airship/airshipctl
Code Issues Proposed changes

Azure provider integration - CAPZ v0.4.9

Browse Source 
This patchset includes the manifests for CAPZ version v0.4.9, which has
been added under airshipctl/manifests/function/capz/v0.4.9

Also added an entry in the clusterctl/clusterctl.yaml for CAPZ

Change-Id: I3a52257320af1f68ec2d8f4302e7176b73f227dd
This commit is contained in:
Sidney Shiba 2020-11-17 16:16:28 -06:00
parent 1918421ae8
commit abb3a10032
57 changed files with 3837 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
manifests/function/capz/v0.4.9/certmanager/certificate.yaml Normal file
View File

@ -0,0 +1,24 @@
# The following manifests contain a self-signed issuer CR and a certificate CR.
# More document can be found at https://docs.cert-manager.io
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: selfsigned-issuer
namespace: system
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml
namespace: system
spec:
# $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
dnsNames:
- $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
- $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
issuerRef:
kind: Issuer
name: selfsigned-issuer
secretName: $(SERVICE_NAME)-cert

4
manifests/function/capz/v0.4.9/certmanager/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
resources:
- certificate.yaml
configurations:
- kustomizeconfig.yaml

19
manifests/function/capz/v0.4.9/certmanager/kustomizeconfig.yaml Normal file
View File

@ -0,0 +1,19 @@
# This configuration is for teaching kustomize how to update name ref and var substitution
nameReference:
- kind: Issuer
group: cert-manager.io
fieldSpecs:
- kind: Certificate
group: cert-manager.io
path: spec/issuerRef/name
varReference:
- kind: Certificate
group: cert-manager.io
path: spec/commonName
- kind: Certificate
group: cert-manager.io
path: spec/dnsNames
- kind: Certificate
group: cert-manager.io
path: spec/secretName

489
manifests/function/capz/v0.4.9/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremachinepools.yaml Normal file
View File

@ -0,0 +1,489 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: azuremachinepools.exp.infrastructure.cluster.x-k8s.io
spec:
group: exp.infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureMachinePool
listKind: AzureMachinePoolList
plural: azuremachinepools
shortNames:
- amp
singular: azuremachinepool
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: AzureMachinePool replicas count
jsonPath: .status.replicas
name: Replicas
type: string
- description: AzureMachinePool replicas count
jsonPath: .status.ready
name: Ready
type: string
- description: Azure VMSS provisioning state
jsonPath: .status.provisioningState
name: State
type: string
- description: Cluster to which this AzureMachinePool belongs
jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
name: Cluster
priority: 1
type: string
- description: MachinePool object to which this AzureMachinePool belongs
jsonPath: .metadata.ownerReferences[?(@.kind=="MachinePool")].name
name: MachinePool
priority: 1
type: string
- description: Azure VMSS ID
jsonPath: .spec.providerID
name: VMSS ID
priority: 1
type: string
- description: Azure VM Size
jsonPath: .spec.template.vmSize
name: VM Size
priority: 1
type: string
name: v1alpha3
schema:
openAPIV3Schema:
description: AzureMachinePool is the Schema for the azuremachinepools API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureMachinePoolSpec defines the desired state of AzureMachinePool
properties:
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to add to an
instance, in addition to the ones added by default by the Azure
provider. If both the AzureCluster and the AzureMachine specify
the same tag name with different values, the AzureMachine's value
takes precedence.
type: object
identity:
default: None
description: Identity is the type of identity used for the Virtual
Machine Scale Set. The type 'SystemAssigned' is an implicitly created
identity. The generated identity will be assigned a Subscription
contributor role. The type 'UserAssigned' is a standalone Azure
resource provided by the user and assigned to the VM
enum:
- None
- SystemAssigned
- UserAssigned
type: string
location:
description: Location is the Azure region location e.g. westus2
type: string
providerID:
description: ProviderID is the identification ID of the Virtual Machine
Scale Set
type: string
providerIDList:
description: ProviderIDList are the identification IDs of machine
instances provided by the provider. This field must match the provider
IDs as seen on the node objects corresponding to a machine pool's
machine instances.
items:
type: string
type: array
roleAssignmentName:
description: RoleAssignmentName is the name of the role assignment
to create for a system assigned identity. It can be any valid GUID.
If not specified, a random GUID will be generated.
type: string
template:
description: Template contains the details used to build a replica
virtual machine within the Machine Pool
properties:
acceleratedNetworking:
description: AcceleratedNetworking enables or disables Azure accelerated
networking. If omitted, it will be set based on whether the
requested VMSize supports accelerated networking. If AcceleratedNetworking
is set to true with a VMSize that does not support it, Azure
will return an error.
type: boolean
dataDisks:
description: DataDisks specifies the list of data disks to be
created for a Virtual Machine
items:
description: DataDisk specifies the parameters that are used
to add one or more data disks to the machine.
properties:
cachingType:
type: string
diskSizeGB:
description: DiskSizeGB is the size in GB to assign to the
data disk.
format: int32
type: integer
lun:
description: Lun Specifies the logical unit number of the
data disk. This value is used to identify data disks within
the VM and therefore must be unique for each data disk
attached to a VM. The value must be between 0 and 63.
format: int32
type: integer
nameSuffix:
description: NameSuffix is the suffix to be appended to
the machine name to generate the disk name. Each disk
name will be in format <machineName>_<nameSuffix>.
type: string
required:
- diskSizeGB
- nameSuffix
type: object
type: array
image:
description: Image is used to provide details of an image to use
during Virtual Machine creation. If image details are omitted
the image will default the Azure Marketplace "capi" offer, which
is based on Ubuntu.
properties:
id:
description: ID specifies an image to use by ID
type: string
marketplace:
description: Marketplace specifies an image to use from the
Azure Marketplace
properties:
offer:
description: Offer specifies the name of a group of related
images created by the publisher. For example, UbuntuServer,
WindowsServer
minLength: 1
type: string
publisher:
description: Publisher is the name of the organization
that created the image
minLength: 1
type: string
sku:
description: SKU specifies an instance of an offer, such
as a major release of a distribution. For example, 18.04-LTS,
2019-Datacenter
minLength: 1
type: string
thirdPartyImage:
default: false
description: ThirdPartyImage indicates the image is published
by a third party publisher and a Plan will be generated
for it.
type: boolean
version:
description: Version specifies the version of an image
sku. The allowed formats are Major.Minor.Build or 'latest'.
Major, Minor, and Build are decimal numbers. Specify
'latest' to use the latest version of an image available
at deploy time. Even if you use 'latest', the VM image
will not automatically update after deploy time even
if a new version becomes available.
minLength: 1
type: string
required:
- offer
- publisher
- sku
- version
type: object
sharedGallery:
description: SharedGallery specifies an image to use from
an Azure Shared Image Gallery
properties:
gallery:
description: Gallery specifies the name of the shared
image gallery that contains the image
minLength: 1
type: string
name:
description: Name is the name of the image
minLength: 1
type: string
resourceGroup:
description: ResourceGroup specifies the resource group
containing the shared image gallery
minLength: 1
type: string
subscriptionID:
description: SubscriptionID is the identifier of the subscription
that contains the shared image gallery
minLength: 1
type: string
version:
description: Version specifies the version of the marketplace
image. The allowed formats are Major.Minor.Build or
'latest'. Major, Minor, and Build are decimal numbers.
Specify 'latest' to use the latest version of an image
available at deploy time. Even if you use 'latest',
the VM image will not automatically update after deploy
time even if a new version becomes available.
minLength: 1
type: string
required:
- gallery
- name
- resourceGroup
- subscriptionID
- version
type: object
type: object
osDisk:
description: OSDisk contains the operating system disk information
for a Virtual Machine
properties:
cachingType:
type: string
diffDiskSettings:
description: DiffDiskSettings describe ephemeral disk settings
for the os disk.
properties:
option:
description: Option enables ephemeral OS when set to "Local"
See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks
for full details
enum:
- Local
type: string
required:
- option
type: object
diskSizeGB:
format: int32
type: integer
managedDisk:
description: ManagedDisk defines the managed disk options
for a VM.
properties:
diskEncryptionSet:
description: DiskEncryptionSetParameters defines disk
encryption options.
properties:
id:
description: ID defines resourceID for diskEncryptionSet
resource. It must be in the same subscription
type: string
type: object
storageAccountType:
type: string
required:
- storageAccountType
type: object
osType:
type: string
required:
- diskSizeGB
- managedDisk
- osType
type: object
securityProfile:
description: SecurityProfile specifies the Security profile settings
for a virtual machine.
properties:
encryptionAtHost:
description: This field indicates whether Host Encryption
should be enabled or disabled for a virtual machine or virtual
machine scale set. Default is disabled.
type: boolean
type: object
sshPublicKey:
description: SSHPublicKey is the SSH public key string base64
encoded to add to a Virtual Machine
type: string
terminateNotificationTimeout:
description: TerminateNotificationTimeout enables or disables
VMSS scheduled events termination notification with specified
timeout allowed values are between 5 and 15 (mins)
type: integer
vmSize:
description: VMSize is the size of the Virtual Machine to build.
See https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/createorupdate#virtualmachinesizetypes
type: string
required:
- osDisk
- sshPublicKey
- vmSize
type: object
userAssignedIdentities:
description: UserAssignedIdentities is a list of standalone Azure
identities provided by the user The lifecycle of a user-assigned
identity is managed separately from the lifecycle of the AzureMachinePool.
See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli
items:
description: UserAssignedIdentity defines the user-assigned identities
provided by the user to be assigned to Azure resources.
properties:
providerID:
description: 'ProviderID is the identification ID of the user-assigned
Identity, the format of an identity is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'''
type: string
required:
- providerID
type: object
type: array
required:
- location
- template
type: object
status:
description: AzureMachinePoolStatus defines the observed state of AzureMachinePool
properties:
conditions:
description: Conditions defines current service state of the AzureMachinePool.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another. This should be when the underlying condition changed.
If that is not known, then using the time when the API field
changed is acceptable.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition. This field may be empty.
type: string
reason:
description: The reason for the condition's last transition
in CamelCase. The specific API may choose whether or not this
field is considered a guaranteed API. This field may not be
empty.
type: string
severity:
description: Severity provides an explicit classification of
Reason code, so the users or machines can immediately understand
the current situation and act accordingly. The Severity field
MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important.
type: string
required:
- status
- type
type: object
type: array
failureMessage:
description: "FailureMessage will be set in the event that there is
a terminal problem reconciling the MachinePool and will contain
a more verbose string suitable for logging and human consumption.
\n This field should not be set for transitive errors that a controller
faces that are expected to be fixed automatically over time (like
service outages), but instead indicate that something is fundamentally
wrong with the MachinePool's spec or the configuration of the controller,
and that manual intervention is required. Examples of terminal errors
would be invalid combinations of settings in the spec, values that
are unsupported by the controller, or the responsible controller
itself being critically misconfigured. \n Any transient errors that
occur during the reconciliation of MachinePools can be added as
events to the MachinePool object and/or logged in the controller's
output."
type: string
failureReason:
description: "FailureReason will be set in the event that there is
a terminal problem reconciling the MachinePool and will contain
a succinct value suitable for machine interpretation. \n This field
should not be set for transitive errors that a controller faces
that are expected to be fixed automatically over time (like service
outages), but instead indicate that something is fundamentally wrong
with the MachinePool's spec or the configuration of the controller,
and that manual intervention is required. Examples of terminal errors
would be invalid combinations of settings in the spec, values that
are unsupported by the controller, or the responsible controller
itself being critically misconfigured. \n Any transient errors that
occur during the reconciliation of MachinePools can be added as
events to the MachinePool object and/or logged in the controller's
output."
type: string
instances:
description: Instances is the VM instance status for each VM in the
VMSS
items:
description: AzureMachinePoolInstanceStatus provides status information
for each instance in the VMSS
properties:
instanceName:
description: InstanceID is the identification of the Machine
Instance within the VMSS
type: string
latestModelApplied:
description: LatestModelApplied indicates the instance is running
the most up-to-date VMSS model. A VMSS model describes the
image version the VM is running. If the instance is not running
the latest model, it means the instance may not be running
the version of Kubernetes the Machine Pool has specified and
needs to be updated.
type: boolean
providerID:
description: ProviderID is the provider identification of the
VMSS Instance
type: string
provisioningState:
description: ProvisioningState is the provisioning state of
the Azure virtual machine instance.
type: string
version:
description: Version defines the Kubernetes version for the
VM Instance
type: string
required:
- latestModelApplied
type: object
type: array
provisioningState:
description: ProvisioningState is the provisioning state of the Azure
virtual machine.
type: string
ready:
description: Ready is true when the provider resource is ready.
type: boolean
replicas:
description: Replicas is the most recently observed number of replicas.
format: int32
type: integer
version:
description: Version is the Kubernetes version for the current VMSS
model
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

77
manifests/function/capz/v0.4.9/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedclusters.yaml Normal file
View File

@ -0,0 +1,77 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: azuremanagedclusters.exp.infrastructure.cluster.x-k8s.io
spec:
group: exp.infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureManagedCluster
listKind: AzureManagedClusterList
plural: azuremanagedclusters
shortNames:
- amc
singular: azuremanagedcluster
scope: Namespaced
versions:
- name: v1alpha3
schema:
openAPIV3Schema:
description: AzureManagedCluster is the Schema for the azuremanagedclusters
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureManagedClusterSpec defines the desired state of AzureManagedCluster
properties:
controlPlaneEndpoint:
description: ControlPlaneEndpoint represents the endpoint used to
communicate with the control plane.
properties:
host:
description: The hostname on which the API server is serving.
type: string
port:
description: The port on which the API server is serving.
format: int32
type: integer
required:
- host
- port
type: object
type: object
status:
description: AzureManagedClusterStatus defines the observed state of AzureManagedCluster
properties:
ready:
description: Ready is true when the provider resource is ready.
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

181
manifests/function/capz/v0.4.9/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml Normal file
View File

@ -0,0 +1,181 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: azuremanagedcontrolplanes.exp.infrastructure.cluster.x-k8s.io
spec:
group: exp.infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureManagedControlPlane
listKind: AzureManagedControlPlaneList
plural: azuremanagedcontrolplanes
shortNames:
- amcp
singular: azuremanagedcontrolplane
scope: Namespaced
versions:
- name: v1alpha3
schema:
openAPIV3Schema:
description: AzureManagedControlPlane is the Schema for the azuremanagedcontrolplanes
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureManagedControlPlaneSpec defines the desired state of
AzureManagedControlPlane
properties:
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to add to Azure
resources managed by the Azure provider, in addition to the ones
added by default.
type: object
controlPlaneEndpoint:
description: ControlPlaneEndpoint represents the endpoint used to
communicate with the control plane.
properties:
host:
description: The hostname on which the API server is serving.
type: string
port:
description: The port on which the API server is serving.
format: int32
type: integer
required:
- host
- port
type: object
defaultPoolRef:
description: DefaultPoolRef is the specification for the default pool,
without which an AKS cluster cannot be created.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
dnsServiceIP:
description: DNSServiceIP is an IP address assigned to the Kubernetes
DNS service. It must be within the Kubernetes service address range
specified in serviceCidr.
type: string
loadBalancerSKU:
description: LoadBalancerSKU is the SKU of the loadBalancer to be
provisioned.
enum:
- Basic
- Standard
type: string
location:
description: 'Location is a string matching one of the canonical Azure
region names. Examples: "westus2", "eastus".'
type: string
networkPlugin:
description: NetworkPlugin used for building Kubernetes network.
enum:
- azure
- kubenet
type: string
networkPolicy:
description: NetworkPolicy used for building Kubernetes network.
enum:
- azure
- calico
type: string
nodeResourceGroupName:
description: NodeResourceGroupName is the name of the resource group
containining cluster IaaS resources. Will be populated to default
in webhook.
type: string
resourceGroupName:
description: ResourceGroupName is the name of the Azure resource group
for this AKS Cluster.
type: string
sshPublicKey:
description: SSHPublicKey is a string literal containing an ssh public
key base64 encoded.
type: string
subscriptionID:
description: SubscriotionID is the GUID of the Azure subscription
to hold this cluster.
type: string
version:
description: Version defines the desired Kubernetes version.
minLength: 2
type: string
virtualNetwork:
description: VirtualNetwork describes the vnet for the AKS cluster.
Will be created if it does not exist.
properties:
cidrBlock:
type: string
name:
type: string
subnet:
description: ManagedControlPlaneSubnet describes a subnet for
an AKS cluster.
properties:
cidrBlock:
type: string
name:
type: string
required:
- cidrBlock
- name
type: object
required:
- cidrBlock
- name
type: object
required:
- defaultPoolRef
- location
- nodeResourceGroupName
- resourceGroupName
- sshPublicKey
- version
type: object
status:
description: AzureManagedControlPlaneStatus defines the observed state
of AzureManagedControlPlane
properties:
initialized:
description: Initialized is true when the the control plane is available
for initial contact. This may occur before the control plane is
fully ready. In the AzureManagedControlPlane implementation, these
are identical.
type: boolean
ready:
description: Ready is true when the provider resource is ready.
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

95
manifests/function/capz/v0.4.9/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedmachinepools.yaml Normal file
View File

@ -0,0 +1,95 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: azuremanagedmachinepools.exp.infrastructure.cluster.x-k8s.io
spec:
group: exp.infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureManagedMachinePool
listKind: AzureManagedMachinePoolList
plural: azuremanagedmachinepools
shortNames:
- ammp
singular: azuremanagedmachinepool
scope: Namespaced
versions:
- name: v1alpha3
schema:
openAPIV3Schema:
description: AzureManagedMachinePool is the Schema for the azuremanagedmachinepools
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureManagedMachinePoolSpec defines the desired state of
AzureManagedMachinePool
properties:
osDiskSizeGB:
description: OSDiskSizeGB is the disk size for every machine in this
agent pool. If you specify 0, it will apply the default osDisk size
according to the vmSize specified.
format: int32
type: integer
providerIDList:
description: ProviderIDList is the unique identifier as specified
by the cloud provider.
items:
type: string
type: array
sku:
description: SKU is the size of the VMs in the node pool.
type: string
required:
- sku
type: object
status:
description: AzureManagedMachinePoolStatus defines the observed state
of AzureManagedMachinePool
properties:
errorMessage:
description: Any transient errors that occur during the reconciliation
of Machines can be added as events to the Machine object and/or
logged in the controller's output.
type: string
errorReason:
description: Any transient errors that occur during the reconciliation
of Machines can be added as events to the Machine object and/or
logged in the controller's output.
type: string
ready:
description: Ready is true when the provider resource is ready.
type: boolean
replicas:
description: Replicas is the most recently observed number of replicas.
format: int32
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

753
manifests/function/capz/v0.4.9/crd/bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml Normal file
View File

@ -0,0 +1,753 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: azureclusters.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureCluster
listKind: AzureClusterList
plural: azureclusters
singular: azurecluster
scope: Namespaced
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: AzureCluster is the Schema for the azureclusters API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureClusterSpec defines the desired state of AzureCluster
properties:
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to add to Azure
resources managed by the Azure provider, in addition to the ones
added by default.
type: object
location:
type: string
networkSpec:
description: NetworkSpec encapsulates all things related to Azure
network.
properties:
subnets:
description: Subnets is the configuration for the control-plane
subnet and the node subnet.
items:
description: SubnetSpec configures an Azure subnet.
properties:
cidrBlock:
description: CidrBlock is the CIDR block to be used when
the provider creates a managed Vnet.
type: string
id:
description: ID defines a unique identifier to reference
this resource.
type: string
internalLBIPAddress:
description: InternalLBIPAddress is the IP address that
will be used as the internal LB private IP. For the control
plane subnet only.
type: string
name:
description: Name defines a name for the subnet resource.
type: string
role:
description: Role defines the subnet role (eg. Node, ControlPlane)
type: string
securityGroup:
description: SecurityGroup defines the NSG (network security
group) that should be attached to this subnet.
properties:
id:
type: string
ingressRule:
description: IngressRules is a slice of Azure ingress
rules for security groups.
items:
description: IngressRule defines an Azure ingress
rule for security groups.
properties:
description:
type: string
destination:
description: Destination - The destination address
prefix. CIDR or destination IP range. Asterix
'*' can also be used to match all source IPs.
Default tags such as 'VirtualNetwork', 'AzureLoadBalancer'
and 'Internet' can also be used.
type: string
destinationPorts:
description: DestinationPorts - The destination
port or range. Integer or range between 0 and
65535. Asterix '*' can also be used to match
all ports.
type: string
protocol:
description: SecurityGroupProtocol defines the
protocol type for a security group rule.
type: string
source:
description: Source - The CIDR or source IP range.
Asterix '*' can also be used to match all source
IPs. Default tags such as 'VirtualNetwork',
'AzureLoadBalancer' and 'Internet' can also
be used. If this is an ingress rule, specifies
where network traffic originates from.
type: string
sourcePorts:
description: SourcePorts - The source port or
range. Integer or range between 0 and 65535.
Asterix '*' can also be used to match all ports.
type: string
required:
- description
- protocol
type: object
type: array
name:
type: string
tags:
additionalProperties:
type: string
description: Tags defines a map of tags.
type: object
type: object
required:
- name
type: object
type: array
vnet:
description: Vnet is the configuration for the Azure virtual network.
properties:
cidrBlock:
description: CidrBlock is the CIDR block to be used when the
provider creates a managed virtual network.
type: string
id:
description: ID is the identifier of the virtual network this
provider should use to create resources.
type: string
name:
description: Name defines a name for the virtual network resource.
type: string
resourceGroup:
description: ResourceGroup is the name of the resource group
of the existing virtual network or the resource group where
a managed virtual network should be created.
type: string
tags:
additionalProperties:
type: string
description: Tags is a collection of tags describing the resource.
type: object
required:
- name
type: object
type: object
resourceGroup:
type: string
required:
- location
- resourceGroup
type: object
status:
description: AzureClusterStatus defines the observed state of AzureCluster
properties:
apiEndpoints:
description: APIEndpoints represents the endpoints to communicate
with the control plane.
items:
description: APIEndpoint represents a reachable Kubernetes API endpoint.
properties:
host:
description: The hostname on which the API server is serving.
type: string
port:
description: The port on which the API server is serving.
type: integer
required:
- host
- port
type: object
type: array
bastion:
description: VM describes an Azure virtual machine.
properties:
addresses:
description: Addresses contains the Azure instance associated
addresses.
items:
description: NodeAddress contains information for the node's
address.
properties:
address:
description: The node address.
type: string
type:
description: Node address type, one of Hostname, ExternalIP
or InternalIP.
type: string
required:
- address
- type
type: object
type: array
availabilityZone:
type: string
id:
type: string
identity:
description: VMIdentity defines the identity of the virtual machine,
if configured.
type: string
image:
description: Storage profile
properties:
gallery:
type: string
id:
type: string
name:
type: string
offer:
type: string
publisher:
type: string
resourceGroup:
type: string
sku:
type: string
subscriptionID:
type: string
version:
type: string
type: object
name:
type: string
osDisk:
properties:
diskSizeGB:
format: int32
type: integer
managedDisk:
properties:
storageAccountType:
type: string
required:
- storageAccountType
type: object
osType:
type: string
required:
- diskSizeGB
- managedDisk
- osType
type: object
startupScript:
type: string
tags:
additionalProperties:
type: string
description: Tags defines a map of tags.
type: object
vmSize:
description: Hardware profile
type: string
vmState:
description: State - The provisioning state, which only appears
in the response.
type: string
type: object
network:
description: Network encapsulates Azure networking resources.
properties:
apiServerIp:
description: APIServerIP is the Kubernetes API server public IP
address.
properties:
dnsName:
type: string
id:
type: string
ipAddress:
type: string
name:
type: string
type: object
apiServerLb:
description: APIServerLB is the Kubernetes API server load balancer.
properties:
backendPool:
properties:
id:
type: string
name:
type: string
type: object
frontendIpConfig:
type: object
id:
type: string
name:
type: string
sku:
description: LoadBalancerSKU enumerates the values for load
balancer sku name.
type: string
tags:
additionalProperties:
type: string
description: Tags defines a map of tags.
type: object
type: object
securityGroups:
additionalProperties:
description: SecurityGroup defines an Azure security group.
properties:
id:
type: string
ingressRule:
description: IngressRules is a slice of Azure ingress rules
for security groups.
items:
description: IngressRule defines an Azure ingress rule
for security groups.
properties:
description:
type: string
destination:
description: Destination - The destination address
prefix. CIDR or destination IP range. Asterix '*'
can also be used to match all source IPs. Default
tags such as 'VirtualNetwork', 'AzureLoadBalancer'
and 'Internet' can also be used.
type: string
destinationPorts:
description: DestinationPorts - The destination port
or range. Integer or range between 0 and 65535.
Asterix '*' can also be used to match all ports.
type: string
protocol:
description: SecurityGroupProtocol defines the protocol
type for a security group rule.
type: string
source:
description: Source - The CIDR or source IP range.
Asterix '*' can also be used to match all source
IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer'
and 'Internet' can also be used. If this is an ingress
rule, specifies where network traffic originates
from.
type: string
sourcePorts:
description: SourcePorts - The source port or range.
Integer or range between 0 and 65535. Asterix '*'
can also be used to match all ports.
type: string
required:
- description
- protocol
type: object
type: array
name:
type: string
tags:
additionalProperties:
type: string
description: Tags defines a map of tags.
type: object
type: object
description: SecurityGroups is a map from the role/kind of the
security group to its unique name, if any.
type: object
type: object
ready:
description: Ready is true when the provider resource is ready.
type: boolean
type: object
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- description: Cluster to which this AzureCluster belongs
jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
name: Cluster
type: string
- jsonPath: .status.ready
name: Ready
type: boolean
- jsonPath: .spec.resourceGroup
name: Resource Group
priority: 1
type: string
- jsonPath: .spec.subscriptionID
name: SubscriptionID
priority: 1
type: string
- jsonPath: .spec.location
name: Location
priority: 1
type: string
- description: Control Plane Endpoint
jsonPath: .spec.controlPlaneEndpoint.host
name: Endpoint
priority: 1
type: string
name: v1alpha3
schema:
openAPIV3Schema:
description: AzureCluster is the Schema for the azureclusters API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureClusterSpec defines the desired state of AzureCluster
properties:
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to add to Azure
resources managed by the Azure provider, in addition to the ones
added by default.
type: object
controlPlaneEndpoint:
description: ControlPlaneEndpoint represents the endpoint used to
communicate with the control plane.
properties:
host:
description: The hostname on which the API server is serving.
type: string
port:
description: The port on which the API server is serving.
format: int32
type: integer
required:
- host
- port
type: object
location:
type: string
networkSpec:
description: NetworkSpec encapsulates all things related to Azure
network.
properties:
apiServerLB:
description: APIServerLB is the configuration for the control-plane
load balancer.
properties:
frontendIPs:
items:
description: FrontendIP defines a load balancer frontend
IP configuration.
properties:
name:
minLength: 1
type: string
privateIP:
type: string
publicIP:
description: PublicIPSpec defines the inputs to create
an Azure public IP address.
properties:
dnsName:
type: string
name:
type: string
required:
- name
type: object
required:
- name
type: object
type: array
id:
type: string
name:
type: string
sku:
description: SKU defines an Azure load balancer SKU.
type: string
type:
description: LBType defines an Azure load balancer Type.
type: string
type: object
subnets:
description: Subnets is the configuration for the control-plane
subnet and the node subnet.
items:
description: SubnetSpec configures an Azure subnet.
properties:
cidrBlock:
description: 'CidrBlock is the CIDR block to be used when
the provider creates a managed Vnet. DEPRECATED: Use CIDRBlocks
instead'
type: string
cidrBlocks:
description: CIDRBlocks defines the subnet's address space,
specified as one or more address prefixes in CIDR notation.
items:
type: string
type: array
id:
description: ID defines a unique identifier to reference
this resource.
type: string
internalLBIPAddress:
description: 'InternalLBIPAddress is the IP address that
will be used as the internal LB private IP. For the control
plane subnet only. Deprecated: Use LoadBalancer private
IP instead'
type: string
name:
description: Name defines a name for the subnet resource.
type: string
role:
description: Role defines the subnet role (eg. Node, ControlPlane)
type: string
routeTable:
description: RouteTable defines the route table that should
be attached to this subnet.
properties:
id:
type: string
name:
type: string
type: object
securityGroup:
description: SecurityGroup defines the NSG (network security
group) that should be attached to this subnet.
properties:
id:
type: string
ingressRule:
description: IngressRules is a slice of Azure ingress
rules for security groups.
items:
description: IngressRule defines an Azure ingress
rule for security groups.
properties:
description:
type: string
destination:
description: Destination - The destination address
prefix. CIDR or destination IP range. Asterix
'*' can also be used to match all source IPs.
Default tags such as 'VirtualNetwork', 'AzureLoadBalancer'
and 'Internet' can also be used.
type: string
destinationPorts:
description: DestinationPorts - The destination
port or range. Integer or range between 0 and
65535. Asterix '*' can also be used to match
all ports.
type: string
name:
type: string
priority:
description: Priority - A number between 100 and
4096. Each rule should have a unique value for
priority. Rules are processed in priority order,
with lower numbers processed before higher numbers.
Once traffic matches a rule, processing stops.
format: int32
type: integer
protocol:
description: SecurityGroupProtocol defines the
protocol type for a security group rule.
type: string
source:
description: Source - The CIDR or source IP range.
Asterix '*' can also be used to match all source
IPs. Default tags such as 'VirtualNetwork',
'AzureLoadBalancer' and 'Internet' can also
be used. If this is an ingress rule, specifies
where network traffic originates from.
type: string
sourcePorts:
description: SourcePorts - The source port or
range. Integer or range between 0 and 65535.
Asterix '*' can also be used to match all ports.
type: string
required:
- description
- name
- protocol
type: object
type: array
name:
type: string
tags:
additionalProperties:
type: string
description: Tags defines a map of tags.
type: object
type: object
required:
- name
type: object
type: array
vnet:
description: Vnet is the configuration for the Azure virtual network.
properties:
cidrBlock:
description: 'CidrBlock is the CIDR block to be used when
the provider creates a managed virtual network. DEPRECATED:
Use CIDRBlocks instead'
type: string
cidrBlocks:
description: CIDRBlocks defines the virtual network's address
space, specified as one or more address prefixes in CIDR
notation.
items:
type: string
type: array
id:
description: ID is the identifier of the virtual network this
provider should use to create resources.
type: string
name:
description: Name defines a name for the virtual network resource.
type: string
resourceGroup:
description: ResourceGroup is the name of the resource group
of the existing virtual network or the resource group where
a managed virtual network should be created.
type: string
tags:
additionalProperties:
type: string
description: Tags is a collection of tags describing the resource.
type: object
required:
- name
type: object
type: object
resourceGroup:
type: string
subscriptionID:
type: string
required:
- location
type: object
status:
description: AzureClusterStatus defines the observed state of AzureCluster
properties:
conditions:
description: Conditions defines current service state of the AzureCluster.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another. This should be when the underlying condition changed.
If that is not known, then using the time when the API field
changed is acceptable.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition. This field may be empty.
type: string
reason:
description: The reason for the condition's last transition
in CamelCase. The specific API may choose whether or not this
field is considered a guaranteed API. This field may not be
empty.
type: string
severity:
description: Severity provides an explicit classification of
Reason code, so the users or machines can immediately understand
the current situation and act accordingly. The Severity field
MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important.
type: string
required:
- status
- type
type: object
type: array
failureDomains:
additionalProperties:
description: FailureDomainSpec is the Schema for Cluster API failure
domains. It allows controllers to understand how many failure
domains a cluster can optionally span across.
properties:
attributes:
additionalProperties:
type: string
description: Attributes is a free form map of attributes an
infrastructure provider might use or require.
type: object
controlPlane:
description: ControlPlane determines if this failure domain
is suitable for use by control plane machines.
type: boolean
type: object
description: 'FailureDomains specifies the list of unique failure
domains for the location/region of the cluster. A FailureDomain
maps to Availability Zone with an Azure Region (if the region support
them). An Availability Zone is a separate data center within a region
and they can be used to ensure the cluster is more resilient to
failure. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview
This list will be used by Cluster API to try and spread the machines
across the failure domains.'
type: object
ready:
description: Ready is true when the provider resource is ready.
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

628
manifests/function/capz/v0.4.9/crd/bases/infrastructure.cluster.x-k8s.io_azuremachines.yaml Normal file
View File

@ -0,0 +1,628 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: azuremachines.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureMachine
listKind: AzureMachineList
plural: azuremachines
singular: azuremachine
scope: Namespaced
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: AzureMachine is the Schema for the azuremachines API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureMachineSpec defines the desired state of AzureMachine
properties:
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to add to an
instance, in addition to the ones added by default by the Azure
provider. If both the AzureCluster and the AzureMachine specify
the same tag name with different values, the AzureMachine's value
takes precedence.
type: object
allocatePublicIP:
description: AllocatePublicIP allows the ability to create dynamic
public ips for machines where this value is true.
type: boolean
availabilityZone:
properties:
enabled:
type: boolean
id:
type: string
type: object
image:
description: 'Image defines information about the image to use for
VM creation. There are three ways to specify an image: by ID, by
publisher, or by Shared Image Gallery. If specifying an image by
ID, only the ID field needs to be set. If specifying an image by
publisher, the Publisher, Offer, SKU, and Version fields must be
set. If specifying an image from a Shared Image Gallery, the SubscriptionID,
ResourceGroup, Gallery, Name, and Version fields must be set.'
properties:
gallery:
type: string
id:
type: string
name:
type: string
offer:
type: string
publisher:
type: string
resourceGroup:
type: string
sku:
type: string
subscriptionID:
type: string
version:
type: string
type: object
location:
type: string
osDisk:
properties:
diskSizeGB:
format: int32
type: integer
managedDisk:
properties:
storageAccountType:
type: string
required:
- storageAccountType
type: object
osType:
type: string
required:
- diskSizeGB
- managedDisk
- osType
type: object
providerID:
description: ProviderID is the unique identifier as specified by the
cloud provider.
type: string
sshPublicKey:
type: string
vmSize:
type: string
required:
- location
- osDisk
- sshPublicKey
- vmSize
type: object
status:
description: AzureMachineStatus defines the observed state of AzureMachine
properties:
addresses:
description: Addresses contains the Azure instance associated addresses.
items:
description: NodeAddress contains information for the node's address.
properties:
address:
description: The node address.
type: string
type:
description: Node address type, one of Hostname, ExternalIP
or InternalIP.
type: string
required:
- address
- type
type: object
type: array
errorMessage:
description: "ErrorMessage will be set in the event that there is
a terminal problem reconciling the Machine and will contain a more
verbose string suitable for logging and human consumption. \n This
field should not be set for transitive errors that a controller
faces that are expected to be fixed automatically over time (like
service outages), but instead indicate that something is fundamentally
wrong with the Machine's spec or the configuration of the controller,
and that manual intervention is required. Examples of terminal errors
would be invalid combinations of settings in the spec, values that
are unsupported by the controller, or the responsible controller
itself being critically misconfigured. \n Any transient errors that
occur during the reconciliation of Machines can be added as events
to the Machine object and/or logged in the controller's output."
type: string
errorReason:
description: "ErrorReason will be set in the event that there is a
terminal problem reconciling the Machine and will contain a succinct
value suitable for machine interpretation. \n This field should
not be set for transitive errors that a controller faces that are
expected to be fixed automatically over time (like service outages),
but instead indicate that something is fundamentally wrong with
the Machine's spec or the configuration of the controller, and that
manual intervention is required. Examples of terminal errors would
be invalid combinations of settings in the spec, values that are
unsupported by the controller, or the responsible controller itself
being critically misconfigured. \n Any transient errors that occur
during the reconciliation of Machines can be added as events to
the Machine object and/or logged in the controller's output."
type: string
ready:
description: Ready is true when the provider resource is ready.
type: boolean
vmState:
description: VMState is the provisioning state of the Azure virtual
machine.
type: string
type: object
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- description: AzureMachine ready status
jsonPath: .status.ready
name: Ready
type: string
- description: Azure VM provisioning state
jsonPath: .status.vmState
name: State
type: string
- description: Cluster to which this AzureMachine belongs
jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
name: Cluster
priority: 1
type: string
- description: Machine object to which this AzureMachine belongs
jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
name: Machine
priority: 1
type: string
- description: Azure VM ID
jsonPath: .spec.providerID
name: VM ID
priority: 1
type: string
- description: Azure VM Size
jsonPath: .spec.vmSize
name: VM Size
priority: 1
type: string
name: v1alpha3
schema:
openAPIV3Schema:
description: AzureMachine is the Schema for the azuremachines API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureMachineSpec defines the desired state of AzureMachine
properties:
acceleratedNetworking:
description: AcceleratedNetworking enables or disables Azure accelerated
networking. If omitted, it will be set based on whether the requested
VMSize supports accelerated networking. If AcceleratedNetworking
is set to true with a VMSize that does not support it, Azure will
return an error.
type: boolean
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to add to an
instance, in addition to the ones added by default by the Azure
provider. If both the AzureCluster and the AzureMachine specify
the same tag name with different values, the AzureMachine's value
takes precedence.
type: object
allocatePublicIP:
description: AllocatePublicIP allows the ability to create dynamic
public ips for machines where this value is true.
type: boolean
availabilityZone:
description: 'DEPRECATED: use FailureDomain instead'
properties:
enabled:
type: boolean
id:
type: string
type: object
dataDisks:
description: DataDisk specifies the parameters that are used to add
one or more data disks to the machine
items:
description: DataDisk specifies the parameters that are used to
add one or more data disks to the machine.
properties:
cachingType:
type: string
diskSizeGB:
description: DiskSizeGB is the size in GB to assign to the data
disk.
format: int32
type: integer
lun:
description: Lun Specifies the logical unit number of the data
disk. This value is used to identify data disks within the
VM and therefore must be unique for each data disk attached
to a VM. The value must be between 0 and 63.
format: int32
type: integer
nameSuffix:
description: NameSuffix is the suffix to be appended to the
machine name to generate the disk name. Each disk name will
be in format <machineName>_<nameSuffix>.
type: string
required:
- diskSizeGB
- nameSuffix
type: object
type: array
enableIPForwarding:
description: EnableIPForwarding enables IP Forwarding in Azure which
is required for some CNI's to send traffic from a pods on one machine
to another. This is required for IpV6 with Calico in combination
with User Defined Routes (set by the Azure Cloud Controller manager).
Default is false for disabled.
type: boolean
failureDomain:
description: FailureDomain is the failure domain unique identifier
this Machine should be attached to, as defined in Cluster API. This
relates to an Azure Availability Zone
type: string
identity:
default: None
description: Identity is the type of identity used for the virtual
machine. The type 'SystemAssigned' is an implicitly created identity.
The generated identity will be assigned a Subscription contributor
role. The type 'UserAssigned' is a standalone Azure resource provided
by the user and assigned to the VM
enum:
- None
- SystemAssigned
- UserAssigned
type: string
image:
description: Image is used to provide details of an image to use during
VM creation. If image details are omitted the image will default
the Azure Marketplace "capi" offer, which is based on Ubuntu.
properties:
id:
description: ID specifies an image to use by ID
type: string
marketplace:
description: Marketplace specifies an image to use from the Azure
Marketplace
properties:
offer:
description: Offer specifies the name of a group of related
images created by the publisher. For example, UbuntuServer,
WindowsServer
minLength: 1
type: string
publisher:
description: Publisher is the name of the organization that
created the image
minLength: 1
type: string
sku:
description: SKU specifies an instance of an offer, such as
a major release of a distribution. For example, 18.04-LTS,
2019-Datacenter
minLength: 1
type: string
thirdPartyImage:
default: false
description: ThirdPartyImage indicates the image is published
by a third party publisher and a Plan will be generated
for it.
type: boolean
version:
description: Version specifies the version of an image sku.
The allowed formats are Major.Minor.Build or 'latest'. Major,
Minor, and Build are decimal numbers. Specify 'latest' to
use the latest version of an image available at deploy time.
Even if you use 'latest', the VM image will not automatically
update after deploy time even if a new version becomes available.
minLength: 1
type: string
required:
- offer
- publisher
- sku
- version
type: object
sharedGallery:
description: SharedGallery specifies an image to use from an Azure
Shared Image Gallery
properties:
gallery:
description: Gallery specifies the name of the shared image
gallery that contains the image
minLength: 1
type: string
name:
description: Name is the name of the image
minLength: 1
type: string
resourceGroup:
description: ResourceGroup specifies the resource group containing
the shared image gallery
minLength: 1
type: string
subscriptionID:
description: SubscriptionID is the identifier of the subscription
that contains the shared image gallery
minLength: 1
type: string
version:
description: Version specifies the version of the marketplace
image. The allowed formats are Major.Minor.Build or 'latest'.
Major, Minor, and Build are decimal numbers. Specify 'latest'
to use the latest version of an image available at deploy
time. Even if you use 'latest', the VM image will not automatically
update after deploy time even if a new version becomes available.
minLength: 1
type: string
required:
- gallery
- name
- resourceGroup
- subscriptionID
- version
type: object
type: object
location:
description: 'DEPRECATED: to support old clients, will be removed
in v1alpha4'
type: string
osDisk:
description: OSDisk specifies the parameters for the operating system
disk of the machine
properties:
cachingType:
type: string
diffDiskSettings:
description: DiffDiskSettings describe ephemeral disk settings
for the os disk.
properties:
option:
description: Option enables ephemeral OS when set to "Local"
See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks
for full details
enum:
- Local
type: string
required:
- option
type: object
diskSizeGB:
format: int32
type: integer
managedDisk:
description: ManagedDisk defines the managed disk options for
a VM.
properties:
diskEncryptionSet:
description: DiskEncryptionSetParameters defines disk encryption
options.
properties:
id:
description: ID defines resourceID for diskEncryptionSet
resource. It must be in the same subscription
type: string
type: object
storageAccountType:
type: string
required:
- storageAccountType
type: object
osType:
type: string
required:
- diskSizeGB
- managedDisk
- osType
type: object
providerID:
description: ProviderID is the unique identifier as specified by the
cloud provider.
type: string
roleAssignmentName:
description: RoleAssignmentName is the name of the role assignment
to create for a system assigned identity. It can be any valid GUID.
If not specified, a random GUID will be generated.
type: string
securityProfile:
description: SecurityProfile specifies the Security profile settings
for a virtual machine.
properties:
encryptionAtHost:
description: This field indicates whether Host Encryption should
be enabled or disabled for a virtual machine or virtual machine
scale set. Default is disabled.
type: boolean
type: object
spotVMOptions:
description: SpotVMOptions allows the ability to specify the Machine
should use a Spot VM
properties:
maxPrice:
description: MaxPrice defines the maximum price the user is willing
to pay for Spot VM instances
type: number
type: object
sshPublicKey:
type: string
userAssignedIdentities:
description: UserAssignedIdentities is a list of standalone Azure
identities provided by the user The lifecycle of a user-assigned
identity is managed separately from the lifecycle of the AzureMachine.
See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli
items:
description: UserAssignedIdentity defines the user-assigned identities
provided by the user to be assigned to Azure resources.
properties:
providerID:
description: 'ProviderID is the identification ID of the user-assigned
Identity, the format of an identity is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'''
type: string
required:
- providerID
type: object
type: array
vmSize:
type: string
required:
- location
- osDisk
- sshPublicKey
- vmSize
type: object
status:
description: AzureMachineStatus defines the observed state of AzureMachine
properties:
addresses:
description: Addresses contains the Azure instance associated addresses.
items:
description: NodeAddress contains information for the node's address.
properties:
address:
description: The node address.
type: string
type:
description: Node address type, one of Hostname, ExternalIP
or InternalIP.
type: string
required:
- address
- type
type: object
type: array
conditions:
description: Conditions defines current service state of the AzureMachine.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another. This should be when the underlying condition changed.
If that is not known, then using the time when the API field
changed is acceptable.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition. This field may be empty.
type: string
reason:
description: The reason for the condition's last transition
in CamelCase. The specific API may choose whether or not this
field is considered a guaranteed API. This field may not be
empty.
type: string
severity:
description: Severity provides an explicit classification of
Reason code, so the users or machines can immediately understand
the current situation and act accordingly. The Severity field
MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important.
type: string
required:
- status
- type
type: object
type: array
failureMessage:
description: "ErrorMessage will be set in the event that there is
a terminal problem reconciling the Machine and will contain a more
verbose string suitable for logging and human consumption. \n This
field should not be set for transitive errors that a controller
faces that are expected to be fixed automatically over time (like
service outages), but instead indicate that something is fundamentally
wrong with the Machine's spec or the configuration of the controller,
and that manual intervention is required. Examples of terminal errors
would be invalid combinations of settings in the spec, values that
are unsupported by the controller, or the responsible controller
itself being critically misconfigured. \n Any transient errors that
occur during the reconciliation of Machines can be added as events
to the Machine object and/or logged in the controller's output."
type: string
failureReason:
description: "ErrorReason will be set in the event that there is a
terminal problem reconciling the Machine and will contain a succinct
value suitable for machine interpretation. \n This field should
not be set for transitive errors that a controller faces that are
expected to be fixed automatically over time (like service outages),
but instead indicate that something is fundamentally wrong with
the Machine's spec or the configuration of the controller, and that
manual intervention is required. Examples of terminal errors would
be invalid combinations of settings in the spec, values that are
unsupported by the controller, or the responsible controller itself
being critically misconfigured. \n Any transient errors that occur
during the reconciliation of Machines can be added as events to
the Machine object and/or logged in the controller's output."
type: string
ready:
description: Ready is true when the provider resource is ready.
type: boolean
vmState:
description: VMState is the provisioning state of the Azure virtual
machine.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

477
manifests/function/capz/v0.4.9/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml Normal file
View File

@ -0,0 +1,477 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: azuremachinetemplates.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureMachineTemplate
listKind: AzureMachineTemplateList
plural: azuremachinetemplates
singular: azuremachinetemplate
scope: Namespaced
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: AzureMachineTemplate is the Schema for the azuremachinetemplates
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureMachineTemplateSpec defines the desired state of AzureMachineTemplate
properties:
template:
description: AzureMachineTemplateResource describes the data needed
to create am AzureMachine from a template
properties:
spec:
description: Spec is the specification of the desired behavior
of the machine.
properties:
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to
add to an instance, in addition to the ones added by default
by the Azure provider. If both the AzureCluster and the
AzureMachine specify the same tag name with different values,
the AzureMachine's value takes precedence.
type: object
allocatePublicIP:
description: AllocatePublicIP allows the ability to create
dynamic public ips for machines where this value is true.
type: boolean
availabilityZone:
properties:
enabled:
type: boolean
id:
type: string
type: object
image:
description: 'Image defines information about the image to
use for VM creation. There are three ways to specify an
image: by ID, by publisher, or by Shared Image Gallery.
If specifying an image by ID, only the ID field needs to
be set. If specifying an image by publisher, the Publisher,
Offer, SKU, and Version fields must be set. If specifying
an image from a Shared Image Gallery, the SubscriptionID,
ResourceGroup, Gallery, Name, and Version fields must be
set.'
properties:
gallery:
type: string
id:
type: string
name:
type: string
offer:
type: string
publisher:
type: string
resourceGroup:
type: string
sku:
type: string
subscriptionID:
type: string
version:
type: string
type: object
location:
type: string
osDisk:
properties:
diskSizeGB:
format: int32
type: integer
managedDisk:
properties:
storageAccountType:
type: string
required:
- storageAccountType
type: object
osType:
type: string
required:
- diskSizeGB
- managedDisk
- osType
type: object
providerID:
description: ProviderID is the unique identifier as specified
by the cloud provider.
type: string
sshPublicKey:
type: string
vmSize:
type: string
required:
- location
- osDisk
- sshPublicKey
- vmSize
type: object
required:
- spec
type: object
required:
- template
type: object
type: object
served: true
storage: false
- name: v1alpha3
schema:
openAPIV3Schema:
description: AzureMachineTemplate is the Schema for the azuremachinetemplates
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureMachineTemplateSpec defines the desired state of AzureMachineTemplate
properties:
template:
description: AzureMachineTemplateResource describes the data needed
to create an AzureMachine from a template
properties:
spec:
description: Spec is the specification of the desired behavior
of the machine.
properties:
acceleratedNetworking:
description: AcceleratedNetworking enables or disables Azure
accelerated networking. If omitted, it will be set based
on whether the requested VMSize supports accelerated networking.
If AcceleratedNetworking is set to true with a VMSize that
does not support it, Azure will return an error.
type: boolean
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to
add to an instance, in addition to the ones added by default
by the Azure provider. If both the AzureCluster and the
AzureMachine specify the same tag name with different values,
the AzureMachine's value takes precedence.
type: object
allocatePublicIP:
description: AllocatePublicIP allows the ability to create
dynamic public ips for machines where this value is true.
type: boolean
availabilityZone:
description: 'DEPRECATED: use FailureDomain instead'
properties:
enabled:
type: boolean
id:
type: string
type: object
dataDisks:
description: DataDisk specifies the parameters that are used
to add one or more data disks to the machine
items:
description: DataDisk specifies the parameters that are
used to add one or more data disks to the machine.
properties:
cachingType:
type: string
diskSizeGB:
description: DiskSizeGB is the size in GB to assign
to the data disk.
format: int32
type: integer
lun:
description: Lun Specifies the logical unit number of
the data disk. This value is used to identify data
disks within the VM and therefore must be unique for
each data disk attached to a VM. The value must be
between 0 and 63.
format: int32
type: integer
nameSuffix:
description: NameSuffix is the suffix to be appended
to the machine name to generate the disk name. Each
disk name will be in format <machineName>_<nameSuffix>.
type: string
required:
- diskSizeGB
- nameSuffix
type: object
type: array
enableIPForwarding:
description: EnableIPForwarding enables IP Forwarding in Azure
which is required for some CNI's to send traffic from a
pods on one machine to another. This is required for IpV6
with Calico in combination with User Defined Routes (set
by the Azure Cloud Controller manager). Default is false
for disabled.
type: boolean
failureDomain:
description: FailureDomain is the failure domain unique identifier
this Machine should be attached to, as defined in Cluster
API. This relates to an Azure Availability Zone
type: string
identity:
default: None
description: Identity is the type of identity used for the
virtual machine. The type 'SystemAssigned' is an implicitly
created identity. The generated identity will be assigned
a Subscription contributor role. The type 'UserAssigned'
is a standalone Azure resource provided by the user and
assigned to the VM
enum:
- None
- SystemAssigned
- UserAssigned
type: string
image:
description: Image is used to provide details of an image
to use during VM creation. If image details are omitted
the image will default the Azure Marketplace "capi" offer,
which is based on Ubuntu.
properties:
id:
description: ID specifies an image to use by ID
type: string
marketplace:
description: Marketplace specifies an image to use from
the Azure Marketplace
properties:
offer:
description: Offer specifies the name of a group of
related images created by the publisher. For example,
UbuntuServer, WindowsServer
minLength: 1
type: string
publisher:
description: Publisher is the name of the organization
that created the image
minLength: 1
type: string
sku:
description: SKU specifies an instance of an offer,
such as a major release of a distribution. For example,
18.04-LTS, 2019-Datacenter
minLength: 1
type: string
thirdPartyImage:
default: false
description: ThirdPartyImage indicates the image is
published by a third party publisher and a Plan
will be generated for it.
type: boolean
version:
description: Version specifies the version of an image
sku. The allowed formats are Major.Minor.Build or
'latest'. Major, Minor, and Build are decimal numbers.
Specify 'latest' to use the latest version of an
image available at deploy time. Even if you use
'latest', the VM image will not automatically update
after deploy time even if a new version becomes
available.
minLength: 1
type: string
required:
- offer
- publisher
- sku
- version
type: object
sharedGallery:
description: SharedGallery specifies an image to use from
an Azure Shared Image Gallery
properties:
gallery:
description: Gallery specifies the name of the shared
image gallery that contains the image
minLength: 1
type: string
name:
description: Name is the name of the image
minLength: 1
type: string
resourceGroup:
description: ResourceGroup specifies the resource
group containing the shared image gallery
minLength: 1
type: string
subscriptionID:
description: SubscriptionID is the identifier of the
subscription that contains the shared image gallery
minLength: 1
type: string
version:
description: Version specifies the version of the
marketplace image. The allowed formats are Major.Minor.Build
or 'latest'. Major, Minor, and Build are decimal
numbers. Specify 'latest' to use the latest version
of an image available at deploy time. Even if you
use 'latest', the VM image will not automatically
update after deploy time even if a new version becomes
available.
minLength: 1
type: string
required:
- gallery
- name
- resourceGroup
- subscriptionID
- version
type: object
type: object
location:
description: 'DEPRECATED: to support old clients, will be
removed in v1alpha4'
type: string
osDisk:
description: OSDisk specifies the parameters for the operating
system disk of the machine
properties:
cachingType:
type: string
diffDiskSettings:
description: DiffDiskSettings describe ephemeral disk
settings for the os disk.
properties:
option:
description: Option enables ephemeral OS when set
to "Local" See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks
for full details
enum:
- Local
type: string
required:
- option
type: object
diskSizeGB:
format: int32
type: integer
managedDisk:
description: ManagedDisk defines the managed disk options
for a VM.
properties:
diskEncryptionSet:
description: DiskEncryptionSetParameters defines disk
encryption options.
properties:
id:
description: ID defines resourceID for diskEncryptionSet
resource. It must be in the same subscription
type: string
type: object
storageAccountType:
type: string
required:
- storageAccountType
type: object
osType:
type: string
required:
- diskSizeGB
- managedDisk
- osType
type: object
providerID:
description: ProviderID is the unique identifier as specified
by the cloud provider.
type: string
roleAssignmentName:
description: RoleAssignmentName is the name of the role assignment
to create for a system assigned identity. It can be any
valid GUID. If not specified, a random GUID will be generated.
type: string
securityProfile:
description: SecurityProfile specifies the Security profile
settings for a virtual machine.
properties:
encryptionAtHost:
description: This field indicates whether Host Encryption
should be enabled or disabled for a virtual machine
or virtual machine scale set. Default is disabled.
type: boolean
type: object
spotVMOptions:
description: SpotVMOptions allows the ability to specify the
Machine should use a Spot VM
properties:
maxPrice:
description: MaxPrice defines the maximum price the user
is willing to pay for Spot VM instances
type: number
type: object
sshPublicKey:
type: string
userAssignedIdentities:
description: UserAssignedIdentities is a list of standalone
Azure identities provided by the user The lifecycle of a
user-assigned identity is managed separately from the lifecycle
of the AzureMachine. See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli
items:
description: UserAssignedIdentity defines the user-assigned
identities provided by the user to be assigned to Azure
resources.
properties:
providerID:
description: 'ProviderID is the identification ID of
the user-assigned Identity, the format of an identity
is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'''
type: string
required:
- providerID
type: object
type: array
vmSize:
type: string
required:
- location
- osDisk
- sshPublicKey
- vmSize
type: object
required:
- spec
type: object
required:
- template
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

43
manifests/function/capz/v0.4.9/crd/kustomization.yaml Normal file
View File

@ -0,0 +1,43 @@
# This kustomization.yaml is not intended to be run by itself,
# since it depends on service name and namespace that are out of this kustomize package.
# It should be run by config/
commonLabels:
cluster.x-k8s.io/v1alpha3: v1alpha3
resources:
- bases/infrastructure.cluster.x-k8s.io_azuremachines.yaml
- bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml
- bases/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml
- bases/exp.infrastructure.cluster.x-k8s.io_azuremachinepools.yaml
- bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedmachinepools.yaml
- bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedclusters.yaml
- bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml
# +kubebuilder:scaffold:crdkustomizeresource
patchesStrategicMerge:
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
# patches here are for enabling the conversion webhook for each CRD
- patches/webhook_in_azuremachines.yaml
- patches/webhook_in_azureclusters.yaml
- patches/webhook_in_azuremachinetemplates.yaml
- patches/webhook_in_azuremachinepools.yaml
# - patches/webhook_in_azuremanagedmachinepools.yaml
# - patches/webhook_in_azuremanagedclusters.yaml
# - patches/webhook_in_azuremanagedcontrolplanes.yaml
# +kubebuilder:scaffold:crdkustomizewebhookpatch
# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
# patches here are for enabling the CA injection for each CRD
- patches/cainjection_in_azuremachines.yaml
- patches/cainjection_in_azureclusters.yaml
- patches/cainjection_in_azuremachinetemplates.yaml
- patches/cainjection_in_azuremachinepools.yaml
# - patches/cainjection_in_azuremanagedmachinepools.yaml
# - patches/cainjection_in_azuremanagedclusters.yaml
# - patches/cainjection_in_azuremanagedcontrolplanes.yaml
# +kubebuilder:scaffold:crdkustomizecainjectionpatch
# the following config is for teaching kustomize how to do kustomization for CRDs.
configurations:
- kustomizeconfig.yaml

17
manifests/function/capz/v0.4.9/crd/kustomizeconfig.yaml Normal file
View File

@ -0,0 +1,17 @@
# This file is for teaching kustomize how to substitute name and namespace reference in CRD
nameReference:
- kind: Service
version: v1
fieldSpecs:
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhook/clientConfig/service/name
namespace:
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhook/clientConfig/service/namespace
create: false
varReference:
- path: metadata/annotations

8
manifests/function/capz/v0.4.9/crd/patches/cainjection_in_azureclusters.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azureclusters.infrastructure.cluster.x-k8s.io

8
manifests/function/capz/v0.4.9/crd/patches/cainjection_in_azuremachinepools.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azuremachinepools.exp.infrastructure.cluster.x-k8s.io

8
manifests/function/capz/v0.4.9/crd/patches/cainjection_in_azuremachines.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azuremachines.infrastructure.cluster.x-k8s.io

8
manifests/function/capz/v0.4.9/crd/patches/cainjection_in_azuremachinetemplates.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azuremachinetemplates.infrastructure.cluster.x-k8s.io

8
manifests/function/capz/v0.4.9/crd/patches/cainjection_in_azuremanagedclusters.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azuremanagedclusters.exp.infrastructure.cluster.x-k8s.io

8
manifests/function/capz/v0.4.9/crd/patches/cainjection_in_azuremanagedcontrolplanes.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azuremanagedcontrolplanes.exp.infrastructure.cluster.x-k8s.io

8
manifests/function/capz/v0.4.9/crd/patches/cainjection_in_azuremanagedmachinepools.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azuremanagedmachinepools.exp.infrastructure.cluster.x-k8s.io

19
manifests/function/capz/v0.4.9/crd/patches/webhook_in_azureclusters.yaml Normal file
View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azureclusters.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

19
manifests/function/capz/v0.4.9/crd/patches/webhook_in_azuremachinepools.yaml Normal file
View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azuremachinepools.exp.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

19
manifests/function/capz/v0.4.9/crd/patches/webhook_in_azuremachines.yaml Normal file
View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azuremachines.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

19
manifests/function/capz/v0.4.9/crd/patches/webhook_in_azuremachinetemplates.yaml Normal file
View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azuremachinetemplates.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

19
manifests/function/capz/v0.4.9/crd/patches/webhook_in_azuremanagedclusters.yaml Normal file
View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azuremanagedclusters.exp.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

19
manifests/function/capz/v0.4.9/crd/patches/webhook_in_azuremanagedcontrolplanes.yaml Normal file
View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azuremanagedcontrolplanes.exp.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

19
manifests/function/capz/v0.4.9/crd/patches/webhook_in_azuremanagedmachinepools.yaml Normal file
View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azuremanagedmachinepools.exp.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

7
manifests/function/capz/v0.4.9/default/cloud_environment.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: manager-bootstrap-cloud-env
namespace: system
data:
cloud-env: ${AZURE_ENVIRONMENT:-"AzurePublicCloud"}

11
manifests/function/capz/v0.4.9/default/credentials.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: manager-bootstrap-credentials
namespace: system
type: Opaque
data:
subscription-id: ${AZURE_SUBSCRIPTION_ID_B64}
tenant-id: ${AZURE_TENANT_ID_B64}
client-id: ${AZURE_CLIENT_ID_B64}
client-secret: ${AZURE_CLIENT_SECRET_B64}

14
manifests/function/capz/v0.4.9/default/kustomization.yaml Normal file
View File

@ -0,0 +1,14 @@
namespace: capz-system
resources:
- namespace.yaml
- credentials.yaml
- cloud_environment.yaml
bases:
- ../rbac
- ../manager
patchesStrategicMerge:
- manager_credentials_patch.yaml
- manager_cloud_env_patch.yaml

16
manifests/function/capz/v0.4.9/default/manager_cloud_env_patch.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: manager
env:
- name: AZURE_ENVIRONMENT
valueFrom:
configMapKeyRef:
name: manager-bootstrap-cloud-env
key: cloud-env

31
manifests/function/capz/v0.4.9/default/manager_credentials_patch.yaml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: manager
env:
- name: AZURE_SUBSCRIPTION_ID
valueFrom:
secretKeyRef:
name: manager-bootstrap-credentials
key: subscription-id
- name: AZURE_TENANT_ID
valueFrom:
secretKeyRef:
name: manager-bootstrap-credentials
key: tenant-id
- name: AZURE_CLIENT_ID
valueFrom:
secretKeyRef:
name: manager-bootstrap-credentials
key: client-id
- name: AZURE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: manager-bootstrap-credentials
key: client-secret

19
manifests/function/capz/v0.4.9/default/manager_prometheus_metrics_patch.yaml Normal file
View File

@ -0,0 +1,19 @@
# This patch enables Prometheus scraping for the manager pod.
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
metadata:
annotations:
prometheus.io/scrape: 'true'
spec:
containers:
# Expose the prometheus metrics on default port
- name: manager
ports:
- containerPort: 8080
name: metrics
protocol: TCP

15
manifests/function/capz/v0.4.9/default/manager_role_aggregation_patch.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: manager-role
labels:
cluster.x-k8s.io/aggregate-to-manager: "true"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: aggregated-manager-role

4
manifests/function/capz/v0.4.9/default/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: system

29
manifests/function/capz/v0.4.9/kustomization.yaml Normal file
View File

@ -0,0 +1,29 @@
namePrefix: capz-
# Labels to add to all resources and selectors.
commonLabels:
cluster.x-k8s.io/provider: "infrastructure-azure"
resources:
- crd
- webhook
- default
patchesJson6902:
- target:
group: apiextensions.k8s.io
version: v1
kind: CustomResourceDefinition
name: azureclusters.infrastructure.cluster.x-k8s.io
path: patch_crd_webhook_namespace.yaml
- target:
group: apiextensions.k8s.io
version: v1
kind: CustomResourceDefinition
name: azuremachines.infrastructure.cluster.x-k8s.io
path: patch_crd_webhook_namespace.yaml
- target:
group: apiextensions.k8s.io
version: v1
kind: CustomResourceDefinition
name: azuremachinetemplates.infrastructure.cluster.x-k8s.io
path: patch_crd_webhook_namespace.yaml

9
manifests/function/capz/v0.4.9/manager/kustomization.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- manager.yaml
patchesStrategicMerge:
- manager_pull_policy.yaml
- manager_image_patch.yaml
- manager_auth_proxy_patch.yaml

37
manifests/function/capz/v0.4.9/manager/manager.yaml Normal file
View File

@ -0,0 +1,37 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
labels:
control-plane: capz-controller-manager
spec:
selector:
matchLabels:
control-plane: capz-controller-manager
replicas: 1
template:
metadata:
labels:
control-plane: capz-controller-manager
spec:
containers:
- args:
- --enable-leader-election
- "--feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKS=${EXP_AKS:=false}"
image: controller:latest
imagePullPolicy: Always
name: manager
ports:
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
livenessProbe:
httpGet:
path: /healthz
port: healthz
terminationGracePeriodSeconds: 10

26
manifests/function/capz/v0.4.9/manager/manager_auth_proxy_patch.yaml Normal file
View File

@ -0,0 +1,26 @@
# This patch inject a sidecar container which is a HTTP proxy for the controller manager,
# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: kube-rbac-proxy
image: ${CONTAINER_CAPZ_AUTH_PROXY}
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8443
name: https
- name: manager
args:
- "--metrics-addr=127.0.0.1:8080"
- "--enable-leader-election"
- "--feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKS=${EXP_AKS:=false}"

12
manifests/function/capz/v0.4.9/manager/manager_image_patch.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
# Change the value of image field below to your controller image URL
- image: ${CONTAINER_CAPZ_MANAGER}
name: manager

11
manifests/function/capz/v0.4.9/manager/manager_pull_policy.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: manager
imagePullPolicy: Always

3
manifests/function/capz/v0.4.9/patch_crd_webhook_namespace.yaml Normal file
View File

@ -0,0 +1,3 @@
- op: replace
path: "/spec/conversion/webhook/clientConfig/service/namespace"
value: capi-webhook-system

7
manifests/function/capz/v0.4.9/rbac/auth_proxy_client_clusterrole.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: metrics-reader
rules:
- nonResourceURLs: ["/metrics"]
verbs: ["get"]

13
manifests/function/capz/v0.4.9/rbac/auth_proxy_role.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: proxy-role
rules:
- apiGroups: ["authentication.k8s.io"]
resources:
- tokenreviews
verbs: ["create"]
- apiGroups: ["authorization.k8s.io"]
resources:
- subjectaccessreviews
verbs: ["create"]

12
manifests/function/capz/v0.4.9/rbac/auth_proxy_role_binding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: proxy-role
subjects:
- kind: ServiceAccount
name: default
namespace: system

14
manifests/function/capz/v0.4.9/rbac/auth_proxy_service.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
labels:
control-plane: capz-controller-manager
name: controller-manager-metrics-service
namespace: system
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
control-plane: capz-controller-manager

11
manifests/function/capz/v0.4.9/rbac/kustomization.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- role.yaml
- role_binding.yaml
- leader_election_role.yaml
- leader_election_role_binding.yaml
- auth_proxy_client_clusterrole.yaml
- auth_proxy_service.yaml
- auth_proxy_role.yaml
- auth_proxy_role_binding.yaml

26
manifests/function/capz/v0.4.9/rbac/leader_election_role.yaml Normal file
View File

@ -0,0 +1,26 @@
# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: leader-election-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch

12
manifests/function/capz/v0.4.9/rbac/leader_election_role_binding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: leader-election-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: leader-election-role
subjects:
- kind: ServiceAccount
name: default
namespace: system

196
manifests/function/capz/v0.4.9/rbac/role.yaml Normal file
View File

@ -0,0 +1,196 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: manager-role
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/status
verbs:
- get
- list
- patch
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machines
- machines/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- exp.cluster.x-k8s.io
resources:
- machinepools
- machinepools/status
verbs:
- get
- list
- watch
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
resources:
- azuremachinepools
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
resources:
- azuremachinepools/status
verbs:
- get
- patch
- update
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
resources:
- azuremanagedclusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
resources:
- azuremanagedclusters/status
verbs:
- get
- patch
- update
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
resources:
- azuremanagedcontrolplanes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
resources:
- azuremanagedcontrolplanes/status
verbs:
- get
- patch
- update
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
resources:
- azuremanagedmachinepools
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
resources:
- azuremanagedmachinepools/status
verbs:
- get
- patch
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azureclusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azureclusters/status
verbs:
- get
- patch
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azuremachines
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azuremachines/status
verbs:
- get
- patch
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azuremachinetemplates
- azuremachinetemplates/status
verbs:
- get
- list
- watch

12
manifests/function/capz/v0.4.9/rbac/role_binding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: manager-role
subjects:
- kind: ServiceAccount
name: default
namespace: system

42
manifests/function/capz/v0.4.9/webhook/kustomization.yaml Normal file
View File

@ -0,0 +1,42 @@
namespace: capi-webhook-system
resources:
- manifests.yaml
- service.yaml
- ../certmanager
- ../manager
configurations:
- kustomizeconfig.yaml
patchesStrategicMerge:
- manager_webhook_patch.yaml
- webhookcainjection_patch.yaml
vars:
- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
objref:
kind: Certificate
group: cert-manager.io
version: v1alpha2
name: serving-cert # this name should match the one in certificate.yaml
fieldref:
fieldpath: metadata.namespace
- name: CERTIFICATE_NAME
objref:
kind: Certificate
group: cert-manager.io
version: v1alpha2
name: serving-cert # this name should match the one in certificate.yaml
- name: SERVICE_NAMESPACE # namespace of the service
objref:
kind: Service
version: v1
name: webhook-service
fieldref:
fieldpath: metadata.namespace
- name: SERVICE_NAME
objref:
kind: Service
version: v1
name: webhook-service

27
manifests/function/capz/v0.4.9/webhook/kustomizeconfig.yaml Normal file
View File

@ -0,0 +1,27 @@
# the following config is for teaching kustomize where to look at when substituting vars.
# It requires kustomize v2.1.0 or newer to work properly.
nameReference:
- kind: Service
version: v1
fieldSpecs:
- kind: MutatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/name
- kind: ValidatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/name
namespace:
- kind: MutatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/namespace
create: true
- kind: ValidatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/namespace
create: true
varReference:
- path: metadata/annotations
- kind: Deployment
path: spec/template/spec/volumes/secret/secretName

27
manifests/function/capz/v0.4.9/webhook/manager_webhook_patch.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: manager
args:
- "--metrics-addr=127.0.0.1:8080"
- "--webhook-port=9443"
- "--feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKS=${EXP_AKS:=false}"
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
volumes:
- name: cert
secret:
defaultMode: 420
secretName: $(SERVICE_NAME)-cert

170
manifests/function/capz/v0.4.9/webhook/manifests.yaml Normal file
View File

@ -0,0 +1,170 @@
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
creationTimestamp: null
name: mutating-webhook-configuration
webhooks:
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha3-azurecluster
failurePolicy: Fail
matchPolicy: Equivalent
name: default.azurecluster.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- azureclusters
sideEffects: None
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha3-azuremachine
failurePolicy: Fail
matchPolicy: Equivalent
name: default.azuremachine.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- azuremachines
sideEffects: None
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /mutate-exp-infrastructure-cluster-x-k8s-io-v1alpha3-azuremachinepool
failurePolicy: Fail
name: azuremachinepool.kb.io
rules:
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- azuremachinepools
sideEffects: None
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /mutate-exp-infrastructure-cluster-x-k8s-io-v1alpha3-azuremanagedcontrolplane
failurePolicy: Fail
name: azuremanagedcontrolplane.kb.io
rules:
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- azuremanagedcontrolplanes
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
creationTimestamp: null
name: validating-webhook-configuration
webhooks:
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha3-azurecluster
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.azurecluster.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- azureclusters
sideEffects: None
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha3-azuremachine
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.azuremachine.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- azuremachines
sideEffects: None
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /validate-exp-infrastructure-cluster-x-k8s-io-v1alpha3-azuremachinepool
failurePolicy: Fail
name: azuremachinepool.kb.io
rules:
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- azuremachinepools
sideEffects: None
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /validate-exp-infrastructure-cluster-x-k8s-io-v1alpha3-azuremanagedcontrolplane
failurePolicy: Fail
name: azuremanagedcontrolplane.kb.io
rules:
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- azuremanagedcontrolplanes

9
manifests/function/capz/v0.4.9/webhook/service.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Service
metadata:
name: webhook-service
namespace: system
spec:
ports:
- port: 443
targetPort: webhook-server

17
manifests/function/capz/v0.4.9/webhook/webhookcainjection_patch.yaml Normal file
View File

@ -0,0 +1,17 @@
# This patch add annotation to admission webhook config and
# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
# uncomment the following lines to enable mutating and validating webhook
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: mutating-webhook-configuration
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: validating-webhook-configuration
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)

2
manifests/function/clusterctl/clusterctl.yaml
View File

@ -48,9 +48,11 @@ additional-vars:
CONTAINER_CAPI_MANAGER: us.gcr.io/k8s-artifacts-prod/cluster-api/cluster-api-controller:v0.3.7
CONTAINER_CAPD_MANAGER: gcr.io/k8s-staging-cluster-api/capd-manager:v20201019-v0.3.10-86-gc1647481f
CONTAINER_CAPO_MANAGER: gcr.io/k8s-staging-capi-openstack/capi-openstack-controller-amd64:v20200707-v0.3.1
CONTAINER_CAPZ_MANAGER: gcr.io/k8s-staging-cluster-api-azure/cluster-api-azure-controller:v0.4.9
CONTAINER_CAPM3_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
CONTAINER_CACPK_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
CONTAINER_CABPK_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
CONTAINER_CAPI_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
CONTAINER_CAPD_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
CONTAINER_CAPO_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
CONTAINER_CAPZ_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1