTANIX_ENDPOINT}", + "port": ${NUTANIX_PORT=9440}, + "insecure": ${NUTANIX_INSECURE=false}, + "credentialRef": { + "kind": "secret", + "name": "nutanix-creds", + "namespace": "kube-system" + }, + "additionalTrustBundle": { + "kind": "ConfigMap", + "name": "nutanix-ccm-pc-trusted-ca-bundle", + "namespace": "kube-system" + } + }, + "enableCustomLabeling": ${CCM_CUSTOM_LABEL=false}, + "topologyDiscovery": { + "type": "Prism" + } + } + --- + # Source: nutanix-cloud-provider/templates/rbac.yaml + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + name: system:cloud-controller-manager + rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update + - apiGroups: + - "" + resources: + - nodes + verbs: + - "*" + - apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - list + - watch + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + --- + # Source: nutanix-cloud-provider/templates/rbac.yaml + kind: ClusterRoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: system:cloud-controller-manager + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager + subjects: + - kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system + --- + # Source: nutanix-cloud-provider/templates/cloud-provider-nutanix-deployment.yaml + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + k8s-app: nutanix-cloud-controller-manager + name: nutanix-cloud-controller-manager + namespace: kube-system + spec: + replicas: 1 + selector: + matchLabels: + k8s-app: nutanix-cloud-controller-manager + strategy: + type: Recreate + template: + metadata: + labels: + k8s-app: nutanix-cloud-controller-manager + spec: + hostNetwork: true + priorityClassName: system-cluster-critical + nodeSelector: + node-role.kubernetes.io/control-plane: "" + serviceAccountName: cloud-controller-manager + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + k8s-app: nutanix-cloud-controller-manager + topologyKey: kubernetes.io/hostname + dnsPolicy: Default + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 120 + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 120 + - effect: NoSchedule + key: node.cloudprovider.kubernetes.io/uninitialized + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists + containers: + - image: "${CCM_REPO=ghcr.io/nutanix-cloud-native/cloud-provider-nutanix/controller}:${CCM_TAG=v0.3.2}" + imagePullPolicy: IfNotPresent + name: nutanix-cloud-controller-manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: + - "--leader-elect=true" + - "--cloud-config=/etc/cloud/nutanix_config.json" + resources: + requests: + cpu: 100m + memory: 50Mi + volumeMounts: + - mountPath: /etc/cloud + name: nutanix-config-volume + readOnly: true + volumes: + - name: nutanix-config-volume + configMap: + name: nutanix-config +kind: ConfigMap +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: nutanix-ccm +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: ${CLUSTER_NAME}-pc-creds +stringData: + credentials: | + [ + { + "type": "basic_auth", + "data": { + "prismCentral":{ + "username": "${NUTANIX_USER}", + "password": "${NUTANIX_PASSWORD}" + } + } + } + ] +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: nutanix-ccm-secret +stringData: + nutanix-ccm-secret.yaml: | + apiVersion: v1 + kind: Secret + metadata: + name: nutanix-creds + namespace: kube-system + stringData: + credentials: | + [ + { + "type": "basic_auth", + "data": { + "prismCentral":{ + "username": "${NUTANIX_USER}", + "password": "${NUTANIX_PASSWORD}" + }, + "prismElements": null + } + } + ] +type: addons.cluster.x-k8s.io/resource-set +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: nutanix-ccm-crs +spec: + clusterSelector: + matchLabels: + ccm: nutanix + resources: + - kind: ConfigMap + name: nutanix-ccm + - kind: Secret + name: nutanix-ccm-secret + - kind: ConfigMap + name: nutanix-ccm-pc-trusted-ca-bundle + strategy: ApplyOnce +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + ccm: nutanix + cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} + cluster.x-k8s.io/provider: nutanix + name: ${CLUSTER_NAME} +spec: + clusterNetwork: + pods: + cidrBlocks: + - ${POD_CIDR:-192.168.0.0/16} + serviceDomain: ${SERVICE_DOMAIN:="cluster.local"} + services: + cidrBlocks: + - ${SERVICE_CIDR:-10.128.0.0/12} + topology: + class: nutanix-quick-start + controlPlane: + metadata: {} + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + variables: + - name: clusterConfig + value: + addons: + clusterAutoscaler: + strategy: HelmAddon + cni: + provider: Calico + strategy: HelmAddon + nfd: + strategy: HelmAddon + controlPlane: + nutanix: + machineDetails: + bootType: legacy + cluster: + name: ${NUTANIX_PRISM_ELEMENT_CLUSTER_NAME} + type: name + image: + name: ${NUTANIX_MACHINE_TEMPLATE_IMAGE_NAME} + type: name + memorySize: 4Gi + subnet: + - name: ${NUTANIX_SUBNET_NAME} + type: name + systemDiskSize: 40Gi + vcpuSockets: 2 + vcpusPerSocket: 1 + nutanix: + controlPlaneEndpoint: + host: ${CONTROL_PLANE_ENDPOINT_IP} + port: ${CONTROL_PLANE_ENDPOINT_PORT} + prismCentralEndpoint: + additionalTrustBundle: ${CLUSTER_NAME}-pc-trusted-ca-bundle + credentialSecret: ${CLUSTER_NAME}-pc-creds + host: ${NUTANIX_ENDPOINT} + insecure: ${NUTANIX_INSECURE} + port: 9440 + - name: workerConfig + value: + nutanix: + machineDetails: + bootType: legacy + cluster: + name: ${NUTANIX_PRISM_ELEMENT_CLUSTER_NAME} + type: name + image: + name: ${NUTANIX_MACHINE_TEMPLATE_IMAGE_NAME} + type: name + memorySize: 4Gi + subnet: + - name: ${NUTANIX_SUBNET_NAME} + type: name + systemDiskSize: 40Gi + vcpuSockets: 2 + vcpusPerSocket: 1 + version: ${KUBERNETES_VERSION} + workers: + machineDeployments: + - class: nutanix-quick-start-worker + metadata: + annotations: + cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "${WORKER_MACHINE_COUNT}" + cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "${WORKER_MACHINE_COUNT}" + name: md-0 diff --git a/examples/capi-quick-start/nutanix-cluster-cilium-crs.yaml b/examples/capi-quick-start/nutanix-cluster-cilium-crs.yaml new file mode 100644 index 000000000..888cb9e78 --- /dev/null +++ b/examples/capi-quick-start/nutanix-cluster-cilium-crs.yaml @@ -0,0 +1,384 @@ +apiVersion: v1 +binaryData: + ca.crt: ${NUTANIX_ADDITIONAL_TRUST_BUNDLE=""} +kind: ConfigMap +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: ${CLUSTER_NAME}-pc-trusted-ca-bundle +--- +apiVersion: v1 +data: + nutanix-ccm.yaml: | + --- + apiVersion: v1 + kind: ConfigMap + metadata: + name: nutanix-ccm-pc-trusted-ca-bundle + namespace: kube-system + binaryData: + ca.crt: ${NUTANIX_ADDITIONAL_TRUST_BUNDLE=""} + --- + # Source: nutanix-cloud-provider/templates/rbac.yaml + apiVersion: v1 + kind: ServiceAccount + metadata: + name: cloud-controller-manager + namespace: kube-system + --- + # Source: nutanix-cloud-provider/templates/cm.yaml + kind: ConfigMap + apiVersion: v1 + metadata: + name: nutanix-config + namespace: kube-system + data: + nutanix_config.json: |- + { + "prismCentral": { + "address": "${NUTANIX_ENDPOINT}", + "port": ${NUTANIX_PORT=9440}, + "insecure": ${NUTANIX_INSECURE=false}, + "credentialRef": { + "kind": "secret", + "name": "nutanix-creds", + "namespace": "kube-system" + }, + "additionalTrustBundle": { + "kind": "ConfigMap", + "name": "nutanix-ccm-pc-trusted-ca-bundle", + "namespace": "kube-system" + } + }, + "enableCustomLabeling": ${CCM_CUSTOM_LABEL=false}, + "topologyDiscovery": { + "type": "Prism" + } + } + --- + # Source: nutanix-cloud-provider/templates/rbac.yaml + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + name: system:cloud-controller-manager + rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update + - apiGroups: + - "" + resources: + - nodes + verbs: + - "*" + - apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - list + - watch + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + --- + # Source: nutanix-cloud-provider/templates/rbac.yaml + kind: ClusterRoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: system:cloud-controller-manager + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager + subjects: + - kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system + --- + # Source: nutanix-cloud-provider/templates/cloud-provider-nutanix-deployment.yaml + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + k8s-app: nutanix-cloud-controller-manager + name: nutanix-cloud-controller-manager + namespace: kube-system + spec: + replicas: 1 + selector: + matchLabels: + k8s-app: nutanix-cloud-controller-manager + strategy: + type: Recreate + template: + metadata: + labels: + k8s-app: nutanix-cloud-controller-manager + spec: + hostNetwork: true + priorityClassName: system-cluster-critical + nodeSelector: + node-role.kubernetes.io/control-plane: "" + serviceAccountName: cloud-controller-manager + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + k8s-app: nutanix-cloud-controller-manager + topologyKey: kubernetes.io/hostname + dnsPolicy: Default + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 120 + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 120 + - effect: NoSchedule + key: node.cloudprovider.kubernetes.io/uninitialized + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists + containers: + - image: "${CCM_REPO=ghcr.io/nutanix-cloud-native/cloud-provider-nutanix/controller}:${CCM_TAG=v0.3.2}" + imagePullPolicy: IfNotPresent + name: nutanix-cloud-controller-manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: + - "--leader-elect=true" + - "--cloud-config=/etc/cloud/nutanix_config.json" + resources: + requests: + cpu: 100m + memory: 50Mi + volumeMounts: + - mountPath: /etc/cloud + name: nutanix-config-volume + readOnly: true + volumes: + - name: nutanix-config-volume + configMap: + name: nutanix-config +kind: ConfigMap +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: nutanix-ccm +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: ${CLUSTER_NAME}-pc-creds +stringData: + credentials: | + [ + { + "type": "basic_auth", + "data": { + "prismCentral":{ + "username": "${NUTANIX_USER}", + "password": "${NUTANIX_PASSWORD}" + } + } + } + ] +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: nutanix-ccm-secret +stringData: + nutanix-ccm-secret.yaml: | + apiVersion: v1 + kind: Secret + metadata: + name: nutanix-creds + namespace: kube-system + stringData: + credentials: | + [ + { + "type": "basic_auth", + "data": { + "prismCentral":{ + "username": "${NUTANIX_USER}", + "password": "${NUTANIX_PASSWORD}" + }, + "prismElements": null + } + } + ] +type: addons.cluster.x-k8s.io/resource-set +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: nutanix-ccm-crs +spec: + clusterSelector: + matchLabels: + ccm: nutanix + resources: + - kind: ConfigMap + name: nutanix-ccm + - kind: Secret + name: nutanix-ccm-secret + - kind: ConfigMap + name: nutanix-ccm-pc-trusted-ca-bundle + strategy: ApplyOnce +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + ccm: nutanix + cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} + cluster.x-k8s.io/provider: nutanix + name: ${CLUSTER_NAME} +spec: + clusterNetwork: + pods: + cidrBlocks: + - ${POD_CIDR:-192.168.0.0/16} + serviceDomain: ${SERVICE_DOMAIN:="cluster.local"} + services: + cidrBlocks: + - ${SERVICE_CIDR:-10.128.0.0/12} + topology: + class: nutanix-quick-start + controlPlane: + metadata: {} + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + variables: + - name: clusterConfig + value: + addons: + clusterAutoscaler: + strategy: ClusterResourceSet + cni: + provider: Cilium + strategy: ClusterResourceSet + nfd: + strategy: ClusterResourceSet + controlPlane: + nutanix: + machineDetails: + bootType: legacy + cluster: + name: ${NUTANIX_PRISM_ELEMENT_CLUSTER_NAME} + type: name + image: + name: ${NUTANIX_MACHINE_TEMPLATE_IMAGE_NAME} + type: name + memorySize: 4Gi + subnet: + - name: ${NUTANIX_SUBNET_NAME} + type: name + systemDiskSize: 40Gi + vcpuSockets: 2 + vcpusPerSocket: 1 + nutanix: + controlPlaneEndpoint: + host: ${CONTROL_PLANE_ENDPOINT_IP} + port: ${CONTROL_PLANE_ENDPOINT_PORT} + prismCentralEndpoint: + additionalTrustBundle: ${CLUSTER_NAME}-pc-trusted-ca-bundle + credentialSecret: ${CLUSTER_NAME}-pc-creds + host: ${NUTANIX_ENDPOINT} + insecure: ${NUTANIX_INSECURE} + port: 9440 + - name: workerConfig + value: + nutanix: + machineDetails: + bootType: legacy + cluster: + name: ${NUTANIX_PRISM_ELEMENT_CLUSTER_NAME} + type: name + image: + name: ${NUTANIX_MACHINE_TEMPLATE_IMAGE_NAME} + type: name + memorySize: 4Gi + subnet: + - name: ${NUTANIX_SUBNET_NAME} + type: name + systemDiskSize: 40Gi + vcpuSockets: 2 + vcpusPerSocket: 1 + version: ${KUBERNETES_VERSION} + workers: + machineDeployments: + - class: nutanix-quick-start-worker + metadata: + annotations: + cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "${WORKER_MACHINE_COUNT}" + cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "${WORKER_MACHINE_COUNT}" + name: md-0 diff --git a/examples/capi-quick-start/nutanix-cluster-cilium-helm-addon.yaml b/examples/capi-quick-start/nutanix-cluster-cilium-helm-addon.yaml new file mode 100644 index 000000000..42ab33cb0 --- /dev/null +++ b/examples/capi-quick-start/nutanix-cluster-cilium-helm-addon.yaml @@ -0,0 +1,384 @@ +apiVersion: v1 +binaryData: + ca.crt: ${NUTANIX_ADDITIONAL_TRUST_BUNDLE=""} +kind: ConfigMap +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: ${CLUSTER_NAME}-pc-trusted-ca-bundle +--- +apiVersion: v1 +data: + nutanix-ccm.yaml: | + --- + apiVersion: v1 + kind: ConfigMap + metadata: + name: nutanix-ccm-pc-trusted-ca-bundle + namespace: kube-system + binaryData: + ca.crt: ${NUTANIX_ADDITIONAL_TRUST_BUNDLE=""} + --- + # Source: nutanix-cloud-provider/templates/rbac.yaml + apiVersion: v1 + kind: ServiceAccount + metadata: + name: cloud-controller-manager + namespace: kube-system + --- + # Source: nutanix-cloud-provider/templates/cm.yaml + kind: ConfigMap + apiVersion: v1 + metadata: + name: nutanix-config + namespace: kube-system + data: + nutanix_config.json: |- + { + "prismCentral": { + "address": "${NUTANIX_ENDPOINT}", + "port": ${NUTANIX_PORT=9440}, + "insecure": ${NUTANIX_INSECURE=false}, + "credentialRef": { + "kind": "secret", + "name": "nutanix-creds", + "namespace": "kube-system" + }, + "additionalTrustBundle": { + "kind": "ConfigMap", + "name": "nutanix-ccm-pc-trusted-ca-bundle", + "namespace": "kube-system" + } + }, + "enableCustomLabeling": ${CCM_CUSTOM_LABEL=false}, + "topologyDiscovery": { + "type": "Prism" + } + } + --- + # Source: nutanix-cloud-provider/templates/rbac.yaml + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + name: system:cloud-controller-manager + rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update + - apiGroups: + - "" + resources: + - nodes + verbs: + - "*" + - apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - list + - watch + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + --- + # Source: nutanix-cloud-provider/templates/rbac.yaml + kind: ClusterRoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + metadata: + name: system:cloud-controller-manager + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager + subjects: + - kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system + --- + # Source: nutanix-cloud-provider/templates/cloud-provider-nutanix-deployment.yaml + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + k8s-app: nutanix-cloud-controller-manager + name: nutanix-cloud-controller-manager + namespace: kube-system + spec: + replicas: 1 + selector: + matchLabels: + k8s-app: nutanix-cloud-controller-manager + strategy: + type: Recreate + template: + metadata: + labels: + k8s-app: nutanix-cloud-controller-manager + spec: + hostNetwork: true + priorityClassName: system-cluster-critical + nodeSelector: + node-role.kubernetes.io/control-plane: "" + serviceAccountName: cloud-controller-manager + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + k8s-app: nutanix-cloud-controller-manager + topologyKey: kubernetes.io/hostname + dnsPolicy: Default + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 120 + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 120 + - effect: NoSchedule + key: node.cloudprovider.kubernetes.io/uninitialized + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists + containers: + - image: "${CCM_REPO=ghcr.io/nutanix-cloud-native/cloud-provider-nutanix/controller}:${CCM_TAG=v0.3.2}" + imagePullPolicy: IfNotPresent + name: nutanix-cloud-controller-manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: + - "--leader-elect=true" + - "--cloud-config=/etc/cloud/nutanix_config.json" + resources: + requests: + cpu: 100m + memory: 50Mi + volumeMounts: + - mountPath: /etc/cloud + name: nutanix-config-volume + readOnly: true + volumes: + - name: nutanix-config-volume + configMap: + name: nutanix-config +kind: ConfigMap +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: nutanix-ccm +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: ${CLUSTER_NAME}-pc-creds +stringData: + credentials: | + [ + { + "type": "basic_auth", + "data": { + "prismCentral":{ + "username": "${NUTANIX_USER}", + "password": "${NUTANIX_PASSWORD}" + } + } + } + ] +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: nutanix-ccm-secret +stringData: + nutanix-ccm-secret.yaml: | + apiVersion: v1 + kind: Secret + metadata: + name: nutanix-creds + namespace: kube-system + stringData: + credentials: | + [ + { + "type": "basic_auth", + "data": { + "prismCentral":{ + "username": "${NUTANIX_USER}", + "password": "${NUTANIX_PASSWORD}" + }, + "prismElements": null + } + } + ] +type: addons.cluster.x-k8s.io/resource-set +--- +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: nutanix-ccm-crs +spec: + clusterSelector: + matchLabels: + ccm: nutanix + resources: + - kind: ConfigMap + name: nutanix-ccm + - kind: Secret + name: nutanix-ccm-secret + - kind: ConfigMap + name: nutanix-ccm-pc-trusted-ca-bundle + strategy: ApplyOnce +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + ccm: nutanix + cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} + cluster.x-k8s.io/provider: nutanix + name: ${CLUSTER_NAME} +spec: + clusterNetwork: + pods: + cidrBlocks: + - ${POD_CIDR:-192.168.0.0/16} + serviceDomain: ${SERVICE_DOMAIN:="cluster.local"} + services: + cidrBlocks: + - ${SERVICE_CIDR:-10.128.0.0/12} + topology: + class: nutanix-quick-start + controlPlane: + metadata: {} + replicas: ${CONTROL_PLANE_MACHINE_COUNT} + variables: + - name: clusterConfig + value: + addons: + clusterAutoscaler: + strategy: HelmAddon + cni: + provider: Cilium + strategy: HelmAddon + nfd: + strategy: HelmAddon + controlPlane: + nutanix: + machineDetails: + bootType: legacy + cluster: + name: ${NUTANIX_PRISM_ELEMENT_CLUSTER_NAME} + type: name + image: + name: ${NUTANIX_MACHINE_TEMPLATE_IMAGE_NAME} + type: name + memorySize: 4Gi + subnet: + - name: ${NUTANIX_SUBNET_NAME} + type: name + systemDiskSize: 40Gi + vcpuSockets: 2 + vcpusPerSocket: 1 + nutanix: + controlPlaneEndpoint: + host: ${CONTROL_PLANE_ENDPOINT_IP} + port: ${CONTROL_PLANE_ENDPOINT_PORT} + prismCentralEndpoint: + additionalTrustBundle: ${CLUSTER_NAME}-pc-trusted-ca-bundle + credentialSecret: ${CLUSTER_NAME}-pc-creds + host: ${NUTANIX_ENDPOINT} + insecure: ${NUTANIX_INSECURE} + port: 9440 + - name: workerConfig + value: + nutanix: + machineDetails: + bootType: legacy + cluster: + name: ${NUTANIX_PRISM_ELEMENT_CLUSTER_NAME} + type: name + image: + name: ${NUTANIX_MACHINE_TEMPLATE_IMAGE_NAME} + type: name + memorySize: 4Gi + subnet: + - name: ${NUTANIX_SUBNET_NAME} + type: name + systemDiskSize: 40Gi + vcpuSockets: 2 + vcpusPerSocket: 1 + version: ${KUBERNETES_VERSION} + workers: + machineDeployments: + - class: nutanix-quick-start-worker + metadata: + annotations: + cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "${WORKER_MACHINE_COUNT}" + cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "${WORKER_MACHINE_COUNT}" + name: md-0 diff --git a/hack/examples/bases/nutanix/cluster/kustomization.yaml.tmpl b/hack/examples/bases/nutanix/cluster/kustomization.yaml.tmpl new file mode 100644 index 000000000..b75eb33cf --- /dev/null +++ b/hack/examples/bases/nutanix/cluster/kustomization.yaml.tmpl @@ -0,0 +1,30 @@ +# Copyright 2024 D2iQ, Inc. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- https://raw.githubusercontent.com/nutanix-cloud-native/cluster-api-provider-nutanix/main/templates/cluster-template-topology.yaml + +sortOptions: + order: fifo + +labels: +- includeSelectors: false + pairs: + cluster.x-k8s.io/provider: nutanix + +patches: +- target: + kind: Cluster + path: ../../../patches/initialize-variables.yaml +- target: + kind: Cluster + path: ../../../patches/cluster-network.yaml +- target: + kind: Cluster + path: ../../../patches/cluster-autoscaler.yaml +- target: + kind: Cluster + path: ../../../patches/nutanix/initialize-variables.yaml diff --git a/hack/examples/bases/nutanix/clusterclass/kustomization.yaml.tmpl b/hack/examples/bases/nutanix/clusterclass/kustomization.yaml.tmpl new file mode 100644 index 000000000..24e9683ff --- /dev/null +++ b/hack/examples/bases/nutanix/clusterclass/kustomization.yaml.tmpl @@ -0,0 +1,31 @@ +# Copyright 2024 D2iQ, Inc. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- https://raw.githubusercontent.com/nutanix-cloud-native/cluster-api-provider-nutanix/main/templates/cluster-template-clusterclass.yaml + +configurations: + - kustomizeconfig.yaml + +sortOptions: + order: fifo + +namePrefix: + +labels: +- includeSelectors: false + pairs: + cluster.x-k8s.io/provider: nutanix + +patches: +# Delete the patch and variable definitions. +- target: + kind: ClusterClass + patch: |- + - op: "remove" + path: "/spec/patches" + - op: "remove" + path: "/spec/variables" diff --git a/hack/examples/bases/nutanix/clusterclass/kustomizeconfig.yaml b/hack/examples/bases/nutanix/clusterclass/kustomizeconfig.yaml new file mode 100644 index 000000000..97b1f3955 --- /dev/null +++ b/hack/examples/bases/nutanix/clusterclass/kustomizeconfig.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 D2iQ, Inc. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 + +nameReference: + - kind: NutanixMachineTemplate + fieldSpecs: + - kind: ClusterClass + path: spec/controlPlane/machineInfrastructure/ref/name + - kind: ClusterClass + path: spec/workers/machineDeployments/template/infrastructure/ref/name + - kind: KubeadmControlPlaneTemplate + fieldSpecs: + - kind: ClusterClass + path: spec/controlPlane/ref/name + - kind: NutanixClusterTemplate + fieldSpecs: + - kind: ClusterClass + path: spec/infrastructure/ref/name + - kind: KubeadmConfigTemplate + fieldSpecs: + - kind: ClusterClass + path: spec/workers/machineDeployments/template/bootstrap/ref/name diff --git a/hack/examples/overlays/clusterclasses/nutanix/kustomization.yaml.tmpl b/hack/examples/overlays/clusterclasses/nutanix/kustomization.yaml.tmpl new file mode 100644 index 000000000..2c27d69fb --- /dev/null +++ b/hack/examples/overlays/clusterclasses/nutanix/kustomization.yaml.tmpl @@ -0,0 +1,27 @@ +# Copyright 2024 D2iQ, Inc. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../../../bases/nutanix/clusterclass + +sortOptions: + order: fifo + +patches: + - target: + kind: ClusterClass + patch: |- + - op: "add" + path: "/spec/patches" + value: + - name: "cluster-config" + external: + generateExtension: "nutanixclusterconfigpatch.cluster-api-runtime-extensions-nutanix" + discoverVariablesExtension: "nutanixclusterconfigvars.cluster-api-runtime-extensions-nutanix" + - name: "worker-config" + external: + generateExtension: "nutanixworkerconfigpatch.cluster-api-runtime-extensions-nutanix" + discoverVariablesExtension: "nutanixworkerconfigvars.cluster-api-runtime-extensions-nutanix" diff --git a/hack/examples/overlays/clusters/nutanix/calico/crs/kustomization.yaml.tmpl b/hack/examples/overlays/clusters/nutanix/calico/crs/kustomization.yaml.tmpl new file mode 100644 index 000000000..467d830d9 --- /dev/null +++ b/hack/examples/overlays/clusters/nutanix/calico/crs/kustomization.yaml.tmpl @@ -0,0 +1,19 @@ +# Copyright 2024 D2iQ, Inc. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../../../../../bases/nutanix/cluster + +sortOptions: + order: fifo + +patches: + - target: + kind: Cluster + path: ../../../../../patches/calico.yaml + - target: + kind: Cluster + path: ../../../../../patches/crs-strategy.yaml diff --git a/hack/examples/overlays/clusters/nutanix/calico/helm-addon/kustomization.yaml.tmpl b/hack/examples/overlays/clusters/nutanix/calico/helm-addon/kustomization.yaml.tmpl new file mode 100644 index 000000000..580fb8325 --- /dev/null +++ b/hack/examples/overlays/clusters/nutanix/calico/helm-addon/kustomization.yaml.tmpl @@ -0,0 +1,19 @@ +# Copyright 2024 D2iQ, Inc. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../../../../../bases/nutanix/cluster + +sortOptions: + order: fifo + +patches: + - target: + kind: Cluster + path: ../../../../../patches/calico.yaml + - target: + kind: Cluster + path: ../../../../../patches/helm-addon-strategy.yaml diff --git a/hack/examples/overlays/clusters/nutanix/cilium/crs/kustomization.yaml.tmpl b/hack/examples/overlays/clusters/nutanix/cilium/crs/kustomization.yaml.tmpl new file mode 100644 index 000000000..8583a6ab4 --- /dev/null +++ b/hack/examples/overlays/clusters/nutanix/cilium/crs/kustomization.yaml.tmpl @@ -0,0 +1,19 @@ +# Copyright 2024 D2iQ, Inc. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../../../../../bases/nutanix/cluster + +sortOptions: + order: fifo + +patches: + - target: + kind: Cluster + path: ../../../../../patches/cilium.yaml + - target: + kind: Cluster + path: ../../../../../patches/crs-strategy.yaml diff --git a/hack/examples/overlays/clusters/nutanix/cilium/helm-addon/kustomization.yaml.tmpl b/hack/examples/overlays/clusters/nutanix/cilium/helm-addon/kustomization.yaml.tmpl new file mode 100644 index 000000000..2c5917713 --- /dev/null +++ b/hack/examples/overlays/clusters/nutanix/cilium/helm-addon/kustomization.yaml.tmpl @@ -0,0 +1,19 @@ +# Copyright 2024 D2iQ, Inc. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../../../../../bases/nutanix/cluster + +sortOptions: + order: fifo + +patches: + - target: + kind: Cluster + path: ../../../../../patches/cilium.yaml + - target: + kind: Cluster + path: ../../../../../patches/helm-addon-strategy.yaml diff --git a/hack/examples/patches/nutanix/initialize-variables.yaml b/hack/examples/patches/nutanix/initialize-variables.yaml new file mode 100644 index 000000000..9429272bd --- /dev/null +++ b/hack/examples/patches/nutanix/initialize-variables.yaml @@ -0,0 +1,55 @@ +# Copyright 2024 D2iQ, Inc. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 + +- op: "add" + path: "/spec/topology/class" + value: "nutanix-quick-start" +- op: "add" + path: "/spec/topology/variables/0/value/nutanix" + value: + controlPlaneEndpoint: + host: ${CONTROL_PLANE_ENDPOINT_IP} + port: ${CONTROL_PLANE_ENDPOINT_PORT} + prismCentralEndpoint: + additionalTrustBundle: ${CLUSTER_NAME}-pc-trusted-ca-bundle + host: ${NUTANIX_ENDPOINT} + insecure: ${NUTANIX_INSECURE} + port: 9440 + credentialSecret: ${CLUSTER_NAME}-pc-creds +- op: "add" + path: "/spec/topology/variables/0/value/controlPlane" + value: + nutanix: + machineDetails: + bootType: legacy + cluster: + name: ${NUTANIX_PRISM_ELEMENT_CLUSTER_NAME} + type: name + image: + name: ${NUTANIX_MACHINE_TEMPLATE_IMAGE_NAME} + type: name + subnet: + - name: ${NUTANIX_SUBNET_NAME} + type: name + memorySize: 4Gi + systemDiskSize: 40Gi + vcpuSockets: 2 + vcpusPerSocket: 1 +- op: "add" + path: "/spec/topology/variables/1/value/nutanix" + value: + machineDetails: + bootType: legacy + cluster: + name: ${NUTANIX_PRISM_ELEMENT_CLUSTER_NAME} + type: name + image: + name: ${NUTANIX_MACHINE_TEMPLATE_IMAGE_NAME} + type: name + memorySize: 4Gi + subnet: + - name: ${NUTANIX_SUBNET_NAME} + type: name + systemDiskSize: 40Gi + vcpuSockets: 2 + vcpusPerSocket: 1 diff --git a/hack/examples/sync.sh b/hack/examples/sync.sh index 4d11c0e70..a03967595 100755 --- a/hack/examples/sync.sh +++ b/hack/examples/sync.sh @@ -21,7 +21,7 @@ mkdir -p "${EXAMPLE_CLUSTERCLASSES_DIR}" readonly EXAMPLE_CLUSTERS_DIR=examples/capi-quick-start mkdir -p "${EXAMPLE_CLUSTERS_DIR}" -for provider in "aws" "docker"; do +for provider in "aws" "docker" "nutanix"; do kustomize build --load-restrictor LoadRestrictionsNone \ ./hack/examples/overlays/clusterclasses/"${provider}" >"${EXAMPLE_CLUSTERCLASSES_DIR}"/"${provider}"-cluster-class.yaml