airship
/
airshipctl
Code Issues Proposed changes

Integration of Azure provider to Airship 2.0 

This commit integrates the Azure provider to the Airship 2.0 project.

It adds the following folders:
- manifest/function/capz: This folder contains all manifests required
for the integration of Azure provider.
- manifest/function/k8scontrol-capz: This folder contains the base
manifest for the Azure Workload cluster.
- manifest/site/az-test-site: This folder contains the manifests used
for initializing the CAPI and CAPZ components on the management cluster
invoking "airshipctl cluster init" and manifests used for deploying a
Workload cluster on the Azure Cloud by invoking the command
"airshipctl phase apply azure".
- tools/deployment/azure: provides the script shell that are used in the
zuul gates and local test.

Updated files:
- zuul.d/project.yaml and zuul.d/jobs.yaml have been updated to include
gates for validating the Azure provider integration.

Change-Id: Icbdc7f6f42c159f48dd11e35626da3bc016f5487
This commit is contained in:
Sidney Shiba 2020-09-09 12:41:04 -05:00
parent 8c180daf4e
commit d0683139fe
77 changed files with 4671 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

213
docs/azure/azure-integration.md Normal file
View File

@ -0,0 +1,213 @@
# Airship 2.0 Integration with Azure Cloud Platform
This document provides the instructions to setup and execute *airshipctl*
commands to deploy a Target cluster in Azure cloud platform.
The manifest for the Target cluster deployment can be found at
**manifest/site/az-test-site/target/azure-target**.
It will deploy:
- CAPZ v0.4.5 Management component
- Region: US East
- Control Plane: 1 VM (Standard_B2s)
- Worker: 2 VMs (Standard_B2s)
- Deploying K8S 1.18.3
## Pre-requisites
The list below are the expected pre-requisites for this integration.
- Create your *$HOME/.airship/config*
- Instantiate the Management cluster using Kind
- Update the manifest *manifest/function/capz/v.4.5/default/credentials.yaml*
with the Azure subscription credentials
TODO: Azure subscription credentials to be passed as environment variables
## Steps to create a Management cluster with Kind
The list of commands below creates a K8S cluster to be used as Management cluster
```bash
$ kind create cluster --name airship2-kind-api --kubeconfig /your/folder/kubeconfig.yaml
$ cp /your/folder/kubeconfig.yaml $HOME/.airship/kubeconfig
$ cp /your/folder/kubeconfig.yaml $HOME/.kube/config
```
## Initialize Management cluster
Execute the following command to initialize the Management cluster with CAPI and
CAPZ components.
```bash
$ airshipctl cluster init
```
## Deploy Target cluster on Azure
To deploy the Target cluster on Azure cloude execute the following command.
```bash
$ airshipctl phase apply azure-target
```
Verify the status of Target cluster deployment
```bash
$ kubectl get cluster --all-namespaces
```
Check status of Target cluster KUBEADM control plane deployment
```bash
$ kubectl get kubeadmcontrolplane --all-namespaces
```
Retrieve the kubeconfig of Target cluster
```bash
$ kubectl --namespace=default get secret/az-target-cluster-kubeconfig -o jsonpath={.data.value} \
| base64 --decode > ./az-target-cluster.kubeconfig
```
Check the list of nodes create for the Target cluster
```bash
$ kubectl --kubeconfig=./az-target-cluster.kubeconfig get nodes
```
When all control plane and worker nodes have been created, they will stay in Not Ready state until
CNI is configured. See next step below.
## Configure CNI on the Target cluster with Calico
Calico will be initialized as part of control plane VM *postKubeadmCommands*, which executes the
*sudo kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-azure/master/templates/addons/calico.yaml* command.
See snippet of manifest integrating Calico initialization below:
```yaml
apiVersion: controlplane.cluster.x-k8s.io/v1alpha3
kind: KubeadmControlPlane
metadata:
name: az-target-cluster-control-plane
namespace: default
spec:
infrastructureTemplate:
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: AzureMachineTemplate
name: az-target-cluster-control-plane
kubeadmConfigSpec:
...
files:
- path: /calico.sh
owner: root:root
permissions: "0755"
content: |
#!/bin/bash -x
sudo kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-azure/master/templates/addons/calico.yaml
...
postKubeadmCommands:
- /calico.sh
useExperimentalRetryJoin: true
replicas: 3
version: v1.18.2
```
This approach automates the initialization of Calico and saves the need to execute manually
the list of commands described below.
First we need to provision the Target cluster context in the airship config file
Add Target Cluster manifest to azure_manifest
```bash
$ airshipctl config import ./az-target-cluster.kubeconfig
```
Replace Target Cluster kubeconfig Context in the airship config file
```bash
$ airshipctl config set-context az-target-cluster-admin@az-target-cluster --manifest azure_manifest
```
Set Current Context to the Target Cluster kubeconfig Context in the airship config file
```bash
$ airshipctl config use-context az-target-cluster-admin@az-target-cluster
```
Now we can trigger the configuration of Calico on the Target Cluster
```bash
$ airshipctl phase apply calico --kubeconfig az-target-cluster.kubeconfig
```
Once the Calico provisionning has been completed you should see all the nodes instantiated for the
Target cluster in Ready state.
```bash
$ kubectl --kubeconfig=./az-target-cluster.kubeconfig get nodes
NAME STATUS ROLES AGE VERSION
az-target-cluster-control-plane-28ghk Ready master 17h v1.18.2
az-target-cluster-md-0-46zfv Ready <none> 17h v1.18.2
az-target-cluster-md-0-z5lff Ready <none> 17h v1.18.2
```
## APPENDIX: $HOME/.airship/config
```yaml
apiVersion: airshipit.org/v1alpha1
bootstrapInfo:
azure_bootstrap_config:
builder:
networkConfigFileName: network-config
outputMetadataFileName: output-metadata.yaml
userDataFileName: user-data
container:
containerRuntime: docker
image: quay.io/airshipit/isogen:latest-debian_stable
volume: /srv/iso:/config
remoteDirect:
isoUrl: http://localhost:8099/debian-custom.iso
default:
builder:
networkConfigFileName: network-config
outputMetadataFileName: output-metadata.yaml
userDataFileName: user-data
container:
containerRuntime: docker
image: quay.io/airshipit/isogen:latest-debian_stable
volume: /srv/iso:/config
remoteDirect:
isoUrl: http://localhost:8099/debian-custom.iso
clusters:
az-target-cluster:
clusterType:
target:
bootstrapInfo: default
clusterKubeconf: az-target-cluster_target
managementConfiguration: default
contexts:
az-target-cluster-admin@az-target-cluster:
contextKubeconf: az-target-cluster_target
manifest: azure_manifest
currentContext: az-target-cluster-admin@az-target-cluster
kind: Config
managementConfiguration:
azure_management_config:
insecure: true
systemActionRetries: 30
systemRebootDelay: 30
type: azure
default:
systemActionRetries: 30
systemRebootDelay: 30
type: azure
manifests:
azure_manifest:
primaryRepositoryName: primary
repositories:
primary:
checkout:
branch: master
commitHash: ""
force: false
tag: ""
url: https://review.opendev.org/airship/airshipctl
subPath: airshipctl/manifests/site/az-test-site
targetPath: /tmp/airship
default:
primaryRepositoryName: primary
repositories:
primary:
checkout:
branch: master
commitHash: ""
force: false
tag: ""
url: https://opendev.org/airship/treasuremap
subPath: treasuremap/manifests/site
targetPath: /tmp/default
users:
az-target-cluster-admin: {}
```

24
manifests/function/capz/v0.4.8/certmanager/certificate.yaml Normal file
View File

@ -0,0 +1,24 @@
# The following manifests contain a self-signed issuer CR and a certificate CR.
# More document can be found at https://docs.cert-manager.io
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: selfsigned-issuer
namespace: system
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml
namespace: system
spec:
# $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
dnsNames:
- $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
- $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
issuerRef:
kind: Issuer
name: selfsigned-issuer
secretName: $(SERVICE_NAME)-cert

4
manifests/function/capz/v0.4.8/certmanager/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
resources:
- certificate.yaml
configurations:
- kustomizeconfig.yaml

19
manifests/function/capz/v0.4.8/certmanager/kustomizeconfig.yaml Normal file
View File

@ -0,0 +1,19 @@
# This configuration is for teaching kustomize how to update name ref and var substitution
nameReference:
- kind: Issuer
group: cert-manager.io
fieldSpecs:
- kind: Certificate
group: cert-manager.io
path: spec/issuerRef/name
varReference:
- kind: Certificate
group: cert-manager.io
path: spec/commonName
- kind: Certificate
group: cert-manager.io
path: spec/dnsNames
- kind: Certificate
group: cert-manager.io
path: spec/secretName

354
manifests/function/capz/v0.4.8/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremachinepools.yaml Normal file
View File

@ -0,0 +1,354 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: azuremachinepools.exp.infrastructure.cluster.x-k8s.io
spec:
group: exp.infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureMachinePool
listKind: AzureMachinePoolList
plural: azuremachinepools
shortNames:
- amp
singular: azuremachinepool
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: AzureMachinePool replicas count
jsonPath: .status.replicas
name: Replicas
type: string
- description: AzureMachinePool replicas count
jsonPath: .status.ready
name: Ready
type: string
- description: Azure VMSS provisioning state
jsonPath: .status.provisioningState
name: State
type: string
- description: Cluster to which this AzureMachinePool belongs
jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
name: Cluster
priority: 1
type: string
- description: MachinePool object to which this AzureMachinePool belongs
jsonPath: .metadata.ownerReferences[?(@.kind=="MachinePool")].name
name: MachinePool
priority: 1
type: string
- description: Azure VMSS ID
jsonPath: .spec.providerID
name: VMSS ID
priority: 1
type: string
- description: Azure VM Size
jsonPath: .spec.template.vmSize
name: VM Size
priority: 1
type: string
name: v1alpha3
schema:
openAPIV3Schema:
description: AzureMachinePool is the Schema for the azuremachinepools API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureMachinePoolSpec defines the desired state of AzureMachinePool
properties:
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to add to an
instance, in addition to the ones added by default by the Azure
provider. If both the AzureCluster and the AzureMachine specify
the same tag name with different values, the AzureMachine's value
takes precedence.
type: object
location:
description: Location is the Azure region location e.g. westus2
type: string
providerID:
description: ProviderID is the identification ID of the Virtual Machine
Scale Set
type: string
providerIDList:
description: ProviderIDList are the identification IDs of machine
instances provided by the provider. This field must match the provider
IDs as seen on the node objects corresponding to a machine pool's
machine instances.
items:
type: string
type: array
template:
description: Template contains the details used to build a replica
virtual machine within the Machine Pool
properties:
acceleratedNetworking:
description: AcceleratedNetworking enables or disables Azure accelerated
networking. If omitted, it will be set based on whether the
requested VMSize supports accelerated networking. If AcceleratedNetworking
is set to true with a VMSize that does not support it, Azure
will return an error.
type: boolean
dataDisks:
description: DataDisks specifies the list of data disks to be
created for a Virtual Machine
items:
description: DataDisk specifies the parameters that are used
to add one or more data disks to the machine.
properties:
cachingType:
type: string
diskSizeGB:
description: DiskSizeGB is the size in GB to assign to the
data disk.
format: int32
type: integer
lun:
description: Lun Specifies the logical unit number of the
data disk. This value is used to identify data disks within
the VM and therefore must be unique for each data disk
attached to a VM. The value must be between 0 and 63.
format: int32
type: integer
nameSuffix:
description: NameSuffix is the suffix to be appended to
the machine name to generate the disk name. Each disk
name will be in format <machineName>_<nameSuffix>.
type: string
required:
- diskSizeGB
- nameSuffix
type: object
type: array
image:
description: Image is used to provide details of an image to use
during Virtual Machine creation. If image details are omitted
the image will default the Azure Marketplace "capi" offer, which
is based on Ubuntu.
properties:
id:
description: ID specifies an image to use by ID
type: string
marketplace:
description: Marketplace specifies an image to use from the
Azure Marketplace
properties:
offer:
description: Offer specifies the name of a group of related
images created by the publisher. For example, UbuntuServer,
WindowsServer
minLength: 1
type: string
publisher:
description: Publisher is the name of the organization
that created the image
minLength: 1
type: string
sku:
description: SKU specifies an instance of an offer, such
as a major release of a distribution. For example, 18.04-LTS,
2019-Datacenter
minLength: 1
type: string
thirdPartyImage:
default: false
description: ThirdPartyImage indicates the image is published
by a third party publisher and a Plan will be generated
for it.
type: boolean
version:
description: Version specifies the version of an image
sku. The allowed formats are Major.Minor.Build or 'latest'.
Major, Minor, and Build are decimal numbers. Specify
'latest' to use the latest version of an image available
at deploy time. Even if you use 'latest', the VM image
will not automatically update after deploy time even
if a new version becomes available.
minLength: 1
type: string
required:
- offer
- publisher
- sku
- thirdPartyImage
- version
type: object
sharedGallery:
description: SharedGallery specifies an image to use from
an Azure Shared Image Gallery
properties:
gallery:
description: Gallery specifies the name of the shared
image gallery that contains the image
minLength: 1
type: string
name:
description: Name is the name of the image
minLength: 1
type: string
resourceGroup:
description: ResourceGroup specifies the resource group
containing the shared image gallery
minLength: 1
type: string
subscriptionID:
description: SubscriptionID is the identifier of the subscription
that contains the shared image gallery
minLength: 1
type: string
version:
description: Version specifies the version of the marketplace
image. The allowed formats are Major.Minor.Build or
'latest'. Major, Minor, and Build are decimal numbers.
Specify 'latest' to use the latest version of an image
available at deploy time. Even if you use 'latest',
the VM image will not automatically update after deploy
time even if a new version becomes available.
minLength: 1
type: string
required:
- gallery
- name
- resourceGroup
- subscriptionID
- version
type: object
type: object
osDisk:
description: OSDisk contains the operating system disk information
for a Virtual Machine
properties:
cachingType:
type: string
diffDiskSettings:
description: DiffDiskSettings describe ephemeral disk settings
for the os disk.
properties:
option:
description: Option enables ephemeral OS when set to "Local"
See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks
for full details
enum:
- Local
type: string
required:
- option
type: object
diskSizeGB:
format: int32
type: integer
managedDisk:
description: ManagedDisk defines the managed disk options
for a VM.
properties:
storageAccountType:
type: string
required:
- storageAccountType
type: object
osType:
type: string
required:
- diskSizeGB
- managedDisk
- osType
type: object
sshPublicKey:
description: SSHPublicKey is the SSH public key string base64
encoded to add to a Virtual Machine
type: string
terminateNotificationTimeout:
description: TerminateNotificationTimeout enables or disables
VMSS scheduled events termination notification with specified
timeout allowed values are between 5 and 15 (mins)
type: integer
vmSize:
description: VMSize is the size of the Virtual Machine to build.
See https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/createorupdate#virtualmachinesizetypes
type: string
required:
- osDisk
- sshPublicKey
- vmSize
type: object
required:
- location
- template
type: object
status:
description: AzureMachinePoolStatus defines the observed state of AzureMachinePool
properties:
failureMessage:
description: "ErrorMessage will be set in the event that there is
a terminal problem reconciling the MachinePool and will contain
a more verbose string suitable for logging and human consumption.
\n This field should not be set for transitive errors that a controller
faces that are expected to be fixed automatically over time (like
service outages), but instead indicate that something is fundamentally
wrong with the MachinePool's spec or the configuration of the controller,
and that manual intervention is required. Examples of terminal errors
would be invalid combinations of settings in the spec, values that
are unsupported by the controller, or the responsible controller
itself being critically misconfigured. \n Any transient errors that
occur during the reconciliation of MachinePools can be added as
events to the MachinePool object and/or logged in the controller's
output."
type: string
failureReason:
description: "ErrorReason will be set in the event that there is a
terminal problem reconciling the MachinePool and will contain a
succinct value suitable for machine interpretation. \n This field
should not be set for transitive errors that a controller faces
that are expected to be fixed automatically over time (like service
outages), but instead indicate that something is fundamentally wrong
with the MachinePool's spec or the configuration of the controller,
and that manual intervention is required. Examples of terminal errors
would be invalid combinations of settings in the spec, values that
are unsupported by the controller, or the responsible controller
itself being critically misconfigured. \n Any transient errors that
occur during the reconciliation of MachinePools can be added as
events to the MachinePool object and/or logged in the controller's
output."
type: string
provisioningState:
description: ProvisioningState is the provisioning state of the Azure
virtual machine.
type: string
ready:
description: Ready is true when the provider resource is ready.
type: boolean
replicas:
description: Replicas is the most recently observed number of replicas.
format: int32
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

77
manifests/function/capz/v0.4.8/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedclusters.yaml Normal file
View File

@ -0,0 +1,77 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: azuremanagedclusters.exp.infrastructure.cluster.x-k8s.io
spec:
group: exp.infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureManagedCluster
listKind: AzureManagedClusterList
plural: azuremanagedclusters
shortNames:
- amc
singular: azuremanagedcluster
scope: Namespaced
versions:
- name: v1alpha3
schema:
openAPIV3Schema:
description: AzureManagedCluster is the Schema for the azuremanagedclusters
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureManagedClusterSpec defines the desired state of AzureManagedCluster
properties:
controlPlaneEndpoint:
description: ControlPlaneEndpoint represents the endpoint used to
communicate with the control plane.
properties:
host:
description: The hostname on which the API server is serving.
type: string
port:
description: The port on which the API server is serving.
format: int32
type: integer
required:
- host
- port
type: object
type: object
status:
description: AzureManagedClusterStatus defines the observed state of AzureManagedCluster
properties:
ready:
description: Ready is true when the provider resource is ready.
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

151
manifests/function/capz/v0.4.8/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml Normal file
View File

@ -0,0 +1,151 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: azuremanagedcontrolplanes.exp.infrastructure.cluster.x-k8s.io
spec:
group: exp.infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureManagedControlPlane
listKind: AzureManagedControlPlaneList
plural: azuremanagedcontrolplanes
shortNames:
- amcp
singular: azuremanagedcontrolplane
scope: Namespaced
versions:
- name: v1alpha3
schema:
openAPIV3Schema:
description: AzureManagedControlPlane is the Schema for the azuremanagedcontrolplanes
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureManagedControlPlaneSpec defines the desired state of
AzureManagedControlPlane
properties:
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to add to Azure
resources managed by the Azure provider, in addition to the ones
added by default.
type: object
controlPlaneEndpoint:
description: ControlPlaneEndpoint represents the endpoint used to
communicate with the control plane.
properties:
host:
description: The hostname on which the API server is serving.
type: string
port:
description: The port on which the API server is serving.
format: int32
type: integer
required:
- host
- port
type: object
defaultPoolRef:
description: DefaultPoolRef is the specification for the default pool,
without which an AKS cluster cannot be created.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
dnsServiceIP:
description: DNSServiceIP is an IP address assigned to the Kubernetes
DNS service. It must be within the Kubernetes service address range
specified in serviceCidr.
type: string
loadBalancerSKU:
description: LoadBalancerSKU is the SKU of the loadBalancer to be
provisioned.
enum:
- Basic
- Standard
type: string
location:
description: 'Location is a string matching one of the canonical Azure
region names. Examples: "westus2", "eastus".'
type: string
networkPlugin:
description: NetworkPlugin used for building Kubernetes network.
enum:
- azure
- kubenet
type: string
networkPolicy:
description: NetworkPolicy used for building Kubernetes network.
enum:
- azure
- calico
type: string
resourceGroup:
description: ResourceGroup is the name of the Azure resource group
for this AKS Cluster.
type: string
sshPublicKey:
description: SSHPublicKey is a string literal containing an ssh public
key base64 encoded.
type: string
subscriptionID:
description: SubscriotionID is the GUID of the Azure subscription
to hold this cluster.
type: string
version:
description: Version defines the desired Kubernetes version.
minLength: 2
type: string
required:
- defaultPoolRef
- location
- resourceGroup
- sshPublicKey
- version
type: object
status:
description: AzureManagedControlPlaneStatus defines the observed state
of AzureManagedControlPlane
properties:
initialized:
description: Initialized is true when the the control plane is available
for initial contact. This may occur before the control plane is
fully ready. In the AzureManagedControlPlane implementation, these
are identical.
type: boolean
ready:
description: Ready is true when the provider resource is ready.
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

95
manifests/function/capz/v0.4.8/crd/bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedmachinepools.yaml Normal file
View File

@ -0,0 +1,95 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: azuremanagedmachinepools.exp.infrastructure.cluster.x-k8s.io
spec:
group: exp.infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureManagedMachinePool
listKind: AzureManagedMachinePoolList
plural: azuremanagedmachinepools
shortNames:
- ammp
singular: azuremanagedmachinepool
scope: Namespaced
versions:
- name: v1alpha3
schema:
openAPIV3Schema:
description: AzureManagedMachinePool is the Schema for the azuremanagedmachinepools
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureManagedMachinePoolSpec defines the desired state of
AzureManagedMachinePool
properties:
osDiskSizeGB:
description: OSDiskSizeGB is the disk size for every machine in this
agent pool. If you specify 0, it will apply the default osDisk size
according to the vmSize specified.
format: int32
type: integer
providerIDList:
description: ProviderIDList is the unique identifier as specified
by the cloud provider.
items:
type: string
type: array
sku:
description: SKU is the size of the VMs in the node pool.
type: string
required:
- sku
type: object
status:
description: AzureManagedMachinePoolStatus defines the observed state
of AzureManagedMachinePool
properties:
errorMessage:
description: Any transient errors that occur during the reconciliation
of Machines can be added as events to the Machine object and/or
logged in the controller's output.
type: string
errorReason:
description: Any transient errors that occur during the reconciliation
of Machines can be added as events to the Machine object and/or
logged in the controller's output.
type: string
ready:
description: Ready is true when the provider resource is ready.
type: boolean
replicas:
description: Replicas is the most recently observed number of replicas.
format: int32
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

743
manifests/function/capz/v0.4.8/crd/bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml Normal file
View File

@ -0,0 +1,743 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: azureclusters.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureCluster
listKind: AzureClusterList
plural: azureclusters
singular: azurecluster
scope: Namespaced
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: AzureCluster is the Schema for the azureclusters API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureClusterSpec defines the desired state of AzureCluster
properties:
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to add to Azure
resources managed by the Azure provider, in addition to the ones
added by default.
type: object
location:
type: string
networkSpec:
description: NetworkSpec encapsulates all things related to Azure
network.
properties:
subnets:
description: Subnets is the configuration for the control-plane
subnet and the node subnet.
items:
description: SubnetSpec configures an Azure subnet.
properties:
cidrBlock:
description: CidrBlock is the CIDR block to be used when
the provider creates a managed Vnet.
type: string
id:
description: ID defines a unique identifier to reference
this resource.
type: string
internalLBIPAddress:
description: InternalLBIPAddress is the IP address that
will be used as the internal LB private IP. For the control
plane subnet only.
type: string
name:
description: Name defines a name for the subnet resource.
type: string
role:
description: Role defines the subnet role (eg. Node, ControlPlane)
type: string
securityGroup:
description: SecurityGroup defines the NSG (network security
group) that should be attached to this subnet.
properties:
id:
type: string
ingressRule:
description: IngressRules is a slice of Azure ingress
rules for security groups.
items:
description: IngressRule defines an Azure ingress
rule for security groups.
properties:
description:
type: string
destination:
description: Destination - The destination address
prefix. CIDR or destination IP range. Asterix
'*' can also be used to match all source IPs.
Default tags such as 'VirtualNetwork', 'AzureLoadBalancer'
and 'Internet' can also be used.
type: string
destinationPorts:
description: DestinationPorts - The destination
port or range. Integer or range between 0 and
65535. Asterix '*' can also be used to match
all ports.
type: string
protocol:
description: SecurityGroupProtocol defines the
protocol type for a security group rule.
type: string
source:
description: Source - The CIDR or source IP range.
Asterix '*' can also be used to match all source
IPs. Default tags such as 'VirtualNetwork',
'AzureLoadBalancer' and 'Internet' can also
be used. If this is an ingress rule, specifies
where network traffic originates from.
type: string
sourcePorts:
description: SourcePorts - The source port or
range. Integer or range between 0 and 65535.
Asterix '*' can also be used to match all ports.
type: string
required:
- description
- protocol
type: object
type: array
name:
type: string
tags:
additionalProperties:
type: string
description: Tags defines a map of tags.
type: object
type: object
required:
- name
type: object
type: array
vnet:
description: Vnet is the configuration for the Azure virtual network.
properties:
cidrBlock:
description: CidrBlock is the CIDR block to be used when the
provider creates a managed virtual network.
type: string
id:
description: ID is the identifier of the virtual network this
provider should use to create resources.
type: string
name:
description: Name defines a name for the virtual network resource.
type: string
resourceGroup:
description: ResourceGroup is the name of the resource group
of the existing virtual network or the resource group where
a managed virtual network should be created.
type: string
tags:
additionalProperties:
type: string
description: Tags is a collection of tags describing the resource.
type: object
required:
- name
type: object
type: object
resourceGroup:
type: string
required:
- location
- resourceGroup
type: object
status:
description: AzureClusterStatus defines the observed state of AzureCluster
properties:
apiEndpoints:
description: APIEndpoints represents the endpoints to communicate
with the control plane.
items:
description: APIEndpoint represents a reachable Kubernetes API endpoint.
properties:
host:
description: The hostname on which the API server is serving.
type: string
port:
description: The port on which the API server is serving.
type: integer
required:
- host
- port
type: object
type: array
bastion:
description: VM describes an Azure virtual machine.
properties:
addresses:
description: Addresses contains the Azure instance associated
addresses.
items:
description: NodeAddress contains information for the node's
address.
properties:
address:
description: The node address.
type: string
type:
description: Node address type, one of Hostname, ExternalIP
or InternalIP.
type: string
required:
- address
- type
type: object
type: array
availabilityZone:
type: string
id:
type: string
identity:
description: VMIdentity defines the identity of the virtual machine,
if configured.
type: string
image:
description: Storage profile
properties:
gallery:
type: string
id:
type: string
name:
type: string
offer:
type: string
publisher:
type: string
resourceGroup:
type: string
sku:
type: string
subscriptionID:
type: string
version:
type: string
type: object
name:
type: string
osDisk:
properties:
diskSizeGB:
format: int32
type: integer
managedDisk:
properties:
storageAccountType:
type: string
required:
- storageAccountType
type: object
osType:
type: string
required:
- diskSizeGB
- managedDisk
- osType
type: object
startupScript:
type: string
tags:
additionalProperties:
type: string
description: Tags defines a map of tags.
type: object
vmSize:
description: Hardware profile
type: string
vmState:
description: State - The provisioning state, which only appears
in the response.
type: string
type: object
network:
description: Network encapsulates Azure networking resources.
properties:
apiServerIp:
description: APIServerIP is the Kubernetes API server public IP
address.
properties:
dnsName:
type: string
id:
type: string
ipAddress:
type: string
name:
type: string
type: object
apiServerLb:
description: APIServerLB is the Kubernetes API server load balancer.
properties:
backendPool:
properties:
id:
type: string
name:
type: string
type: object
frontendIpConfig:
type: object
id:
type: string
name:
type: string
sku:
description: LoadBalancerSKU enumerates the values for load
balancer sku name.
type: string
tags:
additionalProperties:
type: string
description: Tags defines a map of tags.
type: object
type: object
securityGroups:
additionalProperties:
description: SecurityGroup defines an Azure security group.
properties:
id:
type: string
ingressRule:
description: IngressRules is a slice of Azure ingress rules
for security groups.
items:
description: IngressRule defines an Azure ingress rule
for security groups.
properties:
description:
type: string
destination:
description: Destination - The destination address
prefix. CIDR or destination IP range. Asterix '*'
can also be used to match all source IPs. Default
tags such as 'VirtualNetwork', 'AzureLoadBalancer'
and 'Internet' can also be used.
type: string
destinationPorts:
description: DestinationPorts - The destination port
or range. Integer or range between 0 and 65535.
Asterix '*' can also be used to match all ports.
type: string
protocol:
description: SecurityGroupProtocol defines the protocol
type for a security group rule.
type: string
source:
description: Source - The CIDR or source IP range.
Asterix '*' can also be used to match all source
IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer'
and 'Internet' can also be used. If this is an ingress
rule, specifies where network traffic originates
from.
type: string
sourcePorts:
description: SourcePorts - The source port or range.
Integer or range between 0 and 65535. Asterix '*'
can also be used to match all ports.
type: string
required:
- description
- protocol
type: object
type: array
name:
type: string
tags:
additionalProperties:
type: string
description: Tags defines a map of tags.
type: object
type: object
description: SecurityGroups is a map from the role/kind of the
security group to its unique name, if any.
type: object
type: object
ready:
description: Ready is true when the provider resource is ready.
type: boolean
type: object
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- description: Cluster to which this AzureCluster belongs
jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
name: Cluster
type: string
- jsonPath: .status.ready
name: Ready
type: boolean
- jsonPath: .spec.resourceGroup
name: Resource Group
priority: 1
type: string
- jsonPath: .spec.subscriptionID
name: SubscriptionID
priority: 1
type: string
- jsonPath: .spec.location
name: Location
priority: 1
type: string
- description: Control Plane Endpoint
jsonPath: .spec.controlPlaneEndpoint.host
name: Endpoint
priority: 1
type: string
name: v1alpha3
schema:
openAPIV3Schema:
description: AzureCluster is the Schema for the azureclusters API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureClusterSpec defines the desired state of AzureCluster
properties:
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to add to Azure
resources managed by the Azure provider, in addition to the ones
added by default.
type: object
controlPlaneEndpoint:
description: ControlPlaneEndpoint represents the endpoint used to
communicate with the control plane.
properties:
host:
description: The hostname on which the API server is serving.
type: string
port:
description: The port on which the API server is serving.
format: int32
type: integer
required:
- host
- port
type: object
location:
type: string
networkSpec:
description: NetworkSpec encapsulates all things related to Azure
network.
properties:
subnets:
description: Subnets is the configuration for the control-plane
subnet and the node subnet.
items:
description: SubnetSpec configures an Azure subnet.
properties:
cidrBlock:
description: CidrBlock is the CIDR block to be used when
the provider creates a managed Vnet.
type: string
id:
description: ID defines a unique identifier to reference
this resource.
type: string
internalLBIPAddress:
description: InternalLBIPAddress is the IP address that
will be used as the internal LB private IP. For the control
plane subnet only.
type: string
name:
description: Name defines a name for the subnet resource.
type: string
role:
description: Role defines the subnet role (eg. Node, ControlPlane)
type: string
routeTable:
description: RouteTable defines the route table that should
be attached to this subnet.
properties:
id:
type: string
name:
type: string
type: object
securityGroup:
description: SecurityGroup defines the NSG (network security
group) that should be attached to this subnet.
properties:
id:
type: string
ingressRule:
description: IngressRules is a slice of Azure ingress
rules for security groups.
items:
description: IngressRule defines an Azure ingress
rule for security groups.
properties:
description:
type: string
destination:
description: Destination - The destination address
prefix. CIDR or destination IP range. Asterix
'*' can also be used to match all source IPs.
Default tags such as 'VirtualNetwork', 'AzureLoadBalancer'
and 'Internet' can also be used.
type: string
destinationPorts:
description: DestinationPorts - The destination
port or range. Integer or range between 0 and
65535. Asterix '*' can also be used to match
all ports.
type: string
name:
type: string
priority:
description: Priority - A number between 100 and
4096. Each rule should have a unique value for
priority. Rules are processed in priority order,
with lower numbers processed before higher numbers.
Once traffic matches a rule, processing stops.
format: int32
type: integer
protocol:
description: SecurityGroupProtocol defines the
protocol type for a security group rule.
type: string
source:
description: Source - The CIDR or source IP range.
Asterix '*' can also be used to match all source
IPs. Default tags such as 'VirtualNetwork',
'AzureLoadBalancer' and 'Internet' can also
be used. If this is an ingress rule, specifies
where network traffic originates from.
type: string
sourcePorts:
description: SourcePorts - The source port or
range. Integer or range between 0 and 65535.
Asterix '*' can also be used to match all ports.
type: string
required:
- description
- name
- protocol
type: object
type: array
name:
type: string
tags:
additionalProperties:
type: string
description: Tags defines a map of tags.
type: object
type: object
required:
- name
type: object
type: array
vnet:
description: Vnet is the configuration for the Azure virtual network.
properties:
cidrBlock:
description: CidrBlock is the CIDR block to be used when the
provider creates a managed virtual network.
type: string
id:
description: ID is the identifier of the virtual network this
provider should use to create resources.
type: string
name:
description: Name defines a name for the virtual network resource.
type: string
resourceGroup:
description: ResourceGroup is the name of the resource group
of the existing virtual network or the resource group where
a managed virtual network should be created.
type: string
tags:
additionalProperties:
type: string
description: Tags is a collection of tags describing the resource.
type: object
required:
- name
type: object
type: object
resourceGroup:
type: string
subscriptionID:
type: string
required:
- location
type: object
status:
description: AzureClusterStatus defines the observed state of AzureCluster
properties:
conditions:
description: Conditions defines current service state of the AzureCluster.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another. This should be when the underlying condition changed.
If that is not known, then using the time when the API field
changed is acceptable.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition. This field may be empty.
type: string
reason:
description: The reason for the condition's last transition
in CamelCase. The specific API may choose whether or not this
field is considered a guaranteed API. This field may not be
empty.
type: string
severity:
description: Severity provides an explicit classification of
Reason code, so the users or machines can immediately understand
the current situation and act accordingly. The Severity field
MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important.
type: string
required:
- status
- type
type: object
type: array
failureDomains:
additionalProperties:
description: FailureDomainSpec is the Schema for Cluster API failure
domains. It allows controllers to understand how many failure
domains a cluster can optionally span across.
properties:
attributes:
additionalProperties:
type: string
description: Attributes is a free form map of attributes an
infrastructure provider might use or require.
type: object
controlPlane:
description: ControlPlane determines if this failure domain
is suitable for use by control plane machines.
type: boolean
type: object
description: 'FailureDomains specifies the list of unique failure
domains for the location/region of the cluster. A FailureDomain
maps to Availability Zone with an Azure Region (if the region support
them). An Availability Zone is a separate data center within a region
and they can be used to ensure the cluster is more resilient to
failure. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview
This list will be used by Cluster API to try and spread the machines
across the failure domains.'
type: object
network:
description: Network encapsulates the state of Azure networking resources.
properties:
apiServerIp:
description: APIServerIP is the Kubernetes API server public IP
address.
properties:
dnsName:
type: string
id:
type: string
ipAddress:
type: string
name:
type: string
type: object
apiServerLb:
description: APIServerLB is the Kubernetes API server load balancer.
properties:
backendPool:
description: BackendPool defines a load balancer backend pool
properties:
id:
type: string
name:
type: string
type: object
frontendIpConfig:
description: FrontendIPConfig - DO NOT USE this empty struct
is here to preserve backwards compatibility and should be
removed in v1alpha4
type: object
id:
type: string
name:
type: string
sku:
description: SKU defines an Azure load balancer SKU.
type: string
tags:
additionalProperties:
type: string
description: Tags defines a map of tags.
type: object
type: object
type: object
ready:
description: Ready is true when the provider resource is ready.
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

597
manifests/function/capz/v0.4.8/crd/bases/infrastructure.cluster.x-k8s.io_azuremachines.yaml Normal file
View File

@ -0,0 +1,597 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: azuremachines.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureMachine
listKind: AzureMachineList
plural: azuremachines
singular: azuremachine
scope: Namespaced
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: AzureMachine is the Schema for the azuremachines API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureMachineSpec defines the desired state of AzureMachine
properties:
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to add to an
instance, in addition to the ones added by default by the Azure
provider. If both the AzureCluster and the AzureMachine specify
the same tag name with different values, the AzureMachine's value
takes precedence.
type: object
allocatePublicIP:
description: AllocatePublicIP allows the ability to create dynamic
public ips for machines where this value is true.
type: boolean
availabilityZone:
properties:
enabled:
type: boolean
id:
type: string
type: object
image:
description: 'Image defines information about the image to use for
VM creation. There are three ways to specify an image: by ID, by
publisher, or by Shared Image Gallery. If specifying an image by
ID, only the ID field needs to be set. If specifying an image by
publisher, the Publisher, Offer, SKU, and Version fields must be
set. If specifying an image from a Shared Image Gallery, the SubscriptionID,
ResourceGroup, Gallery, Name, and Version fields must be set.'
properties:
gallery:
type: string
id:
type: string
name:
type: string
offer:
type: string
publisher:
type: string
resourceGroup:
type: string
sku:
type: string
subscriptionID:
type: string
version:
type: string
type: object
location:
type: string
osDisk:
properties:
diskSizeGB:
format: int32
type: integer
managedDisk:
properties:
storageAccountType:
type: string
required:
- storageAccountType
type: object
osType:
type: string
required:
- diskSizeGB
- managedDisk
- osType
type: object
providerID:
description: ProviderID is the unique identifier as specified by the
cloud provider.
type: string
sshPublicKey:
type: string
vmSize:
type: string
required:
- location
- osDisk
- sshPublicKey
- vmSize
type: object
status:
description: AzureMachineStatus defines the observed state of AzureMachine
properties:
addresses:
description: Addresses contains the Azure instance associated addresses.
items:
description: NodeAddress contains information for the node's address.
properties:
address:
description: The node address.
type: string
type:
description: Node address type, one of Hostname, ExternalIP
or InternalIP.
type: string
required:
- address
- type
type: object
type: array
errorMessage:
description: "ErrorMessage will be set in the event that there is
a terminal problem reconciling the Machine and will contain a more
verbose string suitable for logging and human consumption. \n This
field should not be set for transitive errors that a controller
faces that are expected to be fixed automatically over time (like
service outages), but instead indicate that something is fundamentally
wrong with the Machine's spec or the configuration of the controller,
and that manual intervention is required. Examples of terminal errors
would be invalid combinations of settings in the spec, values that
are unsupported by the controller, or the responsible controller
itself being critically misconfigured. \n Any transient errors that
occur during the reconciliation of Machines can be added as events
to the Machine object and/or logged in the controller's output."
type: string
errorReason:
description: "ErrorReason will be set in the event that there is a
terminal problem reconciling the Machine and will contain a succinct
value suitable for machine interpretation. \n This field should
not be set for transitive errors that a controller faces that are
expected to be fixed automatically over time (like service outages),
but instead indicate that something is fundamentally wrong with
the Machine's spec or the configuration of the controller, and that
manual intervention is required. Examples of terminal errors would
be invalid combinations of settings in the spec, values that are
unsupported by the controller, or the responsible controller itself
being critically misconfigured. \n Any transient errors that occur
during the reconciliation of Machines can be added as events to
the Machine object and/or logged in the controller's output."
type: string
ready:
description: Ready is true when the provider resource is ready.
type: boolean
vmState:
description: VMState is the provisioning state of the Azure virtual
machine.
type: string
type: object
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- description: AzureMachine ready status
jsonPath: .status.ready
name: Ready
type: string
- description: Azure VM provisioning state
jsonPath: .status.vmState
name: State
type: string
- description: Cluster to which this AzureMachine belongs
jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
name: Cluster
priority: 1
type: string
- description: Machine object to which this AzureMachine belongs
jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
name: Machine
priority: 1
type: string
- description: Azure VM ID
jsonPath: .spec.providerID
name: VM ID
priority: 1
type: string
- description: Azure VM Size
jsonPath: .spec.vmSize
name: VM Size
priority: 1
type: string
name: v1alpha3
schema:
openAPIV3Schema:
description: AzureMachine is the Schema for the azuremachines API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureMachineSpec defines the desired state of AzureMachine
properties:
acceleratedNetworking:
description: AcceleratedNetworking enables or disables Azure accelerated
networking. If omitted, it will be set based on whether the requested
VMSize supports accelerated networking. If AcceleratedNetworking
is set to true with a VMSize that does not support it, Azure will
return an error.
type: boolean
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to add to an
instance, in addition to the ones added by default by the Azure
provider. If both the AzureCluster and the AzureMachine specify
the same tag name with different values, the AzureMachine's value
takes precedence.
type: object
allocatePublicIP:
description: AllocatePublicIP allows the ability to create dynamic
public ips for machines where this value is true.
type: boolean
availabilityZone:
description: 'DEPRECATED: use FailureDomain instead'
properties:
enabled:
type: boolean
id:
type: string
type: object
dataDisks:
description: DataDisk specifies the parameters that are used to add
one or more data disks to the machine
items:
description: DataDisk specifies the parameters that are used to
add one or more data disks to the machine.
properties:
cachingType:
type: string
diskSizeGB:
description: DiskSizeGB is the size in GB to assign to the data
disk.
format: int32
type: integer
lun:
description: Lun Specifies the logical unit number of the data
disk. This value is used to identify data disks within the
VM and therefore must be unique for each data disk attached
to a VM. The value must be between 0 and 63.
format: int32
type: integer
nameSuffix:
description: NameSuffix is the suffix to be appended to the
machine name to generate the disk name. Each disk name will
be in format <machineName>_<nameSuffix>.
type: string
required:
- diskSizeGB
- nameSuffix
type: object
type: array
failureDomain:
description: FailureDomain is the failure domain unique identifier
this Machine should be attached to, as defined in Cluster API. This
relates to an Azure Availability Zone
type: string
identity:
default: None
description: Identity is the type of identity used for the virtual
machine. The type 'SystemAssigned' is an implicitly created identity.
The generated identity will be assigned a Subscription contributor
role. The type 'UserAssigned' is a standalone Azure resource provided
by the user and assigned to the VM
enum:
- None
- SystemAssigned
- UserAssigned
type: string
image:
description: Image is used to provide details of an image to use during
VM creation. If image details are omitted the image will default
the Azure Marketplace "capi" offer, which is based on Ubuntu.
properties:
id:
description: ID specifies an image to use by ID
type: string
marketplace:
description: Marketplace specifies an image to use from the Azure
Marketplace
properties:
offer:
description: Offer specifies the name of a group of related
images created by the publisher. For example, UbuntuServer,
WindowsServer
minLength: 1
type: string
publisher:
description: Publisher is the name of the organization that
created the image
minLength: 1
type: string
sku:
description: SKU specifies an instance of an offer, such as
a major release of a distribution. For example, 18.04-LTS,
2019-Datacenter
minLength: 1
type: string
thirdPartyImage:
default: false
description: ThirdPartyImage indicates the image is published
by a third party publisher and a Plan will be generated
for it.
type: boolean
version:
description: Version specifies the version of an image sku.
The allowed formats are Major.Minor.Build or 'latest'. Major,
Minor, and Build are decimal numbers. Specify 'latest' to
use the latest version of an image available at deploy time.
Even if you use 'latest', the VM image will not automatically
update after deploy time even if a new version becomes available.
minLength: 1
type: string
required:
- offer
- publisher
- sku
- thirdPartyImage
- version
type: object
sharedGallery:
description: SharedGallery specifies an image to use from an Azure
Shared Image Gallery
properties:
gallery:
description: Gallery specifies the name of the shared image
gallery that contains the image
minLength: 1
type: string
name:
description: Name is the name of the image
minLength: 1
type: string
resourceGroup:
description: ResourceGroup specifies the resource group containing
the shared image gallery
minLength: 1
type: string
subscriptionID:
description: SubscriptionID is the identifier of the subscription
that contains the shared image gallery
minLength: 1
type: string
version:
description: Version specifies the version of the marketplace
image. The allowed formats are Major.Minor.Build or 'latest'.
Major, Minor, and Build are decimal numbers. Specify 'latest'
to use the latest version of an image available at deploy
time. Even if you use 'latest', the VM image will not automatically
update after deploy time even if a new version becomes available.
minLength: 1
type: string
required:
- gallery
- name
- resourceGroup
- subscriptionID
- version
type: object
type: object
location:
description: 'DEPRECATED: to support old clients, will be removed
in v1alpha4'
type: string
osDisk:
description: OSDisk specifies the parameters for the operating system
disk of the machine
properties:
cachingType:
type: string
diffDiskSettings:
description: DiffDiskSettings describe ephemeral disk settings
for the os disk.
properties:
option:
description: Option enables ephemeral OS when set to "Local"
See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks
for full details
enum:
- Local
type: string
required:
- option
type: object
diskSizeGB:
format: int32
type: integer
managedDisk:
description: ManagedDisk defines the managed disk options for
a VM.
properties:
storageAccountType:
type: string
required:
- storageAccountType
type: object
osType:
type: string
required:
- diskSizeGB
- managedDisk
- osType
type: object
providerID:
description: ProviderID is the unique identifier as specified by the
cloud provider.
type: string
spotVMOptions:
description: SpotVMOptions allows the ability to specify the Machine
should use a Spot VM
properties:
maxPrice:
description: MaxPrice defines the maximum price the user is willing
to pay for Spot VM instances
type: number
type: object
sshPublicKey:
type: string
userAssignedIdentities:
description: UserAssignedIdentities is a list of standalone Azure
identities provided by the user The lifecycle of a user-assigned
identity is managed separately from the lifecycle of the AzureMachine.
items:
description: UserAssignedIdentity defines the user-assigned identities
provided by the user to be assigned to Azure resources.
properties:
providerID:
description: 'ProviderID is the identification ID of the user-assigned
Identity, the format of an identity is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'''
type: string
required:
- providerID
type: object
type: array
vmSize:
type: string
required:
- location
- osDisk
- sshPublicKey
- vmSize
type: object
status:
description: AzureMachineStatus defines the observed state of AzureMachine
properties:
addresses:
description: Addresses contains the Azure instance associated addresses.
items:
description: NodeAddress contains information for the node's address.
properties:
address:
description: The node address.
type: string
type:
description: Node address type, one of Hostname, ExternalIP
or InternalIP.
type: string
required:
- address
- type
type: object
type: array
conditions:
description: Conditions defines current service state of the AzureMachine.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another. This should be when the underlying condition changed.
If that is not known, then using the time when the API field
changed is acceptable.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition. This field may be empty.
type: string
reason:
description: The reason for the condition's last transition
in CamelCase. The specific API may choose whether or not this
field is considered a guaranteed API. This field may not be
empty.
type: string
severity:
description: Severity provides an explicit classification of
Reason code, so the users or machines can immediately understand
the current situation and act accordingly. The Severity field
MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important.
type: string
required:
- status
- type
type: object
type: array
failureMessage:
description: "ErrorMessage will be set in the event that there is
a terminal problem reconciling the Machine and will contain a more
verbose string suitable for logging and human consumption. \n This
field should not be set for transitive errors that a controller
faces that are expected to be fixed automatically over time (like
service outages), but instead indicate that something is fundamentally
wrong with the Machine's spec or the configuration of the controller,
and that manual intervention is required. Examples of terminal errors
would be invalid combinations of settings in the spec, values that
are unsupported by the controller, or the responsible controller
itself being critically misconfigured. \n Any transient errors that
occur during the reconciliation of Machines can be added as events
to the Machine object and/or logged in the controller's output."
type: string
failureReason:
description: "ErrorReason will be set in the event that there is a
terminal problem reconciling the Machine and will contain a succinct
value suitable for machine interpretation. \n This field should
not be set for transitive errors that a controller faces that are
expected to be fixed automatically over time (like service outages),
but instead indicate that something is fundamentally wrong with
the Machine's spec or the configuration of the controller, and that
manual intervention is required. Examples of terminal errors would
be invalid combinations of settings in the spec, values that are
unsupported by the controller, or the responsible controller itself
being critically misconfigured. \n Any transient errors that occur
during the reconciliation of Machines can be added as events to
the Machine object and/or logged in the controller's output."
type: string
ready:
description: Ready is true when the provider resource is ready.
type: boolean
vmState:
description: VMState is the provisioning state of the Azure virtual
machine.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

446
manifests/function/capz/v0.4.8/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml Normal file
View File

@ -0,0 +1,446 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: azuremachinetemplates.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureMachineTemplate
listKind: AzureMachineTemplateList
plural: azuremachinetemplates
singular: azuremachinetemplate
scope: Namespaced
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: AzureMachineTemplate is the Schema for the azuremachinetemplates
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureMachineTemplateSpec defines the desired state of AzureMachineTemplate
properties:
template:
description: AzureMachineTemplateResource describes the data needed
to create am AzureMachine from a template
properties:
spec:
description: Spec is the specification of the desired behavior
of the machine.
properties:
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to
add to an instance, in addition to the ones added by default
by the Azure provider. If both the AzureCluster and the
AzureMachine specify the same tag name with different values,
the AzureMachine's value takes precedence.
type: object
allocatePublicIP:
description: AllocatePublicIP allows the ability to create
dynamic public ips for machines where this value is true.
type: boolean
availabilityZone:
properties:
enabled:
type: boolean
id:
type: string
type: object
image:
description: 'Image defines information about the image to
use for VM creation. There are three ways to specify an
image: by ID, by publisher, or by Shared Image Gallery.
If specifying an image by ID, only the ID field needs to
be set. If specifying an image by publisher, the Publisher,
Offer, SKU, and Version fields must be set. If specifying
an image from a Shared Image Gallery, the SubscriptionID,
ResourceGroup, Gallery, Name, and Version fields must be
set.'
properties:
gallery:
type: string
id:
type: string
name:
type: string
offer:
type: string
publisher:
type: string
resourceGroup:
type: string
sku:
type: string
subscriptionID:
type: string
version:
type: string
type: object
location:
type: string
osDisk:
properties:
diskSizeGB:
format: int32
type: integer
managedDisk:
properties:
storageAccountType:
type: string
required:
- storageAccountType
type: object
osType:
type: string
required:
- diskSizeGB
- managedDisk
- osType
type: object
providerID:
description: ProviderID is the unique identifier as specified
by the cloud provider.
type: string
sshPublicKey:
type: string
vmSize:
type: string
required:
- location
- osDisk
- sshPublicKey
- vmSize
type: object
required:
- spec
type: object
required:
- template
type: object
type: object
served: true
storage: false
- name: v1alpha3
schema:
openAPIV3Schema:
description: AzureMachineTemplate is the Schema for the azuremachinetemplates
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureMachineTemplateSpec defines the desired state of AzureMachineTemplate
properties:
template:
description: AzureMachineTemplateResource describes the data needed
to create an AzureMachine from a template
properties:
spec:
description: Spec is the specification of the desired behavior
of the machine.
properties:
acceleratedNetworking:
description: AcceleratedNetworking enables or disables Azure
accelerated networking. If omitted, it will be set based
on whether the requested VMSize supports accelerated networking.
If AcceleratedNetworking is set to true with a VMSize that
does not support it, Azure will return an error.
type: boolean
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to
add to an instance, in addition to the ones added by default
by the Azure provider. If both the AzureCluster and the
AzureMachine specify the same tag name with different values,
the AzureMachine's value takes precedence.
type: object
allocatePublicIP:
description: AllocatePublicIP allows the ability to create
dynamic public ips for machines where this value is true.
type: boolean
availabilityZone:
description: 'DEPRECATED: use FailureDomain instead'
properties:
enabled:
type: boolean
id:
type: string
type: object
dataDisks:
description: DataDisk specifies the parameters that are used
to add one or more data disks to the machine
items:
description: DataDisk specifies the parameters that are
used to add one or more data disks to the machine.
properties:
cachingType:
type: string
diskSizeGB:
description: DiskSizeGB is the size in GB to assign
to the data disk.
format: int32
type: integer
lun:
description: Lun Specifies the logical unit number of
the data disk. This value is used to identify data
disks within the VM and therefore must be unique for
each data disk attached to a VM. The value must be
between 0 and 63.
format: int32
type: integer
nameSuffix:
description: NameSuffix is the suffix to be appended
to the machine name to generate the disk name. Each
disk name will be in format <machineName>_<nameSuffix>.
type: string
required:
- diskSizeGB
- nameSuffix
type: object
type: array
failureDomain:
description: FailureDomain is the failure domain unique identifier
this Machine should be attached to, as defined in Cluster
API. This relates to an Azure Availability Zone
type: string
identity:
default: None
description: Identity is the type of identity used for the
virtual machine. The type 'SystemAssigned' is an implicitly
created identity. The generated identity will be assigned
a Subscription contributor role. The type 'UserAssigned'
is a standalone Azure resource provided by the user and
assigned to the VM
enum:
- None
- SystemAssigned
- UserAssigned
type: string
image:
description: Image is used to provide details of an image
to use during VM creation. If image details are omitted
the image will default the Azure Marketplace "capi" offer,
which is based on Ubuntu.
properties:
id:
description: ID specifies an image to use by ID
type: string
marketplace:
description: Marketplace specifies an image to use from
the Azure Marketplace
properties:
offer:
description: Offer specifies the name of a group of
related images created by the publisher. For example,
UbuntuServer, WindowsServer
minLength: 1
type: string
publisher:
description: Publisher is the name of the organization
that created the image
minLength: 1
type: string
sku:
description: SKU specifies an instance of an offer,
such as a major release of a distribution. For example,
18.04-LTS, 2019-Datacenter
minLength: 1
type: string
thirdPartyImage:
default: false
description: ThirdPartyImage indicates the image is
published by a third party publisher and a Plan
will be generated for it.
type: boolean
version:
description: Version specifies the version of an image
sku. The allowed formats are Major.Minor.Build or
'latest'. Major, Minor, and Build are decimal numbers.
Specify 'latest' to use the latest version of an
image available at deploy time. Even if you use
'latest', the VM image will not automatically update
after deploy time even if a new version becomes
available.
minLength: 1
type: string
required:
- offer
- publisher
- sku
- thirdPartyImage
- version
type: object
sharedGallery:
description: SharedGallery specifies an image to use from
an Azure Shared Image Gallery
properties:
gallery:
description: Gallery specifies the name of the shared
image gallery that contains the image
minLength: 1
type: string
name:
description: Name is the name of the image
minLength: 1
type: string
resourceGroup:
description: ResourceGroup specifies the resource
group containing the shared image gallery
minLength: 1
type: string
subscriptionID:
description: SubscriptionID is the identifier of the
subscription that contains the shared image gallery
minLength: 1
type: string
version:
description: Version specifies the version of the
marketplace image. The allowed formats are Major.Minor.Build
or 'latest'. Major, Minor, and Build are decimal
numbers. Specify 'latest' to use the latest version
of an image available at deploy time. Even if you
use 'latest', the VM image will not automatically
update after deploy time even if a new version becomes
available.
minLength: 1
type: string
required:
- gallery
- name
- resourceGroup
- subscriptionID
- version
type: object
type: object
location:
description: 'DEPRECATED: to support old clients, will be
removed in v1alpha4'
type: string
osDisk:
description: OSDisk specifies the parameters for the operating
system disk of the machine
properties:
cachingType:
type: string
diffDiskSettings:
description: DiffDiskSettings describe ephemeral disk
settings for the os disk.
properties:
option:
description: Option enables ephemeral OS when set
to "Local" See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks
for full details
enum:
- Local
type: string
required:
- option
type: object
diskSizeGB:
format: int32
type: integer
managedDisk:
description: ManagedDisk defines the managed disk options
for a VM.
properties:
storageAccountType:
type: string
required:
- storageAccountType
type: object
osType:
type: string
required:
- diskSizeGB
- managedDisk
- osType
type: object
providerID:
description: ProviderID is the unique identifier as specified
by the cloud provider.
type: string
spotVMOptions:
description: SpotVMOptions allows the ability to specify the
Machine should use a Spot VM
properties:
maxPrice:
description: MaxPrice defines the maximum price the user
is willing to pay for Spot VM instances
type: number
type: object
sshPublicKey:
type: string
userAssignedIdentities:
description: UserAssignedIdentities is a list of standalone
Azure identities provided by the user The lifecycle of a
user-assigned identity is managed separately from the lifecycle
of the AzureMachine.
items:
description: UserAssignedIdentity defines the user-assigned
identities provided by the user to be assigned to Azure
resources.
properties:
providerID:
description: 'ProviderID is the identification ID of
the user-assigned Identity, the format of an identity
is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'''
type: string
required:
- providerID
type: object
type: array
vmSize:
type: string
required:
- location
- osDisk
- sshPublicKey
- vmSize
type: object
required:
- spec
type: object
required:
- template
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

43
manifests/function/capz/v0.4.8/crd/kustomization.yaml Normal file
View File

@ -0,0 +1,43 @@
# This kustomization.yaml is not intended to be run by itself,
# since it depends on service name and namespace that are out of this kustomize package.
# It should be run by config/
commonLabels:
cluster.x-k8s.io/v1alpha3: v1alpha3
resources:
- bases/infrastructure.cluster.x-k8s.io_azuremachines.yaml
- bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml
- bases/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml
- bases/exp.infrastructure.cluster.x-k8s.io_azuremachinepools.yaml
- bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedmachinepools.yaml
- bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedclusters.yaml
- bases/exp.infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml
# +kubebuilder:scaffold:crdkustomizeresource
patchesStrategicMerge:
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
# patches here are for enabling the conversion webhook for each CRD
- patches/webhook_in_azuremachines.yaml
- patches/webhook_in_azureclusters.yaml
- patches/webhook_in_azuremachinetemplates.yaml
- patches/webhook_in_azuremachinepools.yaml
# - patches/webhook_in_azuremanagedmachinepools.yaml
# - patches/webhook_in_azuremanagedclusters.yaml
# - patches/webhook_in_azuremanagedcontrolplanes.yaml
# +kubebuilder:scaffold:crdkustomizewebhookpatch
# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
# patches here are for enabling the CA injection for each CRD
- patches/cainjection_in_azuremachines.yaml
- patches/cainjection_in_azureclusters.yaml
- patches/cainjection_in_azuremachinetemplates.yaml
- patches/cainjection_in_azuremachinepools.yaml
# - patches/cainjection_in_azuremanagedmachinepools.yaml
# - patches/cainjection_in_azuremanagedclusters.yaml
# - patches/cainjection_in_azuremanagedcontrolplanes.yaml
# +kubebuilder:scaffold:crdkustomizecainjectionpatch
# the following config is for teaching kustomize how to do kustomization for CRDs.
configurations:
- kustomizeconfig.yaml

17
manifests/function/capz/v0.4.8/crd/kustomizeconfig.yaml Normal file
View File

@ -0,0 +1,17 @@
# This file is for teaching kustomize how to substitute name and namespace reference in CRD
nameReference:
- kind: Service
version: v1
fieldSpecs:
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhook/clientConfig/service/name
namespace:
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhook/clientConfig/service/namespace
create: false
varReference:
- path: metadata/annotations

8
manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azureclusters.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azureclusters.infrastructure.cluster.x-k8s.io

8
manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremachinepools.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azuremachinepools.exp.infrastructure.cluster.x-k8s.io

8
manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremachines.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azuremachines.infrastructure.cluster.x-k8s.io

8
manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremachinetemplates.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azuremachinetemplates.infrastructure.cluster.x-k8s.io

8
manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremanagedclusters.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azuremanagedclusters.exp.infrastructure.cluster.x-k8s.io

8
manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremanagedcontrolplanes.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azuremanagedcontrolplanes.exp.infrastructure.cluster.x-k8s.io

8
manifests/function/capz/v0.4.8/crd/patches/cainjection_in_azuremanagedmachinepools.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azuremanagedmachinepools.exp.infrastructure.cluster.x-k8s.io

19
manifests/function/capz/v0.4.8/crd/patches/webhook_in_azureclusters.yaml Normal file
View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azureclusters.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

19
manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremachinepools.yaml Normal file
View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azuremachinepools.exp.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

19
manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremachines.yaml Normal file
View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azuremachines.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

19
manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremachinetemplates.yaml Normal file
View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azuremachinetemplates.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

19
manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremanagedclusters.yaml Normal file
View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azuremanagedclusters.exp.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

19
manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremanagedcontrolplanes.yaml Normal file
View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azuremanagedcontrolplanes.exp.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

19
manifests/function/capz/v0.4.8/crd/patches/webhook_in_azuremanagedmachinepools.yaml Normal file
View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azuremanagedmachinepools.exp.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

8
manifests/function/capz/v0.4.8/default/cloud_environment.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: manager-bootstrap-cloud-env
namespace: system
data:
cloud-env: AzurePublicCloud
# cloud-env: ${AZURE_ENVIRONMENT:-"AzurePublicCloud"}

11
manifests/function/capz/v0.4.8/default/credentials.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: manager-bootstrap-credentials
namespace: system
type: Opaque
data:
subscription-id: ${AZURE_SUBSCRIPTION_ID_B64}
tenant-id: ${AZURE_TENANT_ID_B64}
client-id: ${AZURE_CLIENT_ID_B64}
client-secret: ${AZURE_CLIENT_SECRET_B64}

14
manifests/function/capz/v0.4.8/default/kustomization.yaml Normal file
View File

@ -0,0 +1,14 @@
namespace: capz-system
resources:
- namespace.yaml
- credentials.yaml
- cloud_environment.yaml
bases:
- ../rbac
- ../manager
patchesStrategicMerge:
- manager_credentials_patch.yaml
- manager_cloud_env_patch.yaml

16
manifests/function/capz/v0.4.8/default/manager_cloud_env_patch.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: manager
env:
- name: AZURE_ENVIRONMENT
valueFrom:
configMapKeyRef:
name: manager-bootstrap-cloud-env
key: cloud-env

31
manifests/function/capz/v0.4.8/default/manager_credentials_patch.yaml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: manager
env:
- name: AZURE_SUBSCRIPTION_ID
valueFrom:
secretKeyRef:
name: manager-bootstrap-credentials
key: subscription-id
- name: AZURE_TENANT_ID
valueFrom:
secretKeyRef:
name: manager-bootstrap-credentials
key: tenant-id
- name: AZURE_CLIENT_ID
valueFrom:
secretKeyRef:
name: manager-bootstrap-credentials
key: client-id
- name: AZURE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: manager-bootstrap-credentials
key: client-secret

19
manifests/function/capz/v0.4.8/default/manager_prometheus_metrics_patch.yaml Normal file
View File

@ -0,0 +1,19 @@
# This patch enables Prometheus scraping for the manager pod.
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
metadata:
annotations:
prometheus.io/scrape: 'true'
spec:
containers:
# Expose the prometheus metrics on default port
- name: manager
ports:
- containerPort: 8080
name: metrics
protocol: TCP

15
manifests/function/capz/v0.4.8/default/manager_role_aggregation_patch.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: manager-role
labels:
cluster.x-k8s.io/aggregate-to-manager: "true"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: aggregated-manager-role

4
manifests/function/capz/v0.4.8/default/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: system

29
manifests/function/capz/v0.4.8/kustomization.yaml Normal file
View File

@ -0,0 +1,29 @@
namePrefix: capz-
# Labels to add to all resources and selectors.
commonLabels:
cluster.x-k8s.io/provider: "infrastructure-azure"
bases:
- crd
- webhook
- default
patchesJson6902:
- target:
group: apiextensions.k8s.io
version: v1
kind: CustomResourceDefinition
name: azureclusters.infrastructure.cluster.x-k8s.io
path: patch_crd_webhook_namespace.yaml
- target:
group: apiextensions.k8s.io
version: v1
kind: CustomResourceDefinition
name: azuremachines.infrastructure.cluster.x-k8s.io
path: patch_crd_webhook_namespace.yaml
- target:
group: apiextensions.k8s.io
version: v1
kind: CustomResourceDefinition
name: azuremachinetemplates.infrastructure.cluster.x-k8s.io
path: patch_crd_webhook_namespace.yaml

9
manifests/function/capz/v0.4.8/manager/kustomization.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- manager.yaml
patchesStrategicMerge:
- manager_pull_policy.yaml
- manager_image_patch.yaml
- manager_auth_proxy_patch.yaml

38
manifests/function/capz/v0.4.8/manager/manager.yaml Normal file
View File

@ -0,0 +1,38 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
labels:
control-plane: capz-controller-manager
spec:
selector:
matchLabels:
control-plane: capz-controller-manager
replicas: 1
template:
metadata:
labels:
control-plane: capz-controller-manager
spec:
containers:
- args:
- --enable-leader-election
- "--feature-gates=MachinePool=false,AKS=false}"
# - "--feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKS=${EXP_AKS:=false}"
image: controller:latest
imagePullPolicy: Always
name: manager
ports:
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
livenessProbe:
httpGet:
path: /healthz
port: healthz
terminationGracePeriodSeconds: 10

27
manifests/function/capz/v0.4.8/manager/manager_auth_proxy_patch.yaml Normal file
View File

@ -0,0 +1,27 @@
# This patch inject a sidecar container which is a HTTP proxy for the controller manager,
# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: kube-rbac-proxy
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8443
name: https
- name: manager
args:
- "--metrics-addr=127.0.0.1:8080"
- "--enable-leader-election"
- "--feature-gates=MachinePool=false,AKS=false"
# - "--feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKS=${EXP_AKS:=false}"

12
manifests/function/capz/v0.4.8/manager/manager_image_patch.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
# Change the value of image field below to your controller image URL
- image: gcr.io/k8s-staging-cluster-api-azure/cluster-api-azure-controller:v0.4.8
name: manager

11
manifests/function/capz/v0.4.8/manager/manager_pull_policy.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: manager
imagePullPolicy: Always

3
manifests/function/capz/v0.4.8/patch_crd_webhook_namespace.yaml Normal file
View File

@ -0,0 +1,3 @@
- op: replace
path: "/spec/conversion/webhook/clientConfig/service/namespace"
value: capi-webhook-system

13
manifests/function/capz/v0.4.8/rbac/auth_proxy_role.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: proxy-role
rules:
- apiGroups: ["authentication.k8s.io"]
resources:
- tokenreviews
verbs: ["create"]
- apiGroups: ["authorization.k8s.io"]
resources:
- subjectaccessreviews
verbs: ["create"]

12
manifests/function/capz/v0.4.8/rbac/auth_proxy_role_binding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: proxy-role
subjects:
- kind: ServiceAccount
name: default
namespace: system

18
manifests/function/capz/v0.4.8/rbac/auth_proxy_service.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/port: "8443"
prometheus.io/scheme: https
prometheus.io/scrape: "true"
labels:
control-plane: capz-controller-manager
name: controller-manager-metrics-service
namespace: system
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
control-plane: capz-controller-manager

10
manifests/function/capz/v0.4.8/rbac/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- role.yaml
- role_binding.yaml
- leader_election_role.yaml
- leader_election_role_binding.yaml
- auth_proxy_service.yaml
- auth_proxy_role.yaml
- auth_proxy_role_binding.yaml

26
manifests/function/capz/v0.4.8/rbac/leader_election_role.yaml Normal file
View File

@ -0,0 +1,26 @@
# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: leader-election-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch

12
manifests/function/capz/v0.4.8/rbac/leader_election_role_binding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: leader-election-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: leader-election-role
subjects:
- kind: ServiceAccount
name: default
namespace: system

188
manifests/function/capz/v0.4.8/rbac/role.yaml Normal file
View File

@ -0,0 +1,188 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: manager-role
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/status
verbs:
- get
- list
- patch
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machines
- machines/status
verbs:
- get
- list
- watch
- apiGroups:
- exp.cluster.x-k8s.io
resources:
- machinepools
- machinepools/status
verbs:
- get
- list
- watch
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
resources:
- azuremachinepools
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
resources:
- azuremachinepools/status
verbs:
- get
- patch
- update
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
resources:
- azuremanagedclusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
resources:
- azuremanagedclusters/status
verbs:
- get
- patch
- update
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
resources:
- azuremanagedcontrolplanes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
resources:
- azuremanagedcontrolplanes/status
verbs:
- get
- patch
- update
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
resources:
- azuremanagedmachinepools
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
resources:
- azuremanagedmachinepools/status
verbs:
- get
- patch
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azureclusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azureclusters/status
verbs:
- get
- patch
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azuremachines
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azuremachines/status
verbs:
- get
- patch
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azuremachinetemplates
- azuremachinetemplates/status
verbs:
- get
- list
- watch

12
manifests/function/capz/v0.4.8/rbac/role_binding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: manager-role
subjects:
- kind: ServiceAccount
name: default
namespace: system

42
manifests/function/capz/v0.4.8/webhook/kustomization.yaml Normal file
View File

@ -0,0 +1,42 @@
namespace: capi-webhook-system
resources:
- manifests.yaml
- service.yaml
- ../certmanager
- ../manager
configurations:
- kustomizeconfig.yaml
patchesStrategicMerge:
- manager_webhook_patch.yaml
- webhookcainjection_patch.yaml
vars:
- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
objref:
kind: Certificate
group: cert-manager.io
version: v1alpha2
name: serving-cert # this name should match the one in certificate.yaml
fieldref:
fieldpath: metadata.namespace
- name: CERTIFICATE_NAME
objref:
kind: Certificate
group: cert-manager.io
version: v1alpha2
name: serving-cert # this name should match the one in certificate.yaml
- name: SERVICE_NAMESPACE # namespace of the service
objref:
kind: Service
version: v1
name: webhook-service
fieldref:
fieldpath: metadata.namespace
- name: SERVICE_NAME
objref:
kind: Service
version: v1
name: webhook-service

27
manifests/function/capz/v0.4.8/webhook/kustomizeconfig.yaml Normal file
View File

@ -0,0 +1,27 @@
# the following config is for teaching kustomize where to look at when substituting vars.
# It requires kustomize v2.1.0 or newer to work properly.
nameReference:
- kind: Service
version: v1
fieldSpecs:
- kind: MutatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/name
- kind: ValidatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/name
namespace:
- kind: MutatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/namespace
create: true
- kind: ValidatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/namespace
create: true
varReference:
- path: metadata/annotations
- kind: Deployment
path: spec/template/spec/volumes/secret/secretName

28
manifests/function/capz/v0.4.8/webhook/manager_webhook_patch.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: manager
args:
- "--metrics-addr=127.0.0.1:8080"
- "--webhook-port=9443"
- "--feature-gates=MachinePool=false,AKS=false"
# - "--feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKS=${EXP_AKS:=false}"
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
volumes:
- name: cert
secret:
defaultMode: 420
secretName: $(SERVICE_NAME)-cert

172
manifests/function/capz/v0.4.8/webhook/manifests.yaml Normal file
View File

@ -0,0 +1,172 @@
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
creationTimestamp: null
name: mutating-webhook-configuration
webhooks:
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha3-azurecluster
failurePolicy: Fail
matchPolicy: Equivalent
name: default.azurecluster.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- azureclusters
sideEffects: None
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha3-azuremachine
failurePolicy: Fail
matchPolicy: Equivalent
name: default.azuremachine.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- azuremachines
sideEffects: None
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /mutate-exp-cluster-x-k8s-io-x-k8s-io-v1alpha3-azuremachinepool
failurePolicy: Fail
matchPolicy: Equivalent
name: mazuremachinepool.kb.io
rules:
- apiGroups:
- exp.cluster.x-k8s.io.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- azuremachinepools
sideEffects: None
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /mutate-exp-infrastructure-cluster-x-k8s-io-v1alpha3-azuremanagedcontrolplane
failurePolicy: Fail
name: azuremanagedcontrolplane.kb.io
rules:
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- azuremanagedcontrolplanes
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
creationTimestamp: null
name: validating-webhook-configuration
webhooks:
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha3-azurecluster
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.azurecluster.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- azureclusters
sideEffects: None
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha3-azuremachine
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.azuremachine.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- azuremachines
sideEffects: None
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /validate-exp-cluster-x-k8s-io-x-k8s-io-v1alpha3-azuremachinepool
failurePolicy: Fail
matchPolicy: Equivalent
name: vazuremachinepool.kb.io
rules:
- apiGroups:
- exp.cluster.x-k8s.io.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- azuremachinepools
sideEffects: None
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /validate-exp-infrastructure-cluster-x-k8s-io-v1alpha3-azuremanagedcontrolplane
failurePolicy: Fail
name: azuremanagedcontrolplane.kb.io
rules:
- apiGroups:
- exp.infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- azuremanagedcontrolplanes

9
manifests/function/capz/v0.4.8/webhook/service.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Service
metadata:
name: webhook-service
namespace: system
spec:
ports:
- port: 443
targetPort: webhook-server

17
manifests/function/capz/v0.4.8/webhook/webhookcainjection_patch.yaml Normal file
View File

@ -0,0 +1,17 @@
# This patch add annotation to admission webhook config and
# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
# uncomment the following lines to enable mutating and validating webhook
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: mutating-webhook-configuration
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: validating-webhook-configuration
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)

31
manifests/function/k8scontrol-capz/v0.4.8/cluster.yaml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: cluster.x-k8s.io/v1alpha3
kind: Cluster
metadata:
name: az-workload-cluster
namespace: default
spec:
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
controlPlaneRef:
apiVersion: controlplane.cluster.x-k8s.io/v1alpha3
kind: KubeadmControlPlane
name: az-workload-cluster-control-plane
infrastructureRef:
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: AzureCluster
name: az-workload-cluster
---
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: AzureCluster
metadata:
name: az-workload-cluster
namespace: default
spec:
location: centralus
networkSpec:
vnet:
name: azure-workload-vnet
resourceGroup: azure-workload
subscriptionID: 72e8991f-016d-4b25-8dad-819ab8cda24d

100
manifests/function/k8scontrol-capz/v0.4.8/controlplane.yaml Normal file
View File

@ -0,0 +1,100 @@
apiVersion: controlplane.cluster.x-k8s.io/v1alpha3
kind: KubeadmControlPlane
metadata:
name: az-workload-cluster-control-plane
namespace: default
spec:
infrastructureTemplate:
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: AzureMachineTemplate
name: az-workload-cluster-control-plane
kubeadmConfigSpec:
clusterConfiguration:
apiServer:
extraArgs:
cloud-config: /etc/kubernetes/azure.json
cloud-provider: azure
extraVolumes:
- hostPath: /etc/kubernetes/azure.json
mountPath: /etc/kubernetes/azure.json
name: cloud-config
readOnly: true
timeoutForControlPlane: 20m
controllerManager:
extraArgs:
allocate-node-cidrs: "false"
cloud-config: /etc/kubernetes/azure.json
cloud-provider: azure
cluster-name: az-workload-cluster
extraVolumes:
- hostPath: /etc/kubernetes/azure.json
mountPath: /etc/kubernetes/azure.json
name: cloud-config
readOnly: true
etcd:
local:
dataDir: /var/lib/etcddisk/etcd
diskSetup:
filesystems:
- device: /dev/disk/azure/scsi1/lun0
extraOpts:
- -E
- lazy_itable_init=1,lazy_journal_init=1
filesystem: ext4
label: etcd_disk
- device: ephemeral0.1
filesystem: ext4
label: ephemeral0
replaceFS: ntfs
partitions:
- device: /dev/disk/azure/scsi1/lun0
layout: true
overwrite: false
tableType: gpt
files:
- contentFrom:
secret:
key: azure.json
name: az-workload-cluster-control-plane-azure-json
owner: root:root
path: /etc/kubernetes/azure.json
permissions: "0644"
initConfiguration:
nodeRegistration:
kubeletExtraArgs:
cloud-config: /etc/kubernetes/azure.json
cloud-provider: azure
name: '{{ ds.meta_data["local_hostname"] }}'
joinConfiguration:
nodeRegistration:
kubeletExtraArgs:
cloud-config: /etc/kubernetes/azure.json
cloud-provider: azure
name: '{{ ds.meta_data["local_hostname"] }}'
mounts:
- - LABEL=etcd_disk
- /var/lib/etcddisk
useExperimentalRetryJoin: true
replicas: 3
version: v1.18.2
---
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: AzureMachineTemplate
metadata:
name: az-workload-cluster-control-plane
namespace: default
spec:
template:
spec:
dataDisks:
- diskSizeGB: 256
lun: 0
nameSuffix: etcddisk
location: centralus
osDisk:
diskSizeGB: 128
managedDisk:
storageAccountType: Premium_LRS
osType: Linux
sshPublicKey: ""
vmSize: Standard_D2s_v3

4
manifests/function/k8scontrol-capz/v0.4.8/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
resources:
- cluster.yaml
- controlplane.yaml
- workers.yaml

64
manifests/function/k8scontrol-capz/v0.4.8/workers.yaml Normal file
View File

@ -0,0 +1,64 @@
apiVersion: cluster.x-k8s.io/v1alpha3
kind: MachineDeployment
metadata:
name: az-workload-cluster-md-0
namespace: default
spec:
clusterName: az-workload-cluster
replicas: 3
selector:
matchLabels: null
template:
spec:
bootstrap:
configRef:
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
kind: KubeadmConfigTemplate
name: az-workload-cluster-md-0
clusterName: az-workload-cluster
infrastructureRef:
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: AzureMachineTemplate
name: az-workload-cluster-md-0
version: v1.18.2
---
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: AzureMachineTemplate
metadata:
name: az-workload-cluster-md-0
namespace: default
spec:
template:
spec:
location: centralus
osDisk:
diskSizeGB: 128
managedDisk:
storageAccountType: Premium_LRS
osType: Linux
sshPublicKey: ""
vmSize: Standard_D2s_v3
---
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
kind: KubeadmConfigTemplate
metadata:
name: az-workload-cluster-md-0
namespace: default
spec:
template:
spec:
files:
- contentFrom:
secret:
key: azure.json
name: az-workload-cluster-md-0-azure-json
owner: root:root
path: /etc/kubernetes/azure.json
permissions: "0644"
joinConfiguration:
nodeRegistration:
kubeletExtraArgs:
cloud-config: /etc/kubernetes/azure.json
cloud-provider: azure
name: '{{ ds.meta_data["local_hostname"] }}'
useExperimentalRetryJoin: true

49
manifests/site/az-test-site/shared/clusterctl/clusterctl.yaml Executable file
View File

@ -0,0 +1,49 @@
apiVersion: airshipit.org/v1alpha1
kind: Clusterctl
metadata:
labels:
airshipit.org/deploy-k8s: "false"
name: clusterctl-v1
init-options:
core-provider: "cluster-api:v0.3.7"
bootstrap-providers:
- "kubeadm:v0.3.7"
infrastructure-providers:
- "azure:v0.4.8"
control-plane-providers:
- "kubeadm:v0.3.7"
providers:
- name: "azure"
type: "InfrastructureProvider"
variable-substitution: true
versions:
v0.4.8: manifests/function/capz/v0.4.8
- name: "kubeadm"
type: "BootstrapProvider"
variable-substitution: true
versions:
v0.3.7: manifests/function/cabpk/v0.3.7
- name: "cluster-api"
type: "CoreProvider"
variable-substitution: true
versions:
v0.3.7: manifests/function/capi/v0.3.7
- name: "kubeadm"
type: "ControlPlaneProvider"
variable-substitution: true
versions:
v0.3.7: manifests/function/cacpk/v0.3.7
# env-vars: true
additional-vars:
CONTAINER_CAPI_MANAGER: us.gcr.io/k8s-artifacts-prod/cluster-api/cluster-api-controller:v0.3.7
CONTAINER_CAPI_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
CONTAINER_CABPK_MANAGER: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-bootstrap-controller:v0.3.7
CONTAINER_CABPK_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
CONTAINER_CACPK_MANAGER: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-control-plane-controller:v0.3.7
CONTAINER_CACPK_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
# Fake environment variables values so it can pass the validate-site-docs
AZURE_SUBSCRIPTION_ID_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgc3Vic2NyaXB0aW9uIGlkIGhlcmUK"
AZURE_TENANT_ID_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgdGVuYW50IGlkIGhlcmUK"
AZURE_CLIENT_ID_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgc2VydmljZSBwcmluY2lwYWwgaWQgaGVyZQo="
AZURE_CLIENT_SECRET_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgc2VydmljZSBwcmluY2lwYWwgc2VjcmV0IGhlcmUK"
AZURE_ENVIRONMENT: "AzurePublicCloud"

2
manifests/site/az-test-site/shared/clusterctl/kustomization.yaml Executable file
View File

@ -0,0 +1,2 @@
resources:
- clusterctl.yaml

2
manifests/site/az-test-site/target/azure/kustomization.yaml Executable file
View File

@ -0,0 +1,2 @@
resources:
- ../../../../function/k8scontrol-capz/v0.4.8

4
manifests/site/az-test-site/target/initinfra/kustomization.yaml Executable file
View File

@ -0,0 +1,4 @@
resources:
- ../../shared/clusterctl
commonLabels:
airshipit.org/stage: initinfra

30
playbooks/airship-collect-azure-logs.yaml Normal file
View File

@ -0,0 +1,30 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: primary
vars:
logs_dir: "/tmp/logs"
roles:
- gather-system-logs
# - airship-gather-apache-logs
# - airship-gather-libvirt-logs
# - airship-gather-runtime-logs
# - airship-airshipctl-gather-configs
environment:
LIBVIRT_DEFAULT_URI: qemu:///system
# tasks:
# - name: save logs for ephemeral cluster
# include_role:
# name: airship-gather-pod-logs

23
tools/deployment/azure/100_clean_up_resources.sh Executable file
View File

@ -0,0 +1,23 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -xe
# Deleting Target Cluster resources from Azure Cloud
echo "Deleting Target Cluster on Azure Cloud ..."
airshipctl phase render azure -k Cluster | kubectl delete --kubeconfig ~/.airship/kubeconfig -f -
# Deleting the Management cluster
kind delete cluster --name capi-azure

50
tools/deployment/azure/11_build_kind_cluster.sh Executable file
View File

@ -0,0 +1,50 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -xe
#Default wait timeout is 3600 seconds
export TIMEOUT=${TIMEOUT:-3600}
export KUBECONFIG=${KUBECONFIG:-"$HOME/.kube/config"}
REMOTE_WORK_DIR=/tmp
# get kind
echo "Fetching kind from ${KIND_URL}..."
TMP=$(KIND_URL=${KIND_URL} ./tools/document/get_kind.sh)
export KIND=${TMP}/kind
$KIND delete cluster --name capi-azure
$KIND create cluster --name capi-azure
#Wait till CAPI/CAPZ Control Plane Node is ready
end=$(($(date +%s) + $TIMEOUT))
echo "Waiting $TIMEOUT seconds for Capi Docker Control Plane node to be ready."
while true; do
if (kubectl --request-timeout 20s --kubeconfig $KUBECONFIG get nodes capi-azure-control-plane -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}' | grep -q True) ; then
echo -e "\nCAPI Docker Control Plane Node is ready."
kubectl --request-timeout 20s --kubeconfig $KUBECONFIG get nodes
break
else
now=$(date +%s)
if [ $now -gt $end ]; then
echo -e "\nCAPI Azure Control Plane Node was not ready before TIMEOUT."
exit 1
fi
echo -n .
sleep 15
fi
done

58
tools/deployment/azure/200_configure_test_vm.sh Executable file
View File

@ -0,0 +1,58 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This script transfers the local Airship project to the remote machine,
# copies the test/validation script to the remote machine and then executes it.
#
# This script is a local test simulating Zuul gates used to test and validate
# the Azure clout integration.
if [ $# -eq 3 ]; then
echo "--- Remote VM Username@IP = $1"
echo "--- Local Airship Dir = $2"
echo "--- Credentials Script = $3"
export REMOTE_VM=$1
export LOCAL_AIRSHIP_DIR=$2
export CREDENTIALS=$3
else
echo "Syntax: 200_configure-remote-vm.sh <Remote VM Username> <Remote VM IP> <Local Airship Dir>"
echo " <Remote VM Username>: Username@VM_IP to login to the Remote VM"
echo " <Local Airship Dir>: Directory containing the Airship project, e.g., /home/esidshi/projects/airshipctl/"
echo " <Credentials script>: script to be used by remote VM for setting the credentials for public Clouds"
exit 1
fi
echo "Remote Username@VM = $REMOTE_VM"
echo "Local Airship Dir" = $LOCAL_AIRSHIP_DIR
echo "Credentials Script = $CREDENTIALS"
# Pushing local SSH Public Key to Remote VM
echo "Adding local VM public in the Remote VM ..."
ssh-copy-id -o StrictHostKeyChecking=no -i ~/.ssh/id_rsa.pub $REMOTE_VM
# Installing Docker in the remote VM
echo "Installing Docker ..."
# ssh $REMOTE_VM 'sudo apt update -y && sudo apt install docker.io && sudo usermod -aG docker $USER'
ssh $REMOTE_VM 'sudo apt-get remove docker docker-engine docker.io containerd runc && sudo apt-get update'
ssh $REMOTE_VM 'sudo apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common'
ssh $REMOTE_VM 'curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - && sudo apt-key fingerprint 0EBFCD88'
ssh $REMOTE_VM 'sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"'
ssh $REMOTE_VM 'sudo apt-get update && sudo apt-get install -y docker-ce docker-ce-cli containerd.io && sudo usermod -aG docker $USER'
# Installing Make in the remote VM
ssh $REMOTE_VM 'sudo apt-get update -y && sudo apt install make'
# Transfer the manifests to the remote VM and start the local test
$LOCAL_AIRSHIP_DIR/tools/deployment/azure/200_transfer_airshipctl.sh $REMOTE_VM $LOCAL_AIRSHIP_DIR $CREDENTIALS

78
tools/deployment/azure/200_transfer_airshipctl.sh Executable file
View File

@ -0,0 +1,78 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This script transfers the local Airship project to the remote machine,
# copies the test/validation script to the remote machine and then executes it.
#
# This script is a local test simulating Zuul gates used to test and validate
# the Azure clout integration.
if [ -n "$3" ]; then
echo "--- Remote username@VM = $1"
echo "--- Local Airship Dir = $2"
echo "--- Credentials script = $3"
export REMOTE_VM=$1
export LOCAL_AIRSHIP_DIR=$2
export CREDENTIALS=$3
else
echo "Syntax: 200_transfer_airshipctl.sh <Remote VM Username> <Remote VM IP> <Local Airship Dir>"
echo " <Remote VM>: Username@VM to login to the Remote VM"
echo " <Local Airship Dir>: Directory containing the Airship project, e.g., /home/esidshi/projects/airshipctl/"
echo " <Credentials script>: used by remote VM to set public Cloud credentials"
exit 1
fi
export REMOTE_USERNAME=$(echo $REMOTE_VM | cut -d'@' -f 1)
echo "Remote Username = $REMOTE_USERNAME"
echo "Remote VM = $REMOTE_VM"
echo "Local Airshipt Dir = $LOCAL_AIRSHIP_DIR"
echo "Credentials Script = $CREDENTIALS"
# Preparing the Remote VM to the "Zero Touch" Validation
cd $LOCAL_AIRSHIP_DIR
echo "sudo mkdir /home/zuul"
ssh -o StrictHostKeyChecking=no $REMOTE_VM 'sudo mkdir /home/zuul'
echo "sudo chown ${REMOTE_USERNAME} /home/zuul"
ssh $REMOTE_VM "sudo chown ${REMOTE_USERNAME} /home/zuul"
echo "sudo chgrp ${REMOTE_USERNAME} /home/zuul"
ssh $REMOTE_VM "sudo chgrp ${REMOTE_USERNAME} /home/zuul"
echo "mkdir /home/zuul/src"
ssh $REMOTE_VM 'mkdir /home/zuul/src'
echo "mkdir /home/zuul/src/opendev.org"
ssh $REMOTE_VM 'mkdir /home/zuul/src/opendev.org'
echo "mkdir /home/zuul/src/opendev.org/airship"
ssh $REMOTE_VM 'mkdir /home/zuul/src/opendev.org/airship'
echo "scp -r $LOCAL_AIRSHIP_DIR/ $REMOTE_VM:/home/zuul/src/opendev.org/airship/airshipctl"
scp -r $LOCAL_AIRSHIP_DIR/ $REMOTE_VM:/home/zuul/src/opendev.org/airship/airshipctl
echo "scp $LOCAL_AIRSHIP_DIR/tools/deployment/azure/201_zuul_local_test.sh $REMOTE_VM:~"
scp $LOCAL_AIRSHIP_DIR/tools/deployment/azure/201_zuul_local_test.sh $REMOTE_VM:~
scp $CREDENTIALS $REMOTE_VM:~
# echo "ssh $REMOTE_VM 'bash ~/201_zuul_local_test.sh'"
export CREDENTIALS_FILENAME=$(echo ${CREDENTIALS##*/}) # extract the script filename only
echo "CREDENTIALS_FILENAME = $CREDENTIALS_FILENAME"
# Setting Public Cloud credentials as environment variables in the remote VM
ssh $REMOTE_VM "cat ${CREDENTIALS_FILENAME} >> ~/.profile"
# Executing the local test
ssh $REMOTE_VM '/bin/bash ~/201_zuul_local_test.sh'

100
tools/deployment/azure/201_zuul_local_test.sh Executable file
View File

@ -0,0 +1,100 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This script simulates the Zuul gates for validation of Azure cloud integration.
# It goes through all gates for locally in the remote VM.
echo "----- Using default airship directory"
export AIRSHIPDIR="/home/zuul/src/opendev.org/airship/airshipctl"
export AIRSHIPCTL_WS="/home/zuul/src/opendev.org/airship/airshipctl"
export PATH=$PATH:/usr/local/go/bin/
# Setting Public Cloud Credentials as Environment Variables
echo "source ~/.profile"
source ~/.profile
echo "Azure Subscription ID = $AZURE_SUBSCRIPTION_ID"
echo "Azure Tenant ID = $AZURE_TENANT_ID"
echo "Google Cloud Project ID = $GCP_PROJECT"
echo "Google Cloud Account ID = $GCP_ACCOUNT"
cd $AIRSHIPCTL_WS
echo "----- Airship Directory = $AIRSHIPCTL_WS"
# Installation of Kubectl
echo "************************************************************************"
echo "***** Installation of Kubectl ..."
./tools/deployment/01_install_kubectl.sh
if [ $? -ne 0 ]; then
echo ">>>>> Failed to Install Kubectl CLI"
exit 1
fi
# Build Kind Cluster
echo "************************************************************************"
echo "***** Building Kind Cluster ..."
./tools/deployment/azure/11_build_kind_cluster.sh
if [ $? -ne 0 ]; then
echo ">>>>> Failed to build Kind cluster"
exit 1
fi
# Building airshipctl command
echo "************************************************************************"
echo "***** Building airshipctl command ..."
./tools/deployment/21_systemwide_executable.sh
if [ $? -ne 0 ]; then
echo ">>>>> Failed to build airshipctl CLI"
exit 1
fi
# Creating Airship config file
echo "************************************************************************"
echo "***** Creating Airship config file ..."
./tools/deployment/azure/31_create_configs.sh
if [ $? -ne 0 ]; then
echo ">>>>> Failed to create airshipctl config file"
exit 1
fi
# Initializing CAPI and CAPZ components for the Managemeng cluster
echo "************************************************************************"
echo "***** Initializing CAPI and CAPZ components for the Managemeng cluster ..."
./tools/deployment/azure/41_initialize_management_cluster.sh
if [ $? -ne 0 ]; then
echo ">>>>> Failed to initialize the Ephemeral cluster with CAPI/CAPZ components"
exit 1
fi
# Deploying the Target Cluster in Azure cloud
echo "************************************************************************"
echo "***** Deploying the Target Cluster in azure cloud ..."
./tools/deployment/azure/51_deploy_workload_cluster.sh
if [ $? -ne 0 ]; then
echo ">>>>> Failed to deploy Target/Workload cluster on Azure Cloud"
exit 1
fi
# Sleep for 15 min before start cleaning up everything.
echo "Waiting for 15 min..."
sleep 15m
# Cleaning up Resources
echo "************************************************************************"
echo "***** Cleaning up resources ..."
./tools/deployment/azure/100_clean_up_resources.sh
if [ $? -ne 0 ]; then
echo ">>>>> Failed to clean up all public cloud resources created to this test"
exit 1
fi

53
tools/deployment/azure/31_create_configs.sh Executable file
View File

@ -0,0 +1,53 @@
#!/usr/bin/env bash
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -xe
export ISO_DIR=${ISO_DIR:-"/srv/iso"}
export SERVE_PORT=${SERVE_PORT:-"8099"}
export AIRSHIPCTL_WS=${AIRSHIPCTL_WS:-$PWD}
export USER_NAME=${USER:-"ubuntu"}
export USE_PROXY=${USE_PROXY:-"false"}
export HTTPS_PROXY=${HTTPS_PROXY:-${https_proxy}}
export HTTPS_PROXY=${HTTP_PROXY:-${http_proxy}}
export NO_PROXY=${NO_PROXY:-${no_proxy}}
export REMOTE_WORK_DIR=${remote_work_dir:-"/tmp/airship"}
export AIRSHIP_CONFIG_ISO_GEN_TARGET_PATH=${ISO_DIR}
export AIRSHIP_CONFIG_ISO_BUILDER_DOCKER_IMAGE=${BUILDER_IMAGE:-"quay.io/airshipit/isogen:latest-debian_stable"}
export REMOTE_TYPE=redfish
export REMOTE_INSECURE=true
export REMOTE_PROXY=false
export AIRSHIP_CONFIG_ISO_SERVE_HOST=${HOST:-"localhost"}
export AIRSHIP_CONFIG_ISO_PORT=${SERVE_PORT}
export AIRSHIP_CONFIG_ISO_NAME=${ISO_NAME:-"debian-custom.iso"}
export SYSTEM_ACTION_RETRIES=30
export SYSTEM_REBOOT_DELAY=30
export AIRSHIP_CONFIG_PRIMARY_REPO_BRANCH=${BRANCH:-"master"}
# the git repo url or local file system path to a cloned repo, e.g., /home/stack/airshipctl
export AIRSHIP_CONFIG_PRIMARY_REPO_URL=${REPO:-"https://review.opendev.org/airship/airshipctl"}
export AIRSHIP_SITE_NAME="airshipctl/manifests/site/az-test-site"
export AIRSHIP_CONFIG_MANIFEST_DIRECTORY=${remote_work_dir}
export AIRSHIP_CONFIG_CA_DATA=$(cat tools/deployment/certificates/airship_config_ca_data| base64 -w0)
export AIRSHIP_CONFIG_EPHEMERAL_IP=${IP_Ephemeral:-"10.23.25.101"}
export AIRSHIP_CONFIG_CLIENT_CERT_DATA=$(cat tools/deployment/certificates/airship_config_client_cert_data| base64 -w0)
export AIRSHIP_CONFIG_CLIENT_KEY_DATA=$(cat tools/deployment/certificates/airship_config_client_key_data| base64 -w0)
#Remove and Create .airship folder
rm -rf $HOME/.airship
mkdir -p $HOME/.airship
cp ~/.kube/config ~/.airship/kubeconfig
echo "Generate ~/.airship/config and ~/.airship/kubeconfig"
envsubst <"${AIRSHIPCTL_WS}/tools/deployment/templates/azure_airshipconfig_template" > ~/.airship/config

26
tools/deployment/azure/41_initialize_management_cluster.sh Executable file
View File

@ -0,0 +1,26 @@
#!/usr/bin/env bash
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -xe
export AIRSHIPCTL_WS=${AIRSHIPCTL_WS:-$PWD}
export KUBECONFIG=${KUBECONFIG:-"$HOME/.airship/kubeconfig"}
echo "Initialize Management Cluster with CAPI and CAPZ Components"
airshipctl cluster init --debug
echo "Waiting for all pods to come up"
kubectl --kubeconfig $KUBECONFIG wait --for=condition=ready pods --all --timeout=1000s -A
kubectl --kubeconfig $KUBECONFIG get pods -A

77
tools/deployment/azure/51_deploy_workload_cluster.sh Executable file
View File

@ -0,0 +1,77 @@
#!/usr/bin/env bash
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
echo "Deploy Target Workload Cluster"
airshipctl phase apply azure
echo "Get kubeconfig from secret"
KUBECONFIG=""
N=0
MAX_RETRY=30
DELAY=60
until [ "$N" -ge ${MAX_RETRY} ]
do
KUBECONFIG=$(kubectl --kubeconfig ~/.airship/kubeconfig --namespace=default get secret/az-workload-cluster-kubeconfig -o jsonpath={.data.value} || true)
if [[ ! -z "$KUBECONFIG" ]]; then
break
fi
N=$((N+1))
echo "$N: Retry to get target cluster kubeconfig from secret."
sleep ${DELAY}
done
if [[ -z "$KUBECONFIG" ]]; then
echo "Could not get target cluster kubeconfig from sceret."
exit 1
fi
echo "Create kubeconfig"
echo ${KUBECONFIG} | base64 -d > /tmp/target.kubeconfig
echo "Get Machine State"
kubectl get machines
echo "Check kubectl version"
VERSION=""
N=0
MAX_RETRY=30
DELAY=60
until [ "$N" -ge ${MAX_RETRY} ]
do
VERSION=$(timeout 20 kubectl --kubeconfig /tmp/target.kubeconfig version | grep 'Server Version' || true)
if [[ ! -z "$VERSION" ]]; then
break
fi
N=$((N+1))
echo "$N: Retry to get kubectl version."
sleep ${DELAY}
done
if [[ -z "$VERSION" ]]; then
echo "Could not get kubectl version."
exit 1
fi
echo "Check nodes status"
kubectl --kubeconfig /tmp/target.kubeconfig wait --for=condition=Ready node --all --timeout 900s
kubectl get nodes --kubeconfig /tmp/target.kubeconfig
echo "Get cluster state"
kubectl --kubeconfig ${HOME}/.airship/kubeconfig get cluster

60
tools/deployment/azure/README.md Normal file
View File

@ -0,0 +1,60 @@
# Zuul Gate Scripts for Bootstrap Container/Ephemeral Cluster/Azure Target Cluster
This folder container the Zuul Gate Scripts for configuring the tools necessary to
automatically validate the building of Bootstrap Container (Go app + Docker Image),
deployment of Ephemeral Cluster on Azure Cloud and Google Cloud, then using the
Azure Ephemeral Cluster to deploy the Target Cluster on Azure Cloud.
## Installing and Configuring Tools
The following scripts are used to install and configure tools such as "kubectl", "Go", "Kustomize" and "airshipctl":
- 01_install_kubectl.sh - installs "kubectl" CLI
- 02_install_go.sh - installs the "Go" language
- 03_install_kustomize_docker.sh - install "kustomize" CLI
- 21_systemwide_executable.sh - build the "airshipctl" CLI
## Bootstrap Container and Ephemeral Cluster
The following scrips are used to deploy the Ephemeral cluster on Azure and Google Cloud.
- 41_deploy_azure_ephemeral_cluster.sh - creates the Azure Bootstrap container that deploys the Azure (AKS) Ephemeral cluster
- 41_initialize_management_cluster.sh - creates the GCP Bootstrap container that deploys the GCP (GKE) Ephemeral cluster
> NOTE: the Bootstrap container images shall be built and pushed to **quay.io** registry prior to executing these scripts.
## Initializing the Ephemeral cluster and Deploying the Target Cluster
The following scripts initialize the Ephemeral cluster with CAPI and CAPZ components
and deploy the Target/Workload cluster on the Azure Cloud platform.
- 41_initialize_management_cluster.sh - initializes the Azure Ephemeral cluster with CAPI and CAPZ components
- 51_deploy_workload_cluster.sh - deploys a Target/Workload cluster on the Azure Cloud platform
And last but not least, the following scripts is a clean up script, deleting all resources created
the public clouds, including the ephemeral clusters.
- 100_clean_up_resources.sh
## Supporting Local Test Scripts
The scripts in this section are used for testing the end-to-end testing pipeline outside the Zuul
environment. It simulates the Zuul pipeline on a clean remote VM, e.g., VM created on Azure Cloud.
- 201_zuul_local_test.sh - simulates the sequence of scripts to run on a Zuul environment.
- 200_transfer_airshipctl.sh - this script transfers the airshipctl local repository to the test VM then executes 201_zuul_local_test.sh
- 200_configure_test_vm.sh - Prepares the test VM with basic tools such as "make" and "docker", then executes 200_transfer_airshipctl.sh.
By executing *200_configure_test_vm.sh* on a development server will trigger the entire test pipeline, i.e., "Zero Touch" local test.
Pre-requisite: the *200_configure_test_vm.sh* requires a special script file that exports environment variables specific for the
Azure and GCP Cloud account credentials. See template for this script below:
```bash
# Azure cloud authentication credentials.
export AZURE_SUBSCRIPTION_ID="<Your Azure Subscription ID>"
export AZURE_TENANT_ID="<Your Tenant ID>"
export AZURE_CLIENT_ID="<Your Service Principal ID>"
export AZURE_CLIENT_SECRET="<Your Service Principal Secret>"
# To use the default public cloud, otherwise set to AzureChinaCloud|AzureGermanCloud|AzureUSGovernmentCloud
export AZURE_ENVIRONMENT="AzurePublicCloud"
export AZURE_SUBSCRIPTION_ID_B64="$(echo -n "$AZURE_SUBSCRIPTION_ID" | base64 | tr -d '\n')"
export AZURE_TENANT_ID_B64="$(echo -n "$AZURE_TENANT_ID" | base64 | tr -d '\n')"
export AZURE_CLIENT_ID_B64="$(echo -n "$AZURE_CLIENT_ID" | base64 | tr -d '\n')"
export AZURE_CLIENT_SECRET_B64="$(echo -n "$AZURE_CLIENT_SECRET" | base64 | tr -d '\n')"
# GCP Environment Variables
export GCP_PROJECT=<Your Google Cloud Project ID>
export GCP_ACCOUNT=<Your Google Cloud Account ID>
```

34
tools/deployment/templates/azure_airshipconfig_template Normal file
View File

@ -0,0 +1,34 @@
apiVersion: airshipit.org/v1alpha1
clusters:
kind-capi-azure:
clusterType:
target:
bootstrapInfo: default
clusterKubeconf: kind-capi-azure_target
managementConfiguration: default
contexts:
kind-capi-azure:
contextKubeconf: kind-capi-azure_target
manifest: azure_manifest
currentContext: kind-capi-azure
kind: Config
managementConfiguration:
default:
systemActionRetries: 30
systemRebootDelay: 30
type: azure
manifests:
azure_manifest:
primaryRepositoryName: primary
repositories:
primary:
checkout:
branch: ${AIRSHIP_CONFIG_PRIMARY_REPO_BRANCH}
commitHash: ""
force: false
tag: ""
url: https://review.opendev.org/airship/airshipctl
subPath: manifests/site/az-test-site
targetPath: /home/zuul/src/opendev.org/airship/airshipctl
users:
kind-capi-azure: {}

20
zuul.d/jobs.yaml
View File

@ -125,6 +125,26 @@
- airship-gather-pod-logs
voting: false
- job:
name: airship-airshipctl-gate-script-runner-azuretest
attempts: 1
timeout: 3600
pre-run: playbooks/airship-airshipctl-deploy-docker.yaml
post-run: playbooks/airship-collect-azure-logs.yaml
run: playbooks/airshipctl-gate-runner.yaml
nodeset: airship-airshipctl-single-node
vars:
site_name: azure-test-site
gate_scripts:
- ./tools/deployment/01_install_kubectl.sh
- ./tools/deployment/azure/11_build_kind_cluster.sh
- ./tools/deployment/21_systemwide_executable.sh
- ./tools/deployment/azure/31_create_configs.sh
- ./tools/deployment/azure/41_initialize_management_cluster.sh
serve_dir: /srv/iso
serve_port: 8099
voting: false
- job:
name: airship-airshipctl-publish-image
parent: airship-airshipctl-build-image

1
zuul.d/projects.yaml
View File

@ -25,6 +25,7 @@
- airship-airshipctl-validate-site-docs
# - airship-airshipctl-functional-existing-k8s TODO: Enable this when functional tests exist, and a cluster is up
- airship-airshipctl-gate-script-runner
- airship-airshipctl-gate-script-runner-azuretest
gate:
jobs:
- openstack-tox-docs: *docs