CAPZ v0.5.2 Uplift

This patchset provides the manifests supporting CAPZ v0.5.2.
It requires CAPI v1alpha4 (v0.4.2) manifests and clusterctl v0.4.2
binary to work properly.

Depends-on: https://review.opendev.org/c/airship/airshipctl/+/804834
Relates-to: #600
Change-Id: Icccaf84d8765c75fb19bb2be352086cc33647f30
This commit is contained in:
Shiba, Sidney 2021-09-20 15:31:22 +00:00
parent 614f7fe3bc
commit f3ad42960a
83 changed files with 12144 additions and 1 deletions

View File

@ -0,0 +1,24 @@
# The following manifests contain a self-signed issuer CR and a certificate CR.
# More document can be found at https://docs.cert-manager.io
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: selfsigned-issuer
namespace: system
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml
namespace: system
spec:
# $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
dnsNames:
- $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
- $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
issuerRef:
kind: Issuer
name: selfsigned-issuer
secretName: $(SERVICE_NAME)-cert

View File

@ -0,0 +1,4 @@
resources:
- certificate.yaml
configurations:
- kustomizeconfig.yaml

View File

@ -0,0 +1,19 @@
# This configuration is for teaching kustomize how to update name ref and var substitution
nameReference:
- kind: Issuer
group: cert-manager.io
fieldSpecs:
- kind: Certificate
group: cert-manager.io
path: spec/issuerRef/name
varReference:
- kind: Certificate
group: cert-manager.io
path: spec/commonName
- kind: Certificate
group: cert-manager.io
path: spec/dnsNames
- kind: Certificate
group: cert-manager.io
path: spec/secretName

View File

@ -0,0 +1,321 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.1
creationTimestamp: null
name: azureclusteridentities.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureClusterIdentity
listKind: AzureClusterIdentityList
plural: azureclusteridentities
singular: azureclusteridentity
scope: Namespaced
versions:
- name: v1alpha3
schema:
openAPIV3Schema:
description: AzureClusterIdentity is the Schema for the azureclustersidentities
API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureClusterIdentitySpec defines the parameters that are
used to create an AzureIdentity.
properties:
allowedNamespaces:
description: "AllowedNamespaces is an array of namespaces that AzureClusters
can use this Identity from. \n An empty list (default) indicates
that AzureClusters can use this Identity from any namespace. This
field is intentionally not a pointer because the nil behavior (no
namespaces) is undesirable here."
items:
type: string
type: array
clientID:
description: Both User Assigned MSI and SP can use this field.
type: string
clientSecret:
description: ClientSecret is a secret reference which should contain
either a Service Principal password or certificate secret.
properties:
name:
description: Name is unique within a namespace to reference a
secret resource.
type: string
namespace:
description: Namespace defines the space within which the secret
name must be unique.
type: string
type: object
resourceID:
description: User assigned MSI resource id.
type: string
tenantID:
description: Service principal primary tenant id.
type: string
type:
description: UserAssignedMSI or Service Principal
enum:
- ServicePrincipal
- UserAssignedMSI
type: string
required:
- clientID
- tenantID
- type
type: object
status:
description: AzureClusterIdentityStatus defines the observed state of
AzureClusterIdentity.
properties:
conditions:
description: Conditions defines current service state of the AzureClusterIdentity.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another. This should be when the underlying condition changed.
If that is not known, then using the time when the API field
changed is acceptable.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition. This field may be empty.
type: string
reason:
description: The reason for the condition's last transition
in CamelCase. The specific API may choose whether or not this
field is considered a guaranteed API. This field may not be
empty.
type: string
severity:
description: Severity provides an explicit classification of
Reason code, so the users or machines can immediately understand
the current situation and act accordingly. The Severity field
MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important.
type: string
required:
- status
- type
type: object
type: array
type: object
type: object
served: true
storage: false
subresources:
status: {}
- name: v1alpha4
schema:
openAPIV3Schema:
description: AzureClusterIdentity is the Schema for the azureclustersidentities
API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureClusterIdentitySpec defines the parameters that are
used to create an AzureIdentity.
properties:
allowedNamespaces:
description: AllowedNamespaces is used to identify the namespaces
the clusters are allowed to use the identity from. Namespaces can
be selected either using an array of namespaces or with label selector.
An empty allowedNamespaces object indicates that AzureClusters can
use this identity from any namespace. If this object is nil, no
namespaces will be allowed (default behaviour, if this field is
not provided) A namespace should be either in the NamespaceList
or match with Selector to use the identity.
nullable: true
properties:
list:
description: A nil or empty list indicates that AzureCluster cannot
use the identity from any namespace.
items:
type: string
nullable: true
type: array
selector:
description: "Selector is a selector of namespaces that AzureCluster
can use this Identity from. This is a standard Kubernetes LabelSelector,
a label query over a set of resources. The result of matchLabels
and matchExpressions are ANDed. \n A nil or empty selector indicates
that AzureCluster cannot use this AzureClusterIdentity from
any namespace."
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
type: object
type: object
clientID:
description: Both User Assigned MSI and SP can use this field.
type: string
clientSecret:
description: ClientSecret is a secret reference which should contain
either a Service Principal password or certificate secret.
properties:
name:
description: Name is unique within a namespace to reference a
secret resource.
type: string
namespace:
description: Namespace defines the space within which the secret
name must be unique.
type: string
type: object
resourceID:
description: User assigned MSI resource id.
type: string
tenantID:
description: Service principal primary tenant id.
type: string
type:
description: UserAssignedMSI or Service Principal
enum:
- ServicePrincipal
- UserAssignedMSI
type: string
required:
- clientID
- tenantID
- type
type: object
status:
description: AzureClusterIdentityStatus defines the observed state of
AzureClusterIdentity.
properties:
conditions:
description: Conditions defines current service state of the AzureClusterIdentity.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another. This should be when the underlying condition changed.
If that is not known, then using the time when the API field
changed is acceptable.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition. This field may be empty.
type: string
reason:
description: The reason for the condition's last transition
in CamelCase. The specific API may choose whether or not this
field is considered a guaranteed API. This field may not be
empty.
type: string
severity:
description: Severity provides an explicit classification of
Reason code, so the users or machines can immediately understand
the current situation and act accordingly. The Severity field
MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important.
type: string
required:
- status
- type
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,237 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.1
creationTimestamp: null
name: azuremachinepoolmachines.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureMachinePoolMachine
listKind: AzureMachinePoolMachineList
plural: azuremachinepoolmachines
shortNames:
- ampm
singular: azuremachinepoolmachine
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Kubernetes version
jsonPath: .status.version
name: Version
type: string
- description: Flag indicating infrastructure is successfully provisioned
jsonPath: .status.ready
name: Ready
type: string
- description: Azure VMSS VM provisioning state
jsonPath: .status.provisioningState
name: State
type: string
- description: Cluster to which this AzureMachinePoolMachine belongs
jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
name: Cluster
priority: 1
type: string
- description: Azure VMSS VM ID
jsonPath: .spec.providerID
name: VMSS VM ID
priority: 1
type: string
name: v1alpha4
schema:
openAPIV3Schema:
description: AzureMachinePoolMachine is the Schema for the azuremachinepoolmachines
API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureMachinePoolMachineSpec defines the desired state of
AzureMachinePoolMachine.
properties:
instanceID:
description: InstanceID is the identification of the Machine Instance
within the VMSS
type: string
providerID:
description: ProviderID is the identification ID of the Virtual Machine
Scale Set
type: string
required:
- instanceID
- providerID
type: object
status:
description: AzureMachinePoolMachineStatus defines the observed state
of AzureMachinePoolMachine.
properties:
conditions:
description: Conditions defines current service state of the AzureMachinePool.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another. This should be when the underlying condition changed.
If that is not known, then using the time when the API field
changed is acceptable.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition. This field may be empty.
type: string
reason:
description: The reason for the condition's last transition
in CamelCase. The specific API may choose whether or not this
field is considered a guaranteed API. This field may not be
empty.
type: string
severity:
description: Severity provides an explicit classification of
Reason code, so the users or machines can immediately understand
the current situation and act accordingly. The Severity field
MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important.
type: string
required:
- status
- type
type: object
type: array
failureMessage:
description: "FailureMessage will be set in the event that there is
a terminal problem reconciling the MachinePool and will contain
a more verbose string suitable for logging and human consumption.
\n Any transient errors that occur during the reconciliation of
MachinePools can be added as events to the MachinePool object and/or
logged in the controller's output."
type: string
failureReason:
description: "FailureReason will be set in the event that there is
a terminal problem reconciling the MachinePool machine and will
contain a succinct value suitable for machine interpretation. \n
Any transient errors that occur during the reconciliation of MachinePools
can be added as events to the MachinePool object and/or logged in
the controller's output."
type: string
instanceName:
description: InstanceName is the name of the Machine Instance within
the VMSS
type: string
latestModelApplied:
description: LatestModelApplied indicates the instance is running
the most up-to-date VMSS model. A VMSS model describes the image
version the VM is running. If the instance is not running the latest
model, it means the instance may not be running the version of Kubernetes
the Machine Pool has specified and needs to be updated.
type: boolean
longRunningOperationState:
description: LongRunningOperationState saves the state for an Azure
long running operations so it can be continued on the next reconciliation
loop.
properties:
futureData:
description: FutureData is the base64 url encoded json Azure AutoRest
Future
type: string
name:
description: Name is the name of the Azure resource
type: string
resourceGroup:
description: ResourceGroup is the Azure resource group for the
resource
type: string
type:
description: Type describes the type of future, update, create,
delete, etc
type: string
required:
- type
type: object
nodeRef:
description: NodeRef will point to the corresponding Node if it exists.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead of
an entire object, this string should contain a valid JSON/Go
field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within
a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]"
(container with index 2 in this pod). This syntax is chosen
only to have some well-defined way of referencing a part of
an object. TODO: this design is not final and this field is
subject to change in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
provisioningState:
description: ProvisioningState is the provisioning state of the Azure
virtual machine instance.
type: string
ready:
description: Ready is true when the provider resource is ready.
type: boolean
version:
description: Version defines the Kubernetes version for the VM Instance
type: string
required:
- latestModelApplied
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,961 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.1
creationTimestamp: null
name: azuremachines.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureMachine
listKind: AzureMachineList
plural: azuremachines
singular: azuremachine
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: AzureMachine ready status
jsonPath: .status.ready
name: Ready
type: string
- description: Azure VM provisioning state
jsonPath: .status.vmState
name: State
type: string
- description: Cluster to which this AzureMachine belongs
jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
name: Cluster
priority: 1
type: string
- description: Machine object to which this AzureMachine belongs
jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
name: Machine
priority: 1
type: string
- description: Azure VM ID
jsonPath: .spec.providerID
name: VM ID
priority: 1
type: string
- description: Azure VM Size
jsonPath: .spec.vmSize
name: VM Size
priority: 1
type: string
name: v1alpha3
schema:
openAPIV3Schema:
description: AzureMachine is the Schema for the azuremachines API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureMachineSpec defines the desired state of AzureMachine.
properties:
acceleratedNetworking:
description: AcceleratedNetworking enables or disables Azure accelerated
networking. If omitted, it will be set based on whether the requested
VMSize supports accelerated networking. If AcceleratedNetworking
is set to true with a VMSize that does not support it, Azure will
return an error.
type: boolean
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to add to an
instance, in addition to the ones added by default by the Azure
provider. If both the AzureCluster and the AzureMachine specify
the same tag name with different values, the AzureMachine's value
takes precedence.
type: object
allocatePublicIP:
description: AllocatePublicIP allows the ability to create dynamic
public ips for machines where this value is true.
type: boolean
availabilityZone:
description: 'DEPRECATED: use FailureDomain instead'
properties:
enabled:
type: boolean
id:
type: string
type: object
dataDisks:
description: DataDisk specifies the parameters that are used to add
one or more data disks to the machine
items:
description: DataDisk specifies the parameters that are used to
add one or more data disks to the machine.
properties:
cachingType:
type: string
diskSizeGB:
description: DiskSizeGB is the size in GB to assign to the data
disk.
format: int32
type: integer
lun:
description: Lun Specifies the logical unit number of the data
disk. This value is used to identify data disks within the
VM and therefore must be unique for each data disk attached
to a VM. The value must be between 0 and 63.
format: int32
type: integer
managedDisk:
description: ManagedDisk defines the managed disk options for
a VM.
properties:
diskEncryptionSet:
description: DiskEncryptionSetParameters defines disk encryption
options.
properties:
id:
description: ID defines resourceID for diskEncryptionSet
resource. It must be in the same subscription
type: string
type: object
storageAccountType:
type: string
required:
- storageAccountType
type: object
nameSuffix:
description: NameSuffix is the suffix to be appended to the
machine name to generate the disk name. Each disk name will
be in format <machineName>_<nameSuffix>.
type: string
required:
- diskSizeGB
- nameSuffix
type: object
type: array
enableIPForwarding:
description: EnableIPForwarding enables IP Forwarding in Azure which
is required for some CNI's to send traffic from a pods on one machine
to another. This is required for IpV6 with Calico in combination
with User Defined Routes (set by the Azure Cloud Controller manager).
Default is false for disabled.
type: boolean
failureDomain:
description: FailureDomain is the failure domain unique identifier
this Machine should be attached to, as defined in Cluster API. This
relates to an Azure Availability Zone
type: string
identity:
default: None
description: Identity is the type of identity used for the virtual
machine. The type 'SystemAssigned' is an implicitly created identity.
The generated identity will be assigned a Subscription contributor
role. The type 'UserAssigned' is a standalone Azure resource provided
by the user and assigned to the VM
enum:
- None
- SystemAssigned
- UserAssigned
type: string
image:
description: Image is used to provide details of an image to use during
VM creation. If image details are omitted the image will default
the Azure Marketplace "capi" offer, which is based on Ubuntu.
properties:
id:
description: ID specifies an image to use by ID
type: string
marketplace:
description: Marketplace specifies an image to use from the Azure
Marketplace
properties:
offer:
description: Offer specifies the name of a group of related
images created by the publisher. For example, UbuntuServer,
WindowsServer
minLength: 1
type: string
publisher:
description: Publisher is the name of the organization that
created the image
minLength: 1
type: string
sku:
description: SKU specifies an instance of an offer, such as
a major release of a distribution. For example, 18.04-LTS,
2019-Datacenter
minLength: 1
type: string
thirdPartyImage:
default: false
description: ThirdPartyImage indicates the image is published
by a third party publisher and a Plan will be generated
for it.
type: boolean
version:
description: Version specifies the version of an image sku.
The allowed formats are Major.Minor.Build or 'latest'. Major,
Minor, and Build are decimal numbers. Specify 'latest' to
use the latest version of an image available at deploy time.
Even if you use 'latest', the VM image will not automatically
update after deploy time even if a new version becomes available.
minLength: 1
type: string
required:
- offer
- publisher
- sku
- version
type: object
sharedGallery:
description: SharedGallery specifies an image to use from an Azure
Shared Image Gallery
properties:
gallery:
description: Gallery specifies the name of the shared image
gallery that contains the image
minLength: 1
type: string
name:
description: Name is the name of the image
minLength: 1
type: string
resourceGroup:
description: ResourceGroup specifies the resource group containing
the shared image gallery
minLength: 1
type: string
subscriptionID:
description: SubscriptionID is the identifier of the subscription
that contains the shared image gallery
minLength: 1
type: string
version:
description: Version specifies the version of the marketplace
image. The allowed formats are Major.Minor.Build or 'latest'.
Major, Minor, and Build are decimal numbers. Specify 'latest'
to use the latest version of an image available at deploy
time. Even if you use 'latest', the VM image will not automatically
update after deploy time even if a new version becomes available.
minLength: 1
type: string
required:
- gallery
- name
- resourceGroup
- subscriptionID
- version
type: object
type: object
location:
description: 'DEPRECATED: to support old clients, will be removed
in v1alpha4'
type: string
osDisk:
description: OSDisk specifies the parameters for the operating system
disk of the machine
properties:
cachingType:
type: string
diffDiskSettings:
description: DiffDiskSettings describe ephemeral disk settings
for the os disk.
properties:
option:
description: Option enables ephemeral OS when set to "Local"
See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks
for full details
enum:
- Local
type: string
required:
- option
type: object
diskSizeGB:
format: int32
type: integer
managedDisk:
description: ManagedDisk defines the managed disk options for
a VM.
properties:
diskEncryptionSet:
description: DiskEncryptionSetParameters defines disk encryption
options.
properties:
id:
description: ID defines resourceID for diskEncryptionSet
resource. It must be in the same subscription
type: string
type: object
storageAccountType:
type: string
required:
- storageAccountType
type: object
osType:
type: string
required:
- diskSizeGB
- managedDisk
- osType
type: object
providerID:
description: ProviderID is the unique identifier as specified by the
cloud provider.
type: string
roleAssignmentName:
description: RoleAssignmentName is the name of the role assignment
to create for a system assigned identity. It can be any valid GUID.
If not specified, a random GUID will be generated.
type: string
securityProfile:
description: SecurityProfile specifies the Security profile settings
for a virtual machine.
properties:
encryptionAtHost:
description: This field indicates whether Host Encryption should
be enabled or disabled for a virtual machine or virtual machine
scale set. Default is disabled.
type: boolean
type: object
spotVMOptions:
description: SpotVMOptions allows the ability to specify the Machine
should use a Spot VM.
properties:
maxPrice:
anyOf:
- type: integer
- type: string
description: MaxPrice defines the maximum price the user is willing
to pay for Spot VM instances
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
sshPublicKey:
type: string
userAssignedIdentities:
description: UserAssignedIdentities is a list of standalone Azure
identities provided by the user The lifecycle of a user-assigned
identity is managed separately from the lifecycle of the AzureMachine.
See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli
items:
description: UserAssignedIdentity defines the user-assigned identities
provided by the user to be assigned to Azure resources.
properties:
providerID:
description: 'ProviderID is the identification ID of the user-assigned
Identity, the format of an identity is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'''
type: string
required:
- providerID
type: object
type: array
vmSize:
type: string
required:
- location
- osDisk
- sshPublicKey
- vmSize
type: object
status:
description: AzureMachineStatus defines the observed state of AzureMachine.
properties:
addresses:
description: Addresses contains the Azure instance associated addresses.
items:
description: NodeAddress contains information for the node's address.
properties:
address:
description: The node address.
type: string
type:
description: Node address type, one of Hostname, ExternalIP
or InternalIP.
type: string
required:
- address
- type
type: object
type: array
conditions:
description: Conditions defines current service state of the AzureMachine.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another. This should be when the underlying condition changed.
If that is not known, then using the time when the API field
changed is acceptable.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition. This field may be empty.
type: string
reason:
description: The reason for the condition's last transition
in CamelCase. The specific API may choose whether or not this
field is considered a guaranteed API. This field may not be
empty.
type: string
severity:
description: Severity provides an explicit classification of
Reason code, so the users or machines can immediately understand
the current situation and act accordingly. The Severity field
MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important.
type: string
required:
- status
- type
type: object
type: array
failureMessage:
description: "ErrorMessage will be set in the event that there is
a terminal problem reconciling the Machine and will contain a more
verbose string suitable for logging and human consumption. \n This
field should not be set for transitive errors that a controller
faces that are expected to be fixed automatically over time (like
service outages), but instead indicate that something is fundamentally
wrong with the Machine's spec or the configuration of the controller,
and that manual intervention is required. Examples of terminal errors
would be invalid combinations of settings in the spec, values that
are unsupported by the controller, or the responsible controller
itself being critically misconfigured. \n Any transient errors that
occur during the reconciliation of Machines can be added as events
to the Machine object and/or logged in the controller's output."
type: string
failureReason:
description: "ErrorReason will be set in the event that there is a
terminal problem reconciling the Machine and will contain a succinct
value suitable for machine interpretation. \n This field should
not be set for transitive errors that a controller faces that are
expected to be fixed automatically over time (like service outages),
but instead indicate that something is fundamentally wrong with
the Machine's spec or the configuration of the controller, and that
manual intervention is required. Examples of terminal errors would
be invalid combinations of settings in the spec, values that are
unsupported by the controller, or the responsible controller itself
being critically misconfigured. \n Any transient errors that occur
during the reconciliation of Machines can be added as events to
the Machine object and/or logged in the controller's output."
type: string
ready:
description: Ready is true when the provider resource is ready.
type: boolean
vmState:
description: VMState is the provisioning state of the Azure virtual
machine.
type: string
type: object
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- description: AzureMachine ready status
jsonPath: .status.ready
name: Ready
type: string
- description: Azure VM provisioning state
jsonPath: .status.vmState
name: State
type: string
- description: Cluster to which this AzureMachine belongs
jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
name: Cluster
priority: 1
type: string
- description: Machine object to which this AzureMachine belongs
jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
name: Machine
priority: 1
type: string
- description: Azure VM ID
jsonPath: .spec.providerID
name: VM ID
priority: 1
type: string
- description: Azure VM Size
jsonPath: .spec.vmSize
name: VM Size
priority: 1
type: string
name: v1alpha4
schema:
openAPIV3Schema:
description: AzureMachine is the Schema for the azuremachines API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureMachineSpec defines the desired state of AzureMachine.
properties:
acceleratedNetworking:
description: AcceleratedNetworking enables or disables Azure accelerated
networking. If omitted, it will be set based on whether the requested
VMSize supports accelerated networking. If AcceleratedNetworking
is set to true with a VMSize that does not support it, Azure will
return an error.
type: boolean
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to add to an
instance, in addition to the ones added by default by the Azure
provider. If both the AzureCluster and the AzureMachine specify
the same tag name with different values, the AzureMachine's value
takes precedence.
type: object
allocatePublicIP:
description: AllocatePublicIP allows the ability to create dynamic
public ips for machines where this value is true.
type: boolean
dataDisks:
description: DataDisk specifies the parameters that are used to add
one or more data disks to the machine
items:
description: DataDisk specifies the parameters that are used to
add one or more data disks to the machine.
properties:
cachingType:
description: CachingType specifies the caching requirements.
enum:
- None
- ReadOnly
- ReadWrite
type: string
diskSizeGB:
description: DiskSizeGB is the size in GB to assign to the data
disk.
format: int32
type: integer
lun:
description: Lun Specifies the logical unit number of the data
disk. This value is used to identify data disks within the
VM and therefore must be unique for each data disk attached
to a VM. The value must be between 0 and 63.
format: int32
type: integer
managedDisk:
description: ManagedDisk specifies the Managed Disk parameters
for the data disk.
properties:
diskEncryptionSet:
description: DiskEncryptionSetParameters defines disk encryption
options.
properties:
id:
description: ID defines resourceID for diskEncryptionSet
resource. It must be in the same subscription
type: string
type: object
storageAccountType:
type: string
type: object
nameSuffix:
description: NameSuffix is the suffix to be appended to the
machine name to generate the disk name. Each disk name will
be in format <machineName>_<nameSuffix>.
type: string
required:
- diskSizeGB
- nameSuffix
type: object
type: array
enableIPForwarding:
description: EnableIPForwarding enables IP Forwarding in Azure which
is required for some CNI's to send traffic from a pods on one machine
to another. This is required for IpV6 with Calico in combination
with User Defined Routes (set by the Azure Cloud Controller manager).
Default is false for disabled.
type: boolean
failureDomain:
description: FailureDomain is the failure domain unique identifier
this Machine should be attached to, as defined in Cluster API. This
relates to an Azure Availability Zone
type: string
identity:
default: None
description: Identity is the type of identity used for the virtual
machine. The type 'SystemAssigned' is an implicitly created identity.
The generated identity will be assigned a Subscription contributor
role. The type 'UserAssigned' is a standalone Azure resource provided
by the user and assigned to the VM
enum:
- None
- SystemAssigned
- UserAssigned
type: string
image:
description: Image is used to provide details of an image to use during
VM creation. If image details are omitted the image will default
the Azure Marketplace "capi" offer, which is based on Ubuntu.
properties:
id:
description: ID specifies an image to use by ID
type: string
marketplace:
description: Marketplace specifies an image to use from the Azure
Marketplace
properties:
offer:
description: Offer specifies the name of a group of related
images created by the publisher. For example, UbuntuServer,
WindowsServer
minLength: 1
type: string
publisher:
description: Publisher is the name of the organization that
created the image
minLength: 1
type: string
sku:
description: SKU specifies an instance of an offer, such as
a major release of a distribution. For example, 18.04-LTS,
2019-Datacenter
minLength: 1
type: string
thirdPartyImage:
default: false
description: ThirdPartyImage indicates the image is published
by a third party publisher and a Plan will be generated
for it.
type: boolean
version:
description: Version specifies the version of an image sku.
The allowed formats are Major.Minor.Build or 'latest'. Major,
Minor, and Build are decimal numbers. Specify 'latest' to
use the latest version of an image available at deploy time.
Even if you use 'latest', the VM image will not automatically
update after deploy time even if a new version becomes available.
minLength: 1
type: string
required:
- offer
- publisher
- sku
- version
type: object
sharedGallery:
description: SharedGallery specifies an image to use from an Azure
Shared Image Gallery
properties:
gallery:
description: Gallery specifies the name of the shared image
gallery that contains the image
minLength: 1
type: string
name:
description: Name is the name of the image
minLength: 1
type: string
offer:
description: Offer specifies the name of a group of related
images created by the publisher. For example, UbuntuServer,
WindowsServer This value will be used to add a `Plan` in
the API request when creating the VM/VMSS resource. This
is needed when the source image from which this SIG image
was built requires the `Plan` to be used.
type: string
publisher:
description: Publisher is the name of the organization that
created the image. This value will be used to add a `Plan`
in the API request when creating the VM/VMSS resource. This
is needed when the source image from which this SIG image
was built requires the `Plan` to be used.
type: string
resourceGroup:
description: ResourceGroup specifies the resource group containing
the shared image gallery
minLength: 1
type: string
sku:
description: SKU specifies an instance of an offer, such as
a major release of a distribution. For example, 18.04-LTS,
2019-Datacenter This value will be used to add a `Plan`
in the API request when creating the VM/VMSS resource. This
is needed when the source image from which this SIG image
was built requires the `Plan` to be used.
type: string
subscriptionID:
description: SubscriptionID is the identifier of the subscription
that contains the shared image gallery
minLength: 1
type: string
version:
description: Version specifies the version of the marketplace
image. The allowed formats are Major.Minor.Build or 'latest'.
Major, Minor, and Build are decimal numbers. Specify 'latest'
to use the latest version of an image available at deploy
time. Even if you use 'latest', the VM image will not automatically
update after deploy time even if a new version becomes available.
minLength: 1
type: string
required:
- gallery
- name
- resourceGroup
- subscriptionID
- version
type: object
type: object
osDisk:
description: OSDisk specifies the parameters for the operating system
disk of the machine
properties:
cachingType:
description: CachingType specifies the caching requirements.
enum:
- None
- ReadOnly
- ReadWrite
type: string
diffDiskSettings:
description: DiffDiskSettings describe ephemeral disk settings
for the os disk.
properties:
option:
description: Option enables ephemeral OS when set to "Local"
See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks
for full details
enum:
- Local
type: string
required:
- option
type: object
diskSizeGB:
description: DiskSizeGB is the size in GB to assign to the OS
disk. Will have a default of 30GB if not provided
format: int32
type: integer
managedDisk:
description: ManagedDisk specifies the Managed Disk parameters
for the OS disk.
properties:
diskEncryptionSet:
description: DiskEncryptionSetParameters defines disk encryption
options.
properties:
id:
description: ID defines resourceID for diskEncryptionSet
resource. It must be in the same subscription
type: string
type: object
storageAccountType:
type: string
type: object
osType:
type: string
required:
- osType
type: object
providerID:
description: ProviderID is the unique identifier as specified by the
cloud provider.
type: string
roleAssignmentName:
description: RoleAssignmentName is the name of the role assignment
to create for a system assigned identity. It can be any valid GUID.
If not specified, a random GUID will be generated.
type: string
securityProfile:
description: SecurityProfile specifies the Security profile settings
for a virtual machine.
properties:
encryptionAtHost:
description: This field indicates whether Host Encryption should
be enabled or disabled for a virtual machine or virtual machine
scale set. Default is disabled.
type: boolean
type: object
spotVMOptions:
description: SpotVMOptions allows the ability to specify the Machine
should use a Spot VM
properties:
maxPrice:
anyOf:
- type: integer
- type: string
description: MaxPrice defines the maximum price the user is willing
to pay for Spot VM instances
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
sshPublicKey:
type: string
subnetName:
description: SubnetName selects the Subnet where the VM will be placed
type: string
userAssignedIdentities:
description: UserAssignedIdentities is a list of standalone Azure
identities provided by the user The lifecycle of a user-assigned
identity is managed separately from the lifecycle of the AzureMachine.
See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli
items:
description: UserAssignedIdentity defines the user-assigned identities
provided by the user to be assigned to Azure resources.
properties:
providerID:
description: 'ProviderID is the identification ID of the user-assigned
Identity, the format of an identity is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'''
type: string
required:
- providerID
type: object
type: array
vmSize:
type: string
required:
- osDisk
- sshPublicKey
- vmSize
type: object
status:
description: AzureMachineStatus defines the observed state of AzureMachine.
properties:
addresses:
description: Addresses contains the Azure instance associated addresses.
items:
description: NodeAddress contains information for the node's address.
properties:
address:
description: The node address.
type: string
type:
description: Node address type, one of Hostname, ExternalIP
or InternalIP.
type: string
required:
- address
- type
type: object
type: array
conditions:
description: Conditions defines current service state of the AzureMachine.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another. This should be when the underlying condition changed.
If that is not known, then using the time when the API field
changed is acceptable.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition. This field may be empty.
type: string
reason:
description: The reason for the condition's last transition
in CamelCase. The specific API may choose whether or not this
field is considered a guaranteed API. This field may not be
empty.
type: string
severity:
description: Severity provides an explicit classification of
Reason code, so the users or machines can immediately understand
the current situation and act accordingly. The Severity field
MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important.
type: string
required:
- status
- type
type: object
type: array
failureMessage:
description: "ErrorMessage will be set in the event that there is
a terminal problem reconciling the Machine and will contain a more
verbose string suitable for logging and human consumption. \n This
field should not be set for transitive errors that a controller
faces that are expected to be fixed automatically over time (like
service outages), but instead indicate that something is fundamentally
wrong with the Machine's spec or the configuration of the controller,
and that manual intervention is required. Examples of terminal errors
would be invalid combinations of settings in the spec, values that
are unsupported by the controller, or the responsible controller
itself being critically misconfigured. \n Any transient errors that
occur during the reconciliation of Machines can be added as events
to the Machine object and/or logged in the controller's output."
type: string
failureReason:
description: "ErrorReason will be set in the event that there is a
terminal problem reconciling the Machine and will contain a succinct
value suitable for machine interpretation. \n This field should
not be set for transitive errors that a controller faces that are
expected to be fixed automatically over time (like service outages),
but instead indicate that something is fundamentally wrong with
the Machine's spec or the configuration of the controller, and that
manual intervention is required. Examples of terminal errors would
be invalid combinations of settings in the spec, values that are
unsupported by the controller, or the responsible controller itself
being critically misconfigured. \n Any transient errors that occur
during the reconciliation of Machines can be added as events to
the Machine object and/or logged in the controller's output."
type: string
ready:
description: Ready is true when the provider resource is ready.
type: boolean
vmState:
description: VMState is the provisioning state of the Azure virtual
machine.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,749 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.1
creationTimestamp: null
name: azuremachinetemplates.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureMachineTemplate
listKind: AzureMachineTemplateList
plural: azuremachinetemplates
singular: azuremachinetemplate
scope: Namespaced
versions:
- name: v1alpha3
schema:
openAPIV3Schema:
description: AzureMachineTemplate is the Schema for the azuremachinetemplates
API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureMachineTemplateSpec defines the desired state of AzureMachineTemplate.
properties:
template:
description: AzureMachineTemplateResource describes the data needed
to create an AzureMachine from a template.
properties:
spec:
description: Spec is the specification of the desired behavior
of the machine.
properties:
acceleratedNetworking:
description: AcceleratedNetworking enables or disables Azure
accelerated networking. If omitted, it will be set based
on whether the requested VMSize supports accelerated networking.
If AcceleratedNetworking is set to true with a VMSize that
does not support it, Azure will return an error.
type: boolean
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to
add to an instance, in addition to the ones added by default
by the Azure provider. If both the AzureCluster and the
AzureMachine specify the same tag name with different values,
the AzureMachine's value takes precedence.
type: object
allocatePublicIP:
description: AllocatePublicIP allows the ability to create
dynamic public ips for machines where this value is true.
type: boolean
availabilityZone:
description: 'DEPRECATED: use FailureDomain instead'
properties:
enabled:
type: boolean
id:
type: string
type: object
dataDisks:
description: DataDisk specifies the parameters that are used
to add one or more data disks to the machine
items:
description: DataDisk specifies the parameters that are
used to add one or more data disks to the machine.
properties:
cachingType:
type: string
diskSizeGB:
description: DiskSizeGB is the size in GB to assign
to the data disk.
format: int32
type: integer
lun:
description: Lun Specifies the logical unit number of
the data disk. This value is used to identify data
disks within the VM and therefore must be unique for
each data disk attached to a VM. The value must be
between 0 and 63.
format: int32
type: integer
managedDisk:
description: ManagedDisk defines the managed disk options
for a VM.
properties:
diskEncryptionSet:
description: DiskEncryptionSetParameters defines
disk encryption options.
properties:
id:
description: ID defines resourceID for diskEncryptionSet
resource. It must be in the same subscription
type: string
type: object
storageAccountType:
type: string
required:
- storageAccountType
type: object
nameSuffix:
description: NameSuffix is the suffix to be appended
to the machine name to generate the disk name. Each
disk name will be in format <machineName>_<nameSuffix>.
type: string
required:
- diskSizeGB
- nameSuffix
type: object
type: array
enableIPForwarding:
description: EnableIPForwarding enables IP Forwarding in Azure
which is required for some CNI's to send traffic from a
pods on one machine to another. This is required for IpV6
with Calico in combination with User Defined Routes (set
by the Azure Cloud Controller manager). Default is false
for disabled.
type: boolean
failureDomain:
description: FailureDomain is the failure domain unique identifier
this Machine should be attached to, as defined in Cluster
API. This relates to an Azure Availability Zone
type: string
identity:
default: None
description: Identity is the type of identity used for the
virtual machine. The type 'SystemAssigned' is an implicitly
created identity. The generated identity will be assigned
a Subscription contributor role. The type 'UserAssigned'
is a standalone Azure resource provided by the user and
assigned to the VM
enum:
- None
- SystemAssigned
- UserAssigned
type: string
image:
description: Image is used to provide details of an image
to use during VM creation. If image details are omitted
the image will default the Azure Marketplace "capi" offer,
which is based on Ubuntu.
properties:
id:
description: ID specifies an image to use by ID
type: string
marketplace:
description: Marketplace specifies an image to use from
the Azure Marketplace
properties:
offer:
description: Offer specifies the name of a group of
related images created by the publisher. For example,
UbuntuServer, WindowsServer
minLength: 1
type: string
publisher:
description: Publisher is the name of the organization
that created the image
minLength: 1
type: string
sku:
description: SKU specifies an instance of an offer,
such as a major release of a distribution. For example,
18.04-LTS, 2019-Datacenter
minLength: 1
type: string
thirdPartyImage:
default: false
description: ThirdPartyImage indicates the image is
published by a third party publisher and a Plan
will be generated for it.
type: boolean
version:
description: Version specifies the version of an image
sku. The allowed formats are Major.Minor.Build or
'latest'. Major, Minor, and Build are decimal numbers.
Specify 'latest' to use the latest version of an
image available at deploy time. Even if you use
'latest', the VM image will not automatically update
after deploy time even if a new version becomes
available.
minLength: 1
type: string
required:
- offer
- publisher
- sku
- version
type: object
sharedGallery:
description: SharedGallery specifies an image to use from
an Azure Shared Image Gallery
properties:
gallery:
description: Gallery specifies the name of the shared
image gallery that contains the image
minLength: 1
type: string
name:
description: Name is the name of the image
minLength: 1
type: string
resourceGroup:
description: ResourceGroup specifies the resource
group containing the shared image gallery
minLength: 1
type: string
subscriptionID:
description: SubscriptionID is the identifier of the
subscription that contains the shared image gallery
minLength: 1
type: string
version:
description: Version specifies the version of the
marketplace image. The allowed formats are Major.Minor.Build
or 'latest'. Major, Minor, and Build are decimal
numbers. Specify 'latest' to use the latest version
of an image available at deploy time. Even if you
use 'latest', the VM image will not automatically
update after deploy time even if a new version becomes
available.
minLength: 1
type: string
required:
- gallery
- name
- resourceGroup
- subscriptionID
- version
type: object
type: object
location:
description: 'DEPRECATED: to support old clients, will be
removed in v1alpha4'
type: string
osDisk:
description: OSDisk specifies the parameters for the operating
system disk of the machine
properties:
cachingType:
type: string
diffDiskSettings:
description: DiffDiskSettings describe ephemeral disk
settings for the os disk.
properties:
option:
description: Option enables ephemeral OS when set
to "Local" See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks
for full details
enum:
- Local
type: string
required:
- option
type: object
diskSizeGB:
format: int32
type: integer
managedDisk:
description: ManagedDisk defines the managed disk options
for a VM.
properties:
diskEncryptionSet:
description: DiskEncryptionSetParameters defines disk
encryption options.
properties:
id:
description: ID defines resourceID for diskEncryptionSet
resource. It must be in the same subscription
type: string
type: object
storageAccountType:
type: string
required:
- storageAccountType
type: object
osType:
type: string
required:
- diskSizeGB
- managedDisk
- osType
type: object
providerID:
description: ProviderID is the unique identifier as specified
by the cloud provider.
type: string
roleAssignmentName:
description: RoleAssignmentName is the name of the role assignment
to create for a system assigned identity. It can be any
valid GUID. If not specified, a random GUID will be generated.
type: string
securityProfile:
description: SecurityProfile specifies the Security profile
settings for a virtual machine.
properties:
encryptionAtHost:
description: This field indicates whether Host Encryption
should be enabled or disabled for a virtual machine
or virtual machine scale set. Default is disabled.
type: boolean
type: object
spotVMOptions:
description: SpotVMOptions allows the ability to specify the
Machine should use a Spot VM.
properties:
maxPrice:
anyOf:
- type: integer
- type: string
description: MaxPrice defines the maximum price the user
is willing to pay for Spot VM instances
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
sshPublicKey:
type: string
userAssignedIdentities:
description: UserAssignedIdentities is a list of standalone
Azure identities provided by the user The lifecycle of a
user-assigned identity is managed separately from the lifecycle
of the AzureMachine. See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli
items:
description: UserAssignedIdentity defines the user-assigned
identities provided by the user to be assigned to Azure
resources.
properties:
providerID:
description: 'ProviderID is the identification ID of
the user-assigned Identity, the format of an identity
is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'''
type: string
required:
- providerID
type: object
type: array
vmSize:
type: string
required:
- location
- osDisk
- sshPublicKey
- vmSize
type: object
required:
- spec
type: object
required:
- template
type: object
type: object
served: true
storage: false
- name: v1alpha4
schema:
openAPIV3Schema:
description: AzureMachineTemplate is the Schema for the azuremachinetemplates
API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureMachineTemplateSpec defines the desired state of AzureMachineTemplate.
properties:
template:
description: AzureMachineTemplateResource describes the data needed
to create an AzureMachine from a template.
properties:
spec:
description: Spec is the specification of the desired behavior
of the machine.
properties:
acceleratedNetworking:
description: AcceleratedNetworking enables or disables Azure
accelerated networking. If omitted, it will be set based
on whether the requested VMSize supports accelerated networking.
If AcceleratedNetworking is set to true with a VMSize that
does not support it, Azure will return an error.
type: boolean
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to
add to an instance, in addition to the ones added by default
by the Azure provider. If both the AzureCluster and the
AzureMachine specify the same tag name with different values,
the AzureMachine's value takes precedence.
type: object
allocatePublicIP:
description: AllocatePublicIP allows the ability to create
dynamic public ips for machines where this value is true.
type: boolean
dataDisks:
description: DataDisk specifies the parameters that are used
to add one or more data disks to the machine
items:
description: DataDisk specifies the parameters that are
used to add one or more data disks to the machine.
properties:
cachingType:
description: CachingType specifies the caching requirements.
enum:
- None
- ReadOnly
- ReadWrite
type: string
diskSizeGB:
description: DiskSizeGB is the size in GB to assign
to the data disk.
format: int32
type: integer
lun:
description: Lun Specifies the logical unit number of
the data disk. This value is used to identify data
disks within the VM and therefore must be unique for
each data disk attached to a VM. The value must be
between 0 and 63.
format: int32
type: integer
managedDisk:
description: ManagedDisk specifies the Managed Disk
parameters for the data disk.
properties:
diskEncryptionSet:
description: DiskEncryptionSetParameters defines
disk encryption options.
properties:
id:
description: ID defines resourceID for diskEncryptionSet
resource. It must be in the same subscription
type: string
type: object
storageAccountType:
type: string
type: object
nameSuffix:
description: NameSuffix is the suffix to be appended
to the machine name to generate the disk name. Each
disk name will be in format <machineName>_<nameSuffix>.
type: string
required:
- diskSizeGB
- nameSuffix
type: object
type: array
enableIPForwarding:
description: EnableIPForwarding enables IP Forwarding in Azure
which is required for some CNI's to send traffic from a
pods on one machine to another. This is required for IpV6
with Calico in combination with User Defined Routes (set
by the Azure Cloud Controller manager). Default is false
for disabled.
type: boolean
failureDomain:
description: FailureDomain is the failure domain unique identifier
this Machine should be attached to, as defined in Cluster
API. This relates to an Azure Availability Zone
type: string
identity:
default: None
description: Identity is the type of identity used for the
virtual machine. The type 'SystemAssigned' is an implicitly
created identity. The generated identity will be assigned
a Subscription contributor role. The type 'UserAssigned'
is a standalone Azure resource provided by the user and
assigned to the VM
enum:
- None
- SystemAssigned
- UserAssigned
type: string
image:
description: Image is used to provide details of an image
to use during VM creation. If image details are omitted
the image will default the Azure Marketplace "capi" offer,
which is based on Ubuntu.
properties:
id:
description: ID specifies an image to use by ID
type: string
marketplace:
description: Marketplace specifies an image to use from
the Azure Marketplace
properties:
offer:
description: Offer specifies the name of a group of
related images created by the publisher. For example,
UbuntuServer, WindowsServer
minLength: 1
type: string
publisher:
description: Publisher is the name of the organization
that created the image
minLength: 1
type: string
sku:
description: SKU specifies an instance of an offer,
such as a major release of a distribution. For example,
18.04-LTS, 2019-Datacenter
minLength: 1
type: string
thirdPartyImage:
default: false
description: ThirdPartyImage indicates the image is
published by a third party publisher and a Plan
will be generated for it.
type: boolean
version:
description: Version specifies the version of an image
sku. The allowed formats are Major.Minor.Build or
'latest'. Major, Minor, and Build are decimal numbers.
Specify 'latest' to use the latest version of an
image available at deploy time. Even if you use
'latest', the VM image will not automatically update
after deploy time even if a new version becomes
available.
minLength: 1
type: string
required:
- offer
- publisher
- sku
- version
type: object
sharedGallery:
description: SharedGallery specifies an image to use from
an Azure Shared Image Gallery
properties:
gallery:
description: Gallery specifies the name of the shared
image gallery that contains the image
minLength: 1
type: string
name:
description: Name is the name of the image
minLength: 1
type: string
offer:
description: Offer specifies the name of a group of
related images created by the publisher. For example,
UbuntuServer, WindowsServer This value will be used
to add a `Plan` in the API request when creating
the VM/VMSS resource. This is needed when the source
image from which this SIG image was built requires
the `Plan` to be used.
type: string
publisher:
description: Publisher is the name of the organization
that created the image. This value will be used
to add a `Plan` in the API request when creating
the VM/VMSS resource. This is needed when the source
image from which this SIG image was built requires
the `Plan` to be used.
type: string
resourceGroup:
description: ResourceGroup specifies the resource
group containing the shared image gallery
minLength: 1
type: string
sku:
description: SKU specifies an instance of an offer,
such as a major release of a distribution. For example,
18.04-LTS, 2019-Datacenter This value will be used
to add a `Plan` in the API request when creating
the VM/VMSS resource. This is needed when the source
image from which this SIG image was built requires
the `Plan` to be used.
type: string
subscriptionID:
description: SubscriptionID is the identifier of the
subscription that contains the shared image gallery
minLength: 1
type: string
version:
description: Version specifies the version of the
marketplace image. The allowed formats are Major.Minor.Build
or 'latest'. Major, Minor, and Build are decimal
numbers. Specify 'latest' to use the latest version
of an image available at deploy time. Even if you
use 'latest', the VM image will not automatically
update after deploy time even if a new version becomes
available.
minLength: 1
type: string
required:
- gallery
- name
- resourceGroup
- subscriptionID
- version
type: object
type: object
osDisk:
description: OSDisk specifies the parameters for the operating
system disk of the machine
properties:
cachingType:
description: CachingType specifies the caching requirements.
enum:
- None
- ReadOnly
- ReadWrite
type: string
diffDiskSettings:
description: DiffDiskSettings describe ephemeral disk
settings for the os disk.
properties:
option:
description: Option enables ephemeral OS when set
to "Local" See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks
for full details
enum:
- Local
type: string
required:
- option
type: object
diskSizeGB:
description: DiskSizeGB is the size in GB to assign to
the OS disk. Will have a default of 30GB if not provided
format: int32
type: integer
managedDisk:
description: ManagedDisk specifies the Managed Disk parameters
for the OS disk.
properties:
diskEncryptionSet:
description: DiskEncryptionSetParameters defines disk
encryption options.
properties:
id:
description: ID defines resourceID for diskEncryptionSet
resource. It must be in the same subscription
type: string
type: object
storageAccountType:
type: string
type: object
osType:
type: string
required:
- osType
type: object
providerID:
description: ProviderID is the unique identifier as specified
by the cloud provider.
type: string
roleAssignmentName:
description: RoleAssignmentName is the name of the role assignment
to create for a system assigned identity. It can be any
valid GUID. If not specified, a random GUID will be generated.
type: string
securityProfile:
description: SecurityProfile specifies the Security profile
settings for a virtual machine.
properties:
encryptionAtHost:
description: This field indicates whether Host Encryption
should be enabled or disabled for a virtual machine
or virtual machine scale set. Default is disabled.
type: boolean
type: object
spotVMOptions:
description: SpotVMOptions allows the ability to specify the
Machine should use a Spot VM
properties:
maxPrice:
anyOf:
- type: integer
- type: string
description: MaxPrice defines the maximum price the user
is willing to pay for Spot VM instances
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
sshPublicKey:
type: string
subnetName:
description: SubnetName selects the Subnet where the VM will
be placed
type: string
userAssignedIdentities:
description: UserAssignedIdentities is a list of standalone
Azure identities provided by the user The lifecycle of a
user-assigned identity is managed separately from the lifecycle
of the AzureMachine. See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli
items:
description: UserAssignedIdentity defines the user-assigned
identities provided by the user to be assigned to Azure
resources.
properties:
providerID:
description: 'ProviderID is the identification ID of
the user-assigned Identity, the format of an identity
is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'''
type: string
required:
- providerID
type: object
type: array
vmSize:
type: string
required:
- osDisk
- sshPublicKey
- vmSize
type: object
required:
- spec
type: object
required:
- template
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,126 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.1
creationTimestamp: null
name: azuremanagedclusters.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureManagedCluster
listKind: AzureManagedClusterList
plural: azuremanagedclusters
shortNames:
- amc
singular: azuremanagedcluster
scope: Namespaced
versions:
- name: v1alpha3
schema:
openAPIV3Schema:
description: AzureManagedCluster is the Schema for the azuremanagedclusters
API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureManagedClusterSpec defines the desired state of AzureManagedCluster.
properties:
controlPlaneEndpoint:
description: ControlPlaneEndpoint represents the endpoint used to
communicate with the control plane.
properties:
host:
description: The hostname on which the API server is serving.
type: string
port:
description: The port on which the API server is serving.
format: int32
type: integer
required:
- host
- port
type: object
type: object
status:
description: AzureManagedClusterStatus defines the observed state of AzureManagedCluster.
properties:
ready:
description: Ready is true when the provider resource is ready.
type: boolean
type: object
type: object
served: true
storage: false
subresources:
status: {}
- name: v1alpha4
schema:
openAPIV3Schema:
description: AzureManagedCluster is the Schema for the azuremanagedclusters
API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureManagedClusterSpec defines the desired state of AzureManagedCluster.
properties:
controlPlaneEndpoint:
description: ControlPlaneEndpoint represents the endpoint used to
communicate with the control plane.
properties:
host:
description: The hostname on which the API server is serving.
type: string
port:
description: The port on which the API server is serving.
format: int32
type: integer
required:
- host
- port
type: object
type: object
status:
description: AzureManagedClusterStatus defines the observed state of AzureManagedCluster.
properties:
ready:
description: Ready is true when the provider resource is ready.
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,384 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.1
creationTimestamp: null
name: azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureManagedControlPlane
listKind: AzureManagedControlPlaneList
plural: azuremanagedcontrolplanes
shortNames:
- amcp
singular: azuremanagedcontrolplane
scope: Namespaced
versions:
- name: v1alpha3
schema:
openAPIV3Schema:
description: AzureManagedControlPlane is the Schema for the azuremanagedcontrolplanes
API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureManagedControlPlaneSpec defines the desired state of
AzureManagedControlPlane.
properties:
aadProfile:
description: AadProfile is Azure Active Directory configuration to
integrate with AKS for aad authentication.
properties:
adminGroupObjectIDs:
description: AdminGroupObjectIDs - AAD group object IDs that will
have admin role of the cluster.
items:
type: string
type: array
managed:
description: Managed - Whether to enable managed AAD.
type: boolean
required:
- adminGroupObjectIDs
- managed
type: object
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to add to Azure
resources managed by the Azure provider, in addition to the ones
added by default.
type: object
controlPlaneEndpoint:
description: ControlPlaneEndpoint represents the endpoint used to
communicate with the control plane.
properties:
host:
description: The hostname on which the API server is serving.
type: string
port:
description: The port on which the API server is serving.
format: int32
type: integer
required:
- host
- port
type: object
dnsServiceIP:
description: DNSServiceIP is an IP address assigned to the Kubernetes
DNS service. It must be within the Kubernetes service address range
specified in serviceCidr.
type: string
loadBalancerSKU:
description: LoadBalancerSKU is the SKU of the loadBalancer to be
provisioned.
enum:
- Basic
- Standard
type: string
location:
description: 'Location is a string matching one of the canonical Azure
region names. Examples: "westus2", "eastus".'
type: string
networkPlugin:
description: NetworkPlugin used for building Kubernetes network.
enum:
- azure
- kubenet
type: string
networkPolicy:
description: NetworkPolicy used for building Kubernetes network.
enum:
- azure
- calico
type: string
nodeResourceGroupName:
description: NodeResourceGroupName is the name of the resource group
containining cluster IaaS resources. Will be populated to default
in webhook.
type: string
resourceGroupName:
description: ResourceGroupName is the name of the Azure resource group
for this AKS Cluster.
type: string
sshPublicKey:
description: SSHPublicKey is a string literal containing an ssh public
key base64 encoded.
type: string
subscriptionID:
description: SubscriotionID is the GUID of the Azure subscription
to hold this cluster.
type: string
version:
description: Version defines the desired Kubernetes version.
minLength: 2
type: string
virtualNetwork:
description: VirtualNetwork describes the vnet for the AKS cluster.
Will be created if it does not exist.
properties:
cidrBlock:
type: string
name:
type: string
subnet:
description: ManagedControlPlaneSubnet describes a subnet for
an AKS cluster.
properties:
cidrBlock:
type: string
name:
type: string
required:
- cidrBlock
- name
type: object
required:
- cidrBlock
- name
type: object
required:
- location
- nodeResourceGroupName
- resourceGroupName
- sshPublicKey
- version
type: object
status:
description: AzureManagedControlPlaneStatus defines the observed state
of AzureManagedControlPlane.
properties:
initialized:
description: Initialized is true when the the control plane is available
for initial contact. This may occur before the control plane is
fully ready. In the AzureManagedControlPlane implementation, these
are identical.
type: boolean
ready:
description: Ready is true when the provider resource is ready.
type: boolean
type: object
type: object
served: true
storage: false
subresources:
status: {}
- name: v1alpha4
schema:
openAPIV3Schema:
description: AzureManagedControlPlane is the Schema for the azuremanagedcontrolplanes
API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureManagedControlPlaneSpec defines the desired state of
AzureManagedControlPlane.
properties:
aadProfile:
description: AadProfile is Azure Active Directory configuration to
integrate with AKS for aad authentication.
properties:
adminGroupObjectIDs:
description: AdminGroupObjectIDs - AAD group object IDs that will
have admin role of the cluster.
items:
type: string
type: array
managed:
description: Managed - Whether to enable managed AAD.
type: boolean
required:
- adminGroupObjectIDs
- managed
type: object
additionalTags:
additionalProperties:
type: string
description: AdditionalTags is an optional set of tags to add to Azure
resources managed by the Azure provider, in addition to the ones
added by default.
type: object
controlPlaneEndpoint:
description: ControlPlaneEndpoint represents the endpoint used to
communicate with the control plane.
properties:
host:
description: The hostname on which the API server is serving.
type: string
port:
description: The port on which the API server is serving.
format: int32
type: integer
required:
- host
- port
type: object
dnsServiceIP:
description: DNSServiceIP is an IP address assigned to the Kubernetes
DNS service. It must be within the Kubernetes service address range
specified in serviceCidr.
type: string
identityRef:
description: IdentityRef is a reference to a AzureClusterIdentity
to be used when reconciling this cluster
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead of
an entire object, this string should contain a valid JSON/Go
field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within
a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]"
(container with index 2 in this pod). This syntax is chosen
only to have some well-defined way of referencing a part of
an object. TODO: this design is not final and this field is
subject to change in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
loadBalancerSKU:
description: LoadBalancerSKU is the SKU of the loadBalancer to be
provisioned.
enum:
- Basic
- Standard
type: string
location:
description: 'Location is a string matching one of the canonical Azure
region names. Examples: "westus2", "eastus".'
type: string
networkPlugin:
description: NetworkPlugin used for building Kubernetes network.
enum:
- azure
- kubenet
type: string
networkPolicy:
description: NetworkPolicy used for building Kubernetes network.
enum:
- azure
- calico
type: string
nodeResourceGroupName:
description: NodeResourceGroupName is the name of the resource group
containining cluster IaaS resources. Will be populated to default
in webhook.
type: string
resourceGroupName:
description: ResourceGroupName is the name of the Azure resource group
for this AKS Cluster.
type: string
sshPublicKey:
description: SSHPublicKey is a string literal containing an ssh public
key base64 encoded.
type: string
subscriptionID:
description: SubscriptionID is the GUID of the Azure subscription
to hold this cluster.
type: string
version:
description: Version defines the desired Kubernetes version.
minLength: 2
type: string
virtualNetwork:
description: VirtualNetwork describes the vnet for the AKS cluster.
Will be created if it does not exist.
properties:
cidrBlock:
type: string
name:
type: string
subnet:
description: ManagedControlPlaneSubnet describes a subnet for
an AKS cluster.
properties:
cidrBlock:
type: string
name:
type: string
required:
- cidrBlock
- name
type: object
required:
- cidrBlock
- name
type: object
required:
- location
- resourceGroupName
- sshPublicKey
- version
type: object
status:
description: AzureManagedControlPlaneStatus defines the observed state
of AzureManagedControlPlane.
properties:
initialized:
description: Initialized is true when the the control plane is available
for initial contact. This may occur before the control plane is
fully ready. In the AzureManagedControlPlane implementation, these
are identical.
type: boolean
ready:
description: Ready is true when the provider resource is ready.
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,178 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.1
creationTimestamp: null
name: azuremanagedmachinepools.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureManagedMachinePool
listKind: AzureManagedMachinePoolList
plural: azuremanagedmachinepools
shortNames:
- ammp
singular: azuremanagedmachinepool
scope: Namespaced
versions:
- name: v1alpha3
schema:
openAPIV3Schema:
description: AzureManagedMachinePool is the Schema for the azuremanagedmachinepools
API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureManagedMachinePoolSpec defines the desired state of
AzureManagedMachinePool.
properties:
mode:
description: 'Mode - represents mode of an agent pool. Possible values
include: System, User.'
enum:
- System
- User
type: string
osDiskSizeGB:
description: OSDiskSizeGB is the disk size for every machine in this
agent pool. If you specify 0, it will apply the default osDisk size
according to the vmSize specified.
format: int32
type: integer
providerIDList:
description: ProviderIDList is the unique identifier as specified
by the cloud provider.
items:
type: string
type: array
sku:
description: SKU is the size of the VMs in the node pool.
type: string
required:
- mode
- sku
type: object
status:
description: AzureManagedMachinePoolStatus defines the observed state
of AzureManagedMachinePool.
properties:
errorMessage:
description: Any transient errors that occur during the reconciliation
of Machines can be added as events to the Machine object and/or
logged in the controller's output.
type: string
errorReason:
description: Any transient errors that occur during the reconciliation
of Machines can be added as events to the Machine object and/or
logged in the controller's output.
type: string
ready:
description: Ready is true when the provider resource is ready.
type: boolean
replicas:
description: Replicas is the most recently observed number of replicas.
format: int32
type: integer
type: object
type: object
served: true
storage: false
subresources:
status: {}
- name: v1alpha4
schema:
openAPIV3Schema:
description: AzureManagedMachinePool is the Schema for the azuremanagedmachinepools
API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureManagedMachinePoolSpec defines the desired state of
AzureManagedMachinePool.
properties:
mode:
description: 'Mode - represents mode of an agent pool. Possible values
include: System, User.'
enum:
- System
- User
type: string
osDiskSizeGB:
description: OSDiskSizeGB is the disk size for every machine in this
agent pool. If you specify 0, it will apply the default osDisk size
according to the vmSize specified.
format: int32
type: integer
providerIDList:
description: ProviderIDList is the unique identifier as specified
by the cloud provider.
items:
type: string
type: array
sku:
description: SKU is the size of the VMs in the node pool.
type: string
required:
- mode
- sku
type: object
status:
description: AzureManagedMachinePoolStatus defines the observed state
of AzureManagedMachinePool.
properties:
errorMessage:
description: Any transient errors that occur during the reconciliation
of Machines can be added as events to the Machine object and/or
logged in the controller's output.
type: string
errorReason:
description: Any transient errors that occur during the reconciliation
of Machines can be added as events to the Machine object and/or
logged in the controller's output.
type: string
ready:
description: Ready is true when the provider resource is ready.
type: boolean
replicas:
description: Replicas is the most recently observed number of replicas.
format: int32
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,122 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: azureserviceprincipals.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureServicePrincipal
listKind: AzureServicePrincipalList
plural: azureserviceprincipals
singular: azureserviceprincipal
scope: Namespaced
versions:
- name: v1alpha3
schema:
openAPIV3Schema:
description: AzureServicePrincipal represents a reference to an Azure access
key ID and secret access key, stored in a secret.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec for this AzureServicePrincipalSpec.
properties:
allowedNamespaces:
description: "AllowedNamespaces is a selector of namespaces that AzureClusters
can use this ClusterPrincipal from. This is a standard Kubernetes
LabelSelector, a label query over a set of resources. The result
of matchLabels and matchExpressions are ANDed. Controllers must
not support AzureClusters in namespaces outside this selector. \n
An empty selector (default) indicates that AzureClusters can use
this AzureServicePrincipal from any namespace. This field is intentionally
not a pointer because the nil behavior (no namespaces) is undesirable
here."
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
name:
type: string
secretRef:
description: 'Reference to a secret containing the credentials. The
secret should contain the following data keys: tenantID clientID
clientSecret'
properties:
name:
description: Name is unique within a namespace to reference a
secret resource.
type: string
namespace:
description: Namespace defines the space within which the secret
name must be unique.
type: string
type: object
required:
- name
- secretRef
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,121 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: azuresystemassignedidentites.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureSystemAssignedIdentity
listKind: AzureSystemAssignedIdentityList
plural: azuresystemassignedidentites
singular: azuresystemassignedidentity
scope: Namespaced
versions:
- name: v1alpha3
schema:
openAPIV3Schema:
description: AzureSystemAssignedIdentity represents a reference to an Azure
access key ID and secret access key, stored in a secret.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec for this AzureSystemAssignedIdentitySpec.
properties:
allowedNamespaces:
description: "AllowedNamespaces is a selector of namespaces that AzureClusters
can use this ClusterPrincipal from. This is a standard Kubernetes
LabelSelector, a label query over a set of resources. The result
of matchLabels and matchExpressions are ANDed. Controllers must
not support AzureClusters in namespaces outside this selector. \n
An empty selector (default) indicates that AzureClusters can use
this AzureSystemAssignedIdentity from any namespace. This field
is intentionally not a pointer because the nil behavior (no namespaces)
is undesirable here."
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
name:
type: string
secretRef:
description: 'Reference to a secret containing the credentials. The
secret should contain the following data keys: tenantID'
properties:
name:
description: Name is unique within a namespace to reference a
secret resource.
type: string
namespace:
description: Namespace defines the space within which the secret
name must be unique.
type: string
type: object
required:
- name
- secretRef
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,121 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: azureuserassignedidentites.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: AzureUserAssignedIdentity
listKind: AzureUserAssignedIdentityList
plural: azureuserassignedidentites
singular: azureuserassignedidentity
scope: Namespaced
versions:
- name: v1alpha3
schema:
openAPIV3Schema:
description: AzureUserAssignedIdentity represents a reference to an Azure
access key ID and secret access key, stored in a secret.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec for this AzureUserAssignedIdentitySpec.
properties:
allowedNamespaces:
description: "AllowedNamespaces is a selector of namespaces that AzureClusters
can use this ClusterPrincipal from. This is a standard Kubernetes
LabelSelector, a label query over a set of resources. The result
of matchLabels and matchExpressions are ANDed. Controllers must
not support AzureClusters in namespaces outside this selector. \n
An empty selector (default) indicates that AzureClusters can use
this AzureUserAssignedIdentity from any namespace. This field is
intentionally not a pointer because the nil behavior (no namespaces)
is undesirable here."
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
name:
type: string
secretRef:
description: 'Reference to a secret containing the credentials. The
secret should contain the following data keys: tenantID clientID'
properties:
name:
description: Name is unique within a namespace to reference a
secret resource.
type: string
namespace:
description: Namespace defines the space within which the secret
name must be unique.
type: string
type: object
required:
- name
- secretRef
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,49 @@
# This kustomization.yaml is not intended to be run by itself,
# since it depends on service name and namespace that are out of this kustomize package.
# It should be run by config/
commonLabels:
cluster.x-k8s.io/v1alpha4: v1alpha4
resources:
- bases/infrastructure.cluster.x-k8s.io_azuremachines.yaml
- bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml
- bases/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml
- bases/infrastructure.cluster.x-k8s.io_azureclusteridentities.yaml
- bases/infrastructure.cluster.x-k8s.io_azuremachinepools.yaml
- bases/infrastructure.cluster.x-k8s.io_azuremanagedmachinepools.yaml
- bases/infrastructure.cluster.x-k8s.io_azuremanagedclusters.yaml
- bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml
- bases/infrastructure.cluster.x-k8s.io_azuremachinepoolmachines.yaml
# +kubebuilder:scaffold:crdkustomizeresource
patchesStrategicMerge:
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
# patches here are for enabling the conversion webhook for each CRD
- patches/webhook_in_azuremachines.yaml
- patches/webhook_in_azureclusters.yaml
- patches/webhook_in_azureclusteridentities.yaml
- patches/webhook_in_azuremachinetemplates.yaml
- patches/webhook_in_azuremachinepools.yaml
- patches/webhook_in_azuremachinepoolmachines.yaml
# - patches/webhook_in_azuremanagedmachinepools.yaml
# - patches/webhook_in_azuremanagedclusters.yaml
# - patches/webhook_in_azuremanagedcontrolplanes.yaml
# +kubebuilder:scaffold:crdkustomizewebhookpatch
# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
# patches here are for enabling the CA injection for each CRD
- patches/cainjection_in_azuremachines.yaml
- patches/cainjection_in_azureclusters.yaml
- patches/cainjection_in_azureclusteridentities.yaml
- patches/cainjection_in_azuremachinetemplates.yaml
- patches/cainjection_in_azuremachinepools.yaml
- patches/cainjection_in_azuremachinepoolmachines.yaml
# - patches/cainjection_in_azuremanagedmachinepools.yaml
# - patches/cainjection_in_azuremanagedclusters.yaml
# - patches/cainjection_in_azuremanagedcontrolplanes.yaml
# +kubebuilder:scaffold:crdkustomizecainjectionpatch
# the following config is for teaching kustomize how to do kustomization for CRDs.
configurations:
- kustomizeconfig.yaml

View File

@ -0,0 +1,17 @@
# This file is for teaching kustomize how to substitute name and namespace reference in CRD
nameReference:
- kind: Service
version: v1
fieldSpecs:
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhook/clientConfig/service/name
namespace:
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhook/clientConfig/service/namespace
create: false
varReference:
- path: metadata/annotations

View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azureclusteridentities.infrastructure.cluster.x-k8s.io

View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azureclusters.infrastructure.cluster.x-k8s.io

View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azuremachinepoolmachines.infrastructure.cluster.x-k8s.io

View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azuremachinepools.infrastructure.cluster.x-k8s.io

View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azuremachines.infrastructure.cluster.x-k8s.io

View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azuremachinetemplates.infrastructure.cluster.x-k8s.io

View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azuremanagedclusters.infrastructure.cluster.x-k8s.io

View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io

View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: azuremanagedmachinepools.infrastructure.cluster.x-k8s.io

View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azureclusteridentities.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azureclusters.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azuremachinepoolmachines.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azuremachinepools.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azuremachines.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azuremachinetemplates.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azuremanagedclusters.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: azuremanagedmachinepools.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

View File

@ -0,0 +1,2 @@
resources:
- metadata.yaml

View File

@ -0,0 +1,21 @@
# maps release series of major.minor to cluster-api contract version
# the contract version may change between minor or major versions, but *not*
# between patch versions.
#
# update this file only when a new major or minor version is released
apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3
kind: Metadata
metadata:
name: repository-metadata
labels:
airshipit.org/deploy-k8s: "false"
releaseSeries:
- major: 0
minor: 3
contract: v1alpha2
- major: 0
minor: 4
contract: v1alpha3
- major: 0
minor: 5
contract: v1alpha4

View File

@ -0,0 +1,329 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.kubernetes.io: unapproved
controller-gen.kubebuilder.io/version: v0.5.0
name: azureidentities.aadpodidentity.k8s.io
spec:
group: aadpodidentity.k8s.io
names:
kind: AzureIdentity
listKind: AzureIdentityList
plural: azureidentities
singular: azureidentity
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: AzureIdentity is the specification of the identity data structure.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureIdentitySpec describes the credential specifications of an identity on Azure.
properties:
adEndpoint:
type: string
adResourceID:
description: For service principal. Option param for specifying the AD details.
type: string
auxiliaryTenantIDs:
description: Service principal auxiliary tenant ids
items:
type: string
nullable: true
type: array
clientID:
description: Both User Assigned MSI and SP can use this field.
type: string
clientPassword:
description: Used for service principal
properties:
name:
description: Name is unique within a namespace to reference a secret resource.
type: string
namespace:
description: Namespace defines the space within which the secret name must be unique.
type: string
type: object
metadata:
type: object
replicas:
format: int32
nullable: true
type: integer
resourceID:
description: User assigned MSI resource id.
type: string
tenantID:
description: Service principal primary tenant id.
type: string
type:
description: UserAssignedMSI or Service Principal
type: integer
type: object
status:
description: AzureIdentityStatus contains the replica status of the resource.
properties:
availableReplicas:
format: int32
type: integer
metadata:
type: object
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.kubernetes.io: unapproved
controller-gen.kubebuilder.io/version: v0.5.0
name: azureidentitybindings.aadpodidentity.k8s.io
spec:
group: aadpodidentity.k8s.io
names:
kind: AzureIdentityBinding
listKind: AzureIdentityBindingList
plural: azureidentitybindings
singular: azureidentitybinding
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: AzureIdentityBinding brings together the spec of matching pods and the identity which they can use.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzureIdentityBindingSpec matches the pod with the Identity. Used to indicate the potential matches to look for between the pod/deployment and the identities present.
properties:
azureIdentity:
type: string
metadata:
type: object
selector:
type: string
weight:
description: Weight is used to figure out which of the matching identities would be selected.
type: integer
type: object
status:
description: AzureIdentityBindingStatus contains the status of an AzureIdentityBinding.
properties:
availableReplicas:
format: int32
type: integer
metadata:
type: object
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.kubernetes.io: unapproved
controller-gen.kubebuilder.io/version: v0.5.0
name: azurepodidentityexceptions.aadpodidentity.k8s.io
spec:
group: aadpodidentity.k8s.io
names:
kind: AzurePodIdentityException
listKind: AzurePodIdentityExceptionList
plural: azurepodidentityexceptions
singular: azurepodidentityexception
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: AzurePodIdentityException contains the pod selectors for all pods that don't require NMI to process and request token on their behalf.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AzurePodIdentityExceptionSpec matches pods with the selector defined. If request originates from a pod that matches the selector, nmi will proxy the request and send response back without any validation.
properties:
metadata:
type: object
podLabels:
additionalProperties:
type: string
type: object
type: object
status:
description: AzurePodIdentityExceptionStatus contains the status of an AzurePodIdentityException.
properties:
metadata:
type: object
status:
type: string
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: aad-pod-id-nmi-role
rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
- apiGroups: ["aadpodidentity.k8s.io"]
resources: ["azureidentitybindings", "azureidentities", "azurepodidentityexceptions"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: aad-pod-id-nmi-binding
labels:
k8s-app: capz-aad-pod-id-nmi-binding
subjects:
- kind: ServiceAccount
name: manager
namespace: system
roleRef:
kind: ClusterRole
name: aad-pod-id-nmi-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
component: nmi
tier: node
k8s-app: aad-pod-id
name: nmi
namespace: capz-system
spec:
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
component: nmi
tier: node
template:
metadata:
labels:
component: nmi
tier: node
spec:
serviceAccountName: manager
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
volumes:
- hostPath:
path: /run/xtables.lock
type: FileOrCreate
name: iptableslock
- name: kubelet-config
hostPath:
path: /etc/default/kubelet
type: FileOrCreate
containers:
- name: nmi
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.0"
imagePullPolicy: IfNotPresent
args:
- "--node=$(NODE_NAME)"
- "--operation-mode=managed"
- "--forceNamespaced"
- "--http-probe-port=8085"
env:
- name: FORCENAMESPACED
value: "true"
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: LOG_LEVEL
value: DEBUG
resources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
securityContext:
runAsUser: 0
capabilities:
drop:
- ALL
add:
- DAC_READ_SEARCH
- NET_ADMIN
- NET_RAW
volumeMounts:
- mountPath: /run/xtables.lock
name: iptableslock
- name: kubelet-config
mountPath: /etc/default/kubelet
readOnly: true
livenessProbe:
httpGet:
path: /healthz
port: 8085
initialDelaySeconds: 10
periodSeconds: 5
nodeSelector:
kubernetes.io/os: linux

View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: manager-bootstrap-credentials
namespace: system
type: Opaque
data:
subscription-id: ${AZURE_SUBSCRIPTION_ID_B64:=""}
tenant-id: ${AZURE_TENANT_ID_B64:=""}
client-id: ${AZURE_CLIENT_ID_B64:=""}
client-secret: ${AZURE_CLIENT_SECRET_B64:=""}

View File

@ -0,0 +1,58 @@
namespace: capz-system
namePrefix: capz-
# Labels to add to all resources and selectors.
commonLabels:
cluster.x-k8s.io/provider: "infrastructure-azure"
resources:
- namespace.yaml
- credentials.yaml
- aad-pod-identity-deployment.yaml
bases:
- ../crd
- ../rbac
- ../manager
- ../webhook
- ../certmanager
patchesStrategicMerge:
- manager_image_patch.yaml
- manager_pull_policy.yaml
- manager_auth_proxy_patch.yaml
- manager_credentials_patch.yaml
- manager_webhook_patch.yaml
- webhookcainjection_patch.yaml
vars:
- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
objref:
kind: Certificate
group: cert-manager.io
version: v1
name: serving-cert # this name should match the one in certificate.yaml
fieldref:
fieldpath: metadata.namespace
- name: CERTIFICATE_NAME
objref:
kind: Certificate
group: cert-manager.io
version: v1
name: serving-cert # this name should match the one in certificate.yaml
- name: SERVICE_NAMESPACE # namespace of the service
objref:
kind: Service
version: v1
name: webhook-service
fieldref:
fieldpath: metadata.namespace
- name: SERVICE_NAME
objref:
kind: Service
version: v1
name: webhook-service
configurations:
- kustomizeconfig.yaml

View File

@ -0,0 +1,4 @@
# This configuration is for teaching kustomize how to update name ref and var substitution
varReference:
- kind: Deployment
path: spec/template/spec/volumes/secret/secretName

View File

@ -0,0 +1,21 @@
# This patch inject a sidecar container which is a HTTP proxy for the controller manager,
# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: kube-rbac-proxy
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8443
name: https

View File

@ -0,0 +1,31 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: manager
env:
- name: AZURE_SUBSCRIPTION_ID
valueFrom:
secretKeyRef:
name: manager-bootstrap-credentials
key: subscription-id
- name: AZURE_TENANT_ID
valueFrom:
secretKeyRef:
name: manager-bootstrap-credentials
key: tenant-id
- name: AZURE_CLIENT_ID
valueFrom:
secretKeyRef:
name: manager-bootstrap-credentials
key: client-id
- name: AZURE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: manager-bootstrap-credentials
key: client-secret

View File

@ -0,0 +1,12 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
# Change the value of image field below to your controller image URL
- image: gcr.io/k8s-staging-cluster-api-azure/cluster-api-azure-controller:latest
name: manager

View File

@ -0,0 +1,19 @@
# This patch enables Prometheus scraping for the manager pod.
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
metadata:
annotations:
prometheus.io/scrape: 'true'
spec:
containers:
# Expose the prometheus metrics on default port
- name: manager
ports:
- containerPort: 8080
name: metrics
protocol: TCP

View File

@ -0,0 +1,11 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: manager
imagePullPolicy: Always

View File

@ -0,0 +1,23 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
volumes:
- name: cert
secret:
defaultMode: 420
secretName: $(SERVICE_NAME)-cert

View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: system

View File

@ -0,0 +1,17 @@
# This patch add annotation to admission webhook config and
# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
# uncomment the following lines to enable mutating and validating webhook
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: mutating-webhook-configuration
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: validating-webhook-configuration
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)

View File

@ -0,0 +1,3 @@
resources:
- default
- data

View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- manager.yaml

View File

@ -0,0 +1,61 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
labels:
control-plane: capz-controller-manager
aadpodidbinding: capz-controller-aadpodidentity-selector
spec:
selector:
matchLabels:
control-plane: capz-controller-manager
replicas: 1
template:
metadata:
labels:
control-plane: capz-controller-manager
aadpodidbinding: capz-controller-aadpodidentity-selector
annotations:
kubectl.kubernetes.io/default-logs-container: manager
spec:
containers:
- args:
- --leader-elect
- "--metrics-bind-addr=127.0.0.1:8080"
- "--feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},AKS=${EXP_AKS:=false}"
- "--v=0"
image: controller:latest
imagePullPolicy: Always
name: manager
ports:
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
initialDelaySeconds: 10
periodSeconds: 10
livenessProbe:
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
periodSeconds: 10
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
terminationGracePeriodSeconds: 10
serviceAccountName: manager

View File

@ -0,0 +1,3 @@
- op: replace
path: "/spec/conversion/webhook/clientConfig/service/namespace"
value: capi-webhook-system

View File

@ -0,0 +1,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: metrics-reader
rules:
- nonResourceURLs: ["/metrics"]
verbs: ["get"]

View File

@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: proxy-role
rules:
- apiGroups: ["authentication.k8s.io"]
resources:
- tokenreviews
verbs: ["create"]
- apiGroups: ["authorization.k8s.io"]
resources:
- subjectaccessreviews
verbs: ["create"]

View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: proxy-role
subjects:
- kind: ServiceAccount
name: manager
namespace: system

View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8443"
prometheus.io/scheme: https
labels:
control-plane: capz-controller-manager
name: controller-manager-metrics-service
namespace: system
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
control-plane: capz-controller-manager

View File

@ -0,0 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- role.yaml
- role_binding.yaml
- service_account.yaml
- leader_election_role.yaml
- leader_election_role_binding.yaml
- auth_proxy_client_clusterrole.yaml
- auth_proxy_service.yaml
- auth_proxy_role.yaml
- auth_proxy_role_binding.yaml

View File

@ -0,0 +1,44 @@
# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: leader-election-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- "coordination.k8s.io"
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete

View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: leader-election-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: leader-election-role
subjects:
- kind: ServiceAccount
name: manager
namespace: system

View File

@ -0,0 +1,247 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: manager-role
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- aadpodidentity.k8s.io
resources:
- azureidentities
- azureidentities/status
verbs:
- get
- list
- watch
- apiGroups:
- aadpodidentity.k8s.io
resources:
- azureidentitybindings
- azureidentitybindings/status
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/status
verbs:
- get
- list
- patch
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machinepools
- machinepools/status
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machines
- machines/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azureclusteridentities
- azureclusteridentities/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azureclusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azureclusters/status
verbs:
- get
- patch
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azuremachinepoolmachines
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azuremachinepoolmachines/status
verbs:
- get
- patch
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azuremachinepools
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azuremachinepools/status
verbs:
- get
- patch
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azuremachines
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azuremachines/status
verbs:
- get
- patch
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azuremachinetemplates
- azuremachinetemplates/status
verbs:
- get
- list
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azuremanagedclusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azuremanagedclusters/status
verbs:
- get
- patch
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azuremanagedcontrolplanes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azuremanagedcontrolplanes/status
verbs:
- get
- patch
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azuremanagedmachinepools
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- azuremanagedmachinepools/status
verbs:
- get
- patch
- update

View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: manager-role
subjects:
- kind: ServiceAccount
name: manager
namespace: system

View File

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: manager
namespace: system

View File

@ -0,0 +1,6 @@
resources:
- manifests.yaml
- service.yaml
configurations:
- kustomizeconfig.yaml

View File

@ -0,0 +1,26 @@
# the following config is for teaching kustomize where to look at when substituting vars.
# It requires kustomize v2.1.0 or newer to work properly.
nameReference:
- kind: Service
version: v1
fieldSpecs:
- kind: MutatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/name
- kind: ValidatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/name
namespace:
- kind: MutatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/namespace
create: true
- kind: ValidatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/namespace
create: true
varReference:
- path: metadata/annotations

View File

@ -0,0 +1,297 @@
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
creationTimestamp: null
name: mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: webhook-service
namespace: system
path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha4-azurecluster
failurePolicy: Fail
matchPolicy: Equivalent
name: default.azurecluster.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha4
operations:
- CREATE
- UPDATE
resources:
- azureclusters
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: webhook-service
namespace: system
path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha4-azuremachine
failurePolicy: Fail
matchPolicy: Equivalent
name: default.azuremachine.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha4
operations:
- CREATE
- UPDATE
resources:
- azuremachines
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: webhook-service
namespace: system
path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha4-azuremachinetemplate
failurePolicy: Fail
matchPolicy: Equivalent
name: default.azuremachinetemplate.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha4
operations:
- CREATE
- UPDATE
resources:
- azuremachinetemplates
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: webhook-service
namespace: system
path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha4-azuremachinepool
failurePolicy: Fail
name: default.azuremachinepool.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha4
operations:
- CREATE
- UPDATE
resources:
- azuremachinepools
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: webhook-service
namespace: system
path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha4-azuremanagedcontrolplane
failurePolicy: Fail
name: default.azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha4
operations:
- CREATE
- UPDATE
resources:
- azuremanagedcontrolplanes
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: webhook-service
namespace: system
path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha4-azuremanagedmachinepool
failurePolicy: Fail
matchPolicy: Equivalent
name: default.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha4
operations:
- CREATE
- UPDATE
resources:
- azuremanagedmachinepools
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
creationTimestamp: null
name: validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: webhook-service
namespace: system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha4-azurecluster
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.azurecluster.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha4
operations:
- CREATE
- UPDATE
resources:
- azureclusters
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: webhook-service
namespace: system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha4-azuremachine
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.azuremachine.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha4
operations:
- CREATE
- UPDATE
resources:
- azuremachines
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: webhook-service
namespace: system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha4-azuremachinetemplate
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.azuremachinetemplate.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha4
operations:
- CREATE
- UPDATE
resources:
- azuremachinetemplates
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: webhook-service
namespace: system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha4-azuremachinepool
failurePolicy: Fail
name: validation.azuremachinepool.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha4
operations:
- CREATE
- UPDATE
resources:
- azuremachinepools
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: webhook-service
namespace: system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha4-azuremachinepoolmachine
failurePolicy: Fail
name: azuremachinepoolmachine.kb.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha4
operations:
- CREATE
- UPDATE
resources:
- azuremachinepoolmachines
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: webhook-service
namespace: system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha4-azuremanagedcontrolplane
failurePolicy: Fail
name: validation.azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha4
operations:
- CREATE
- UPDATE
resources:
- azuremanagedcontrolplanes
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: webhook-service
namespace: system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha4-azuremanagedmachinepool
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha4
operations:
- UPDATE
- DELETE
resources:
- azuremanagedmachinepools
sideEffects: None

View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Service
metadata:
name: webhook-service
namespace: system
spec:
ports:
- port: 443
targetPort: webhook-server

View File

@ -0,0 +1,10 @@
# Calico for Azure Target Cluster
Azure does not currently support Calico networking. The reason is Azure does not allow traffic with unknown source IPs.
As a workaround, it is recommended that Azure clusters use the Calico spec below that uses VXLAN.
```bash
https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-azure/main/templates/addons/calico.yaml
```
You can find more about Calico on Azure [here](https://docs.projectcalico.org/reference/public-cloud/azure).

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- calico.yaml

View File

@ -0,0 +1,6 @@
# CAPZ Cluster and Control Plane Resources
This folder contains the manifests necessary to deploy target cluster on Azure cloud.
These manifests were generated using **clusterctl generate** command with **public flavor** and then broken down into three manifests:
- cluster.yaml - provides the generic Cluster, AzureCluster, AzureClusterIdentity, and Secret (for client ID) resources.
- controlplane.yaml - provides the KubeadmControlPlane and AzureMachineTemplate resources.
- workers.yaml - this manifest is located in ../../workers-capz folder

View File

@ -0,0 +1,66 @@
apiVersion: cluster.x-k8s.io/v1alpha4
kind: Cluster
metadata:
labels:
cni: calico
name: target-cluster
namespace: default
spec:
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
controlPlaneRef:
apiVersion: controlplane.cluster.x-k8s.io/v1alpha4
kind: KubeadmControlPlane
name: target-cluster-control-plane
infrastructureRef:
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
kind: AzureCluster
name: target-cluster
---
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
kind: AzureCluster
metadata:
name: target-cluster
namespace: default
spec:
identityRef:
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
kind: AzureClusterIdentity
name: target-cluster-identity
location: centralus
networkSpec:
vnet:
name: target-cluster-vnet
resourceGroup: target-cluster-rg
subscriptionID: cb3e23d3-b697-4c4f-a1a7-529e308691e4
---
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
kind: AzureClusterIdentity
metadata:
labels:
clusterctl.cluster.x-k8s.io/move-hierarchy: "true"
name: target-cluster-identity
namespace: default
spec:
allowedNamespaces: {}
clientID: <your Azure Subscription's Client ID>
clientSecret:
name: target-cluster-identity-secret
namespace: default
tenantID: <your Azure Subscription's Tenant ID>
type: ServicePrincipal
---
apiVersion: v1
kind: Secret
metadata:
labels:
clusterctl.cluster.x-k8s.io/move-hierarchy: "true"
annotations:
config.kubernetes.io/path: target-infra/secret_target-cluster-identity-secret.yaml
name: target-cluster-identity-secret
namespace: default
type: Opaque
data:
clientSecret: <your Azure Subscription's Client Secret>

View File

@ -0,0 +1,104 @@
---
apiVersion: controlplane.cluster.x-k8s.io/v1alpha4
kind: KubeadmControlPlane
metadata:
name: target-cluster-control-plane
namespace: default
spec:
kubeadmConfigSpec:
clusterConfiguration:
apiServer:
extraArgs:
cloud-config: /etc/kubernetes/azure.json
cloud-provider: azure
extraVolumes:
- hostPath: /etc/kubernetes/azure.json
mountPath: /etc/kubernetes/azure.json
name: cloud-config
readOnly: true
timeoutForControlPlane: 20m
controllerManager:
extraArgs:
allocate-node-cidrs: "false"
cloud-config: /etc/kubernetes/azure.json
cloud-provider: azure
cluster-name: target-cluster
extraVolumes:
- hostPath: /etc/kubernetes/azure.json
mountPath: /etc/kubernetes/azure.json
name: cloud-config
readOnly: true
etcd:
local:
dataDir: /var/lib/etcddisk/etcd
extraArgs:
quota-backend-bytes: "8589934592"
diskSetup:
filesystems:
- device: /dev/disk/azure/scsi1/lun0
extraOpts:
- -E
- lazy_itable_init=1,lazy_journal_init=1
filesystem: ext4
label: etcd_disk
- device: ephemeral0.1
filesystem: ext4
label: ephemeral0
replaceFS: ntfs
partitions:
- device: /dev/disk/azure/scsi1/lun0
layout: true
overwrite: false
tableType: gpt
files:
- contentFrom:
secret:
key: control-plane-azure.json
name: target-cluster-control-plane-azure-json
owner: root:root
path: /etc/kubernetes/azure.json
permissions: "0644"
initConfiguration:
nodeRegistration:
kubeletExtraArgs:
azure-container-registry-config: /etc/kubernetes/azure.json
cloud-config: /etc/kubernetes/azure.json
cloud-provider: azure
name: '{{ ds.meta_data["local_hostname"] }}'
joinConfiguration:
nodeRegistration:
kubeletExtraArgs:
azure-container-registry-config: /etc/kubernetes/azure.json
cloud-config: /etc/kubernetes/azure.json
cloud-provider: azure
name: '{{ ds.meta_data["local_hostname"] }}'
mounts:
- - LABEL=etcd_disk
- /var/lib/etcddisk
postKubeadmCommands: []
preKubeadmCommands: []
machineTemplate:
infrastructureRef:
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
kind: AzureMachineTemplate
name: target-cluster-control-plane
replicas: 1
version: v1.21.1
---
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
kind: AzureMachineTemplate
metadata:
name: target-cluster-control-plane
namespace: default
spec:
template:
spec:
dataDisks:
- diskSizeGB: 256
lun: 0
nameSuffix: etcddisk
osDisk:
diskSizeGB: 128
osType: Linux
sshPublicKey: ""
vmSize: Standard_D2s_v3

View File

@ -0,0 +1,5 @@
resources:
- ../../airshipctl-base-catalogues
- namespace.yaml
- cluster.yaml
- controlplane.yaml

View File

@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: target-infra

View File

@ -0,0 +1,140 @@
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: k8scontrol-cluster-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: localhost/replacement-transformer
replacements:
# Target Cluster - Azure K8S Version
- source:
objref:
kind: VersionsCatalogue
name: versions-airshipctl
fieldref: "{.spec.kubernetes}"
target:
objref:
kind: KubeadmControlPlane
name: target-cluster-control-plane
fieldrefs: ["{.spec.version}"]
# Azure Cloud's Subscription ID
- source:
objref:
kind: VariableCatalogue
name: combined-target-secrets
fieldref: ".secretGroups[name=azureIdentity].values[name=subscriptionID].data"
target:
objref:
kind: AzureCluster
name: target-cluster
fieldrefs: ["{.spec.subscriptionID}"]
# Azure Cloud Subscription's Tenant ID
- source:
objref:
kind: VariableCatalogue
name: combined-target-secrets
fieldref: ".secretGroups[name=azureIdentity].values[name=tenantID].data"
target:
objref:
kind: AzureClusterIdentity
name: target-cluster-identity
fieldrefs: ["{.spec.tenantID}"]
# Azure Cloud Subscription's Client ID
- source:
objref:
kind: VariableCatalogue
name: combined-target-secrets
fieldref: ".secretGroups[name=azureIdentity].values[name=clientID].data"
target:
objref:
kind: AzureClusterIdentity
name: target-cluster-identity
fieldrefs: ["{.spec.clientID}"]
# Azure Cloud Subscription's Client Secret
- source:
objref:
kind: VariableCatalogue
name: combined-target-secrets
fieldref: ".secretGroups[name=azureIdentity].values[name=clientSecret].data"
target:
objref:
kind: Secret
name: target-cluster-identity-secret
fieldrefs: ["{.data.clientSecret}"]
# Target Cluster - Azure location
- source:
objref:
kind: VariableCatalogue
name: azure-catalogue
fieldref: "{.cluster.location}"
target:
objref:
kind: AzureCluster
name: target-cluster
fieldrefs: ["{.spec.location}"]
# Target cluster - Azure VNet Name
- source:
objref:
kind: VariableCatalogue
name: azure-catalogue
fieldref: "{.cluster.vnetName}"
target:
objref:
kind: AzureCluster
name: target-cluster
fieldrefs: ["{.spec.networkSpec.vnet.name}"]
# Target Cluster - Azure Resource Group
- source:
objref:
kind: VariableCatalogue
name: azure-catalogue
fieldref: "{.cluster.resourceGroup}"
target:
objref:
kind: AzureCluster
name: target-cluster
fieldrefs: ["{.spec.resourceGroup}"]
# Target Cluster - Control Plane Replica Count
- source:
objref:
kind: VariableCatalogue
name: azure-catalogue
fieldref: "{.controlplane.replicas}"
target:
objref:
kind: KubeadmControlPlane
name: target-cluster-control-plane
fieldrefs: ["{.spec.replicas}"]
# Target Cluster - Control Plane VM Flavor
- source:
objref:
kind: VariableCatalogue
name: azure-catalogue
fieldref: "{.controlplane.vmSize}"
target:
objref:
kind: AzureMachineTemplate
name: target-cluster-control-plane
fieldrefs: ["{.spec.template.spec.vmSize}"]
# Target Cluster - Control Plane SSH Public Key access
- source:
objref:
kind: VariableCatalogue
name: azure-catalogue
fieldref: "{.controlplane.sshPublicKey}"
target:
objref:
kind: AzureMachineTemplate
name: target-cluster-control-plane
fieldrefs: ["{.spec.template.spec.sshPublicKey}"]

View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster.yaml

View File

@ -0,0 +1,6 @@
# CAPZ Worker Resources
This folder contains the manifests necessary to deploy target cluster on Azure cloud.
These manifests were generated using **clusterctl generate** command with **public flavor** and then broken down into three manifests:
- cluster.yaml - this manifest is located in ../../k8scontrol-capz folder.
- controlplane.yaml - this manifest is located in ../../k8scontrol-capz folder.
- workers.yaml - provides the manifests for MachineDeployment, AzureMachineTemplate, and KubeadmConfigTemplate resources.

View File

@ -0,0 +1,3 @@
resources:
- ../../airshipctl-base-catalogues
- workers.yaml

View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- worker.yaml

View File

@ -0,0 +1,56 @@
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: k8scontrol-cluster-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: localhost/replacement-transformer
replacements:
# Target Cluster - Azure K8S Version
- source:
objref:
kind: VersionsCatalogue
name: versions-airshipctl
fieldref: "{.spec.kubernetes}"
target:
objref:
kind: MachineDeployment
name: target-cluster-md-0
fieldrefs: ["{.spec.template.spec.version}"]
# Target Cluster - Worker Replica Count
- source:
objref:
kind: VariableCatalogue
name: azure-catalogue
fieldref: "{.worker.replicas}"
target:
objref:
kind: MachineDeployment
name: target-cluster-md-0
fieldrefs: ["{.spec.replicas}"]
# Target Cluster - Worker VM Flavor
- source:
objref:
kind: VariableCatalogue
name: azure-catalogue
fieldref: "{.controlplane.vmSize}"
target:
objref:
kind: AzureMachineTemplate
name: target-cluster-md-0
fieldrefs: ["{.spec.template.spec.vmSize}"]
# Target Cluster - Control Plane SSH Public Key access
- source:
objref:
kind: VariableCatalogue
name: azure-catalogue
fieldref: "{.controlplane.sshPublicKey}"
target:
objref:
kind: AzureMachineTemplate
name: target-cluster-md-0
fieldrefs: ["{.spec.template.spec.sshPublicKey}"]

View File

@ -0,0 +1,63 @@
---
apiVersion: cluster.x-k8s.io/v1alpha4
kind: MachineDeployment
metadata:
name: target-cluster-md-0
namespace: default
spec:
clusterName: target-cluster
replicas: 3
selector:
matchLabels: null
template:
spec:
bootstrap:
configRef:
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha4
kind: KubeadmConfigTemplate
name: target-cluster-md-0
clusterName: target-cluster
infrastructureRef:
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
kind: AzureMachineTemplate
name: target-cluster-md-0
version: v1.21.1
---
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
kind: AzureMachineTemplate
metadata:
name: target-cluster-md-0
namespace: default
spec:
template:
spec:
osDisk:
diskSizeGB: 128
osType: Linux
sshPublicKey: ""
vmSize: Standard_D2s_v3
---
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha4
kind: KubeadmConfigTemplate
metadata:
name: target-cluster-md-0
namespace: default
spec:
template:
spec:
files:
- contentFrom:
secret:
key: worker-node-azure.json
name: target-cluster-md-0-azure-json
owner: root:root
path: /etc/kubernetes/azure.json
permissions: "0644"
joinConfiguration:
nodeRegistration:
kubeletExtraArgs:
azure-container-registry-config: /etc/kubernetes/azure.json
cloud-config: /etc/kubernetes/azure.json
cloud-provider: azure
name: '{{ ds.meta_data["local_hostname"] }}'
preKubeadmCommands: []

View File

@ -596,4 +596,4 @@ spec:
configRef:
kind: ConfigMap
name: merge-kubeconfig
apiVersion: v1
apiVersion: v1