Created
March 30, 2023 09:58
-
-
Save jkremser/7fb07237a9c75a81cb03dd87ee181b13 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Source: cluster-vsphere/templates/cluster.yaml | |
apiVersion: cluster.x-k8s.io/v1beta1 | |
kind: Cluster | |
metadata: | |
name: gjirk25 | |
namespace: default | |
annotations: | |
cluster.giantswarm.io/description: "test cluster" | |
labels: | |
cluster-apps-operator.giantswarm.io/watching: "" | |
giantswarm.io/service-priority: "highest" | |
app: "cluster-vsphere" | |
app.kubernetes.io/managed-by: "Helm" | |
cluster.x-k8s.io/cluster-name: "gjirk25" | |
giantswarm.io/cluster: "gjirk25" | |
giantswarm.io/organization: "giantswarm" | |
application.giantswarm.io/team: "rocket" | |
app.kubernetes.io/version: "0.3.0" | |
helm.sh/chart: "cluster-vsphere-0.3.0" | |
spec: | |
clusterNetwork: | |
pods: | |
cidrBlocks: | |
- 192.168.0.0/16 | |
# services: | |
# cidrBlocks: | |
# | |
# - 192.168.1.0/16 | |
# | |
controlPlaneRef: | |
apiVersion: controlplane.cluster.x-k8s.io/v1beta1 | |
kind: KubeadmControlPlane | |
name: gjirk25 | |
namespace: default | |
infrastructureRef: | |
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 | |
kind: VSphereCluster | |
name: gjirk25 | |
namespace: default | |
--- | |
# Source: cluster-vsphere/templates/kubeadmconfigtemplate.yaml | |
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 | |
kind: KubeadmConfigTemplate | |
metadata: | |
name: gjirk25-worker-8ac3116f | |
namespace: default | |
labels: | |
app: "cluster-vsphere" | |
app.kubernetes.io/managed-by: "Helm" | |
cluster.x-k8s.io/cluster-name: "gjirk25" | |
giantswarm.io/cluster: "gjirk25" | |
giantswarm.io/organization: "giantswarm" | |
application.giantswarm.io/team: "rocket" | |
app.kubernetes.io/version: "0.3.0" | |
helm.sh/chart: "cluster-vsphere-0.3.0" | |
spec: | |
template: | |
spec: | |
users: | |
- name: giantswarm | |
sudo: ALL=(ALL) NOPASSWD:ALL | |
joinConfiguration: | |
nodeRegistration: | |
criSocket: /run/containerd/containerd.sock | |
kubeletExtraArgs: | |
cloud-provider: external | |
feature-gates: "ExpandPersistentVolumes=true" | |
eviction-hard : "memory.available<200Mi" | |
eviction-max-pod-grace-period: "60" | |
eviction-soft: "memory.available<500Mi" | |
eviction-soft-grace-period: "memory.available=5s" | |
anonymous-auth: "true" | |
node-labels: "giantswarm.io/node-pool=worker" | |
files: | |
- path: /etc/ssh/trusted-user-ca-keys.pem | |
permissions: "0600" | |
content: | | |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM4cvZ01fLmO9cJbWUj7sfF+NhECgy+Cl0bazSrZX7sU vault-ca@vault.operations.giantswarm.io | |
- path: /etc/ssh/sshd_config | |
permissions: "0600" | |
content: | | |
# Use most defaults for sshd configuration. | |
Subsystem sftp internal-sftp | |
ClientAliveInterval 180 | |
UseDNS no | |
UsePAM yes | |
PrintLastLog no # handled by PAM | |
PrintMotd no # handled by PAM | |
# Non defaults (#100) | |
ClientAliveCountMax 2 | |
PasswordAuthentication no | |
TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem | |
MaxAuthTries 5 | |
LoginGraceTime 60 | |
AllowTcpForwarding no | |
AllowAgentForwarding no | |
preKubeadmCommands: | |
- hostname '{{ ds.meta_data.hostname }}' | |
- echo "::1 ipv6-localhost ipv6-loopback" >/etc/hosts | |
- echo "127.0.0.1 localhost" >>/etc/hosts | |
- echo '127.0.0.1 {{ ds.meta_data.hostname }}' >>/etc/hosts | |
- echo '{{ ds.meta_data.hostname }}' >/etc/hostname | |
postKubeadmCommands: | |
- systemctl restart sshd | |
--- | |
# Source: cluster-vsphere/templates/kubeadmcontrolplane.yaml | |
#todo: this | |
apiVersion: controlplane.cluster.x-k8s.io/v1beta1 | |
kind: KubeadmControlPlane | |
metadata: | |
name: gjirk25 | |
namespace: default | |
labels: | |
app: "cluster-vsphere" | |
app.kubernetes.io/managed-by: "Helm" | |
cluster.x-k8s.io/cluster-name: "gjirk25" | |
giantswarm.io/cluster: "gjirk25" | |
giantswarm.io/organization: "giantswarm" | |
application.giantswarm.io/team: "rocket" | |
app.kubernetes.io/version: "0.3.0" | |
helm.sh/chart: "cluster-vsphere-0.3.0" | |
spec: | |
kubeadmConfigSpec: | |
clusterConfiguration: | |
apiServer: | |
certSANs: | |
- localhost | |
- 127.0.0.1 | |
- "api.gjirk25.k8s.test" | |
extraArgs: | |
cloud-provider: external | |
enable-admission-plugins: NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,PersistentVolumeClaimResize,DefaultStorageClass,Priority,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook | |
feature-gates: TTLAfterFinished=true | |
kubelet-preferred-address-types: "InternalIP" | |
logtostderr: "true" | |
profiling: "false" | |
requestheader-allowed-names: "front-proxy-client" | |
runtime-config: "api/all=true" | |
tls-cipher-suites: "TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384" | |
extraVolumes: | |
controllerManager: | |
extraArgs: | |
authorization-always-allow-paths: "/healthz,/readyz,/livez,/metrics" | |
bind-address: "0.0.0.0" | |
cloud-provider: external | |
enable-hostpath-provisioner: "true" | |
feature-gates: ExpandPersistentVolumes=true,TTLAfterFinished=true | |
logtostderr: "true" | |
profiling: "false" | |
dns: | |
imageRepository: projects.registry.vmware.com/tkg | |
imageTag: v1.7.0_vmware.12 | |
etcd: | |
local: | |
extraArgs: | |
listen-metrics-urls: "http://0.0.0.0:2381" | |
imageRepository: giantswarm | |
imageTag: 3.5.4-0-k8s | |
imageRepository: projects.registry.vmware.com/tkg | |
users: | |
- name: giantswarm | |
sudo: ALL=(ALL) NOPASSWD:ALL | |
initConfiguration: | |
skipPhases: | |
- addon/kube-proxy | |
patches: | |
directory: "/tmp/kubeadm/patches" | |
nodeRegistration: | |
criSocket: /run/containerd/containerd.sock | |
kubeletExtraArgs: | |
cloud-provider: external | |
feature-gates: "ExpandPersistentVolumes=true" | |
eviction-hard : "memory.available<200Mi" | |
eviction-max-pod-grace-period: "60" | |
eviction-soft: "memory.available<500Mi" | |
eviction-soft-grace-period: "memory.available=5s" | |
anonymous-auth: "true" | |
joinConfiguration: | |
patches: | |
directory: "/tmp/kubeadm/patches" | |
nodeRegistration: | |
criSocket: /run/containerd/containerd.sock | |
kubeletExtraArgs: | |
cloud-provider: external | |
feature-gates: "ExpandPersistentVolumes=true" | |
eviction-hard : "memory.available<200Mi" | |
eviction-max-pod-grace-period: "60" | |
eviction-soft: "memory.available<500Mi" | |
eviction-soft-grace-period: "memory.available=5s" | |
anonymous-auth: "true" | |
files: | |
- path: /etc/ssh/trusted-user-ca-keys.pem | |
permissions: "0600" | |
content: | | |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM4cvZ01fLmO9cJbWUj7sfF+NhECgy+Cl0bazSrZX7sU vault-ca@vault.operations.giantswarm.io | |
- path: /etc/ssh/sshd_config | |
permissions: "0600" | |
content: | | |
# Use most defaults for sshd configuration. | |
Subsystem sftp internal-sftp | |
ClientAliveInterval 180 | |
UseDNS no | |
UsePAM yes | |
PrintLastLog no # handled by PAM | |
PrintMotd no # handled by PAM | |
# Non defaults (#100) | |
ClientAliveCountMax 2 | |
PasswordAuthentication no | |
TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem | |
MaxAuthTries 5 | |
LoginGraceTime 60 | |
AllowTcpForwarding no | |
AllowAgentForwarding no | |
- path: /tmp/kubeadm/patches/kube-apiserver+json.tpl | |
content: |- | |
[ | |
{ | |
"op": "add", | |
"path": "/spec/dnsPolicy", | |
"value": "ClusterFirstWithHostNet" | |
}, | |
{ | |
"op": "add", | |
"path": "/spec/containers/0/command/-", | |
"value": "--max-requests-inflight=$MAX_REQUESTS_INFLIGHT" | |
}, | |
{ | |
"op": "add", | |
"path": "/spec/containers/0/command/-", | |
"value": "--max-mutating-requests-inflight=$MAX_MUTATING_REQUESTS_INFLIGHT" | |
}, | |
{ | |
"op": "replace", | |
"path": "/spec/containers/0/resources/requests/cpu", | |
"value": "$API_SERVER_CPU_REQUEST" | |
}, | |
{ | |
"op": "replace", | |
"path": "/spec/containers/0/resources/requests/memory", | |
"value": "$API_SERVER_MEMORY_REQUEST" | |
} | |
] | |
- path: /tmp/kubeadm/patches/kube-apiserver-patch.sh | |
content: |- | |
#!/usr/bin/env bash | |
# | |
# Creates kube-apiserver+json.json file by replacing | |
# environment variables in kube-apiserver+json.tpl | |
# | |
set -o errexit | |
set -o nounset | |
set -o pipefail | |
set -x | |
if [ "$#" -ne 1 ]; then | |
echo "Illegal number of parameters" >&2 | |
echo "Usage: bash kube-apiserver-patch.sh <resource-ratio>" >&2 | |
exit 1 | |
fi | |
ratio=$1 | |
cpus="$(grep -c ^processor /proc/cpuinfo)" | |
memory="$(awk '/MemTotal/ { printf "%d \n", $2/1024 }' /proc/meminfo)" | |
export MAX_REQUESTS_INFLIGHT=$((cpus*(1600/ratio))) | |
export MAX_MUTATING_REQUESTS_INFLIGHT=$((cpus*(800/ratio))) | |
export API_SERVER_CPU_REQUEST=$((cpus*(1000/ratio)))m | |
export API_SERVER_MEMORY_REQUEST=$((memory/ratio))Mi | |
envsubst < "/tmp/kubeadm/patches/kube-apiserver+json.tpl" > "/tmp/kubeadm/patches/kube-apiserver+json.json" | |
- content: | | |
apiVersion: v1 | |
kind: Pod | |
metadata: | |
creationTimestamp: null | |
name: kube-vip | |
namespace: kube-system | |
spec: | |
containers: | |
- args: | |
- start | |
env: | |
- name: vip_arp | |
value: "true" | |
- name: vip_leaderelection | |
value: "true" | |
- name: vip_address | |
value: 10.10.222.242 | |
- name: vip_interface | |
value: eth0 | |
- name: vip_leaseduration | |
value: "15" | |
- name: vip_renewdeadline | |
value: "10" | |
- name: vip_retryperiod | |
value: "2" | |
image: ghcr.io/kube-vip/kube-vip:v0.3.5 | |
imagePullPolicy: IfNotPresent | |
name: kube-vip | |
resources: {} | |
securityContext: | |
capabilities: | |
add: | |
- NET_ADMIN | |
- SYS_TIME | |
volumeMounts: | |
- mountPath: /etc/kubernetes/admin.conf | |
name: kubeconfig | |
hostNetwork: true | |
volumes: | |
- hostPath: | |
path: /etc/kubernetes/admin.conf | |
type: FileOrCreate | |
name: kubeconfig | |
status: {} | |
owner: root:root | |
path: /etc/kubernetes/manifests/kube-vip.yaml | |
preKubeadmCommands: | |
# - bash /tmp/kubeadm/patches/kube-apiserver-patch.sh 8 | |
- hostname '{{ ds.meta_data.hostname }}' | |
- echo "::1 ipv6-localhost ipv6-loopback" >/etc/hosts | |
- echo "127.0.0.1 localhost" >>/etc/hosts | |
- echo '127.0.0.1 {{ ds.meta_data.hostname }}' >>/etc/hosts | |
- echo '{{ ds.meta_data.hostname }}' >/etc/hostname | |
postKubeadmCommands: | |
- systemctl restart sshd | |
useExperimentalRetryJoin: true | |
machineTemplate: | |
infrastructureRef: | |
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 | |
kind: VSphereMachineTemplate | |
name: gjirk25-control-plane-798e9a27 | |
namespace: default | |
replicas: 1 | |
version: v1.25.6 | |
--- | |
# Source: cluster-vsphere/templates/machinedeployment.yaml | |
apiVersion: cluster.x-k8s.io/v1beta1 | |
kind: MachineDeployment | |
metadata: | |
name: gjirk25-worker | |
namespace: default | |
labels: | |
app: "cluster-vsphere" | |
app.kubernetes.io/managed-by: "Helm" | |
cluster.x-k8s.io/cluster-name: "gjirk25" | |
giantswarm.io/cluster: "gjirk25" | |
giantswarm.io/organization: "giantswarm" | |
application.giantswarm.io/team: "rocket" | |
app.kubernetes.io/version: "0.3.0" | |
helm.sh/chart: "cluster-vsphere-0.3.0" | |
spec: | |
clusterName: gjirk25 | |
replicas: 2 | |
revisionHistoryLimit: 0 | |
selector: | |
matchLabels: {} | |
template: | |
metadata: | |
labels: | |
app: "cluster-vsphere" | |
app.kubernetes.io/managed-by: "Helm" | |
cluster.x-k8s.io/cluster-name: "gjirk25" | |
giantswarm.io/cluster: "gjirk25" | |
giantswarm.io/organization: "giantswarm" | |
application.giantswarm.io/team: "rocket" | |
spec: | |
bootstrap: | |
configRef: | |
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 | |
kind: KubeadmConfigTemplate | |
name: gjirk25-worker-8ac3116f | |
namespace: default | |
clusterName: gjirk25 | |
infrastructureRef: | |
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 | |
kind: VSphereMachineTemplate | |
name: gjirk25-default-3affd4ad | |
namespace: default | |
version: v1.25.6 | |
--- | |
# Source: cluster-vsphere/templates/vspherecluster.yaml | |
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 | |
kind: VSphereCluster | |
metadata: | |
name: gjirk25 | |
namespace: default | |
labels: | |
app: "cluster-vsphere" | |
app.kubernetes.io/managed-by: "Helm" | |
cluster.x-k8s.io/cluster-name: "gjirk25" | |
giantswarm.io/cluster: "gjirk25" | |
giantswarm.io/organization: "giantswarm" | |
application.giantswarm.io/team: "rocket" | |
app.kubernetes.io/version: "0.3.0" | |
helm.sh/chart: "cluster-vsphere-0.3.0" | |
spec: | |
controlPlaneEndpoint: | |
host: '10.10.222.242' | |
port: 6443 | |
identityRef: | |
kind: Secret | |
name: gjirk25-credentials | |
server: | |
thumbprint: | |
--- | |
# Source: cluster-vsphere/templates/vspheremachinetemplate.yaml | |
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 | |
kind: VSphereMachineTemplate | |
metadata: | |
name: gjirk25-control-plane-798e9a27 | |
namespace: default | |
labels: | |
app: "cluster-vsphere" | |
app.kubernetes.io/managed-by: "Helm" | |
cluster.x-k8s.io/cluster-name: "gjirk25" | |
giantswarm.io/cluster: "gjirk25" | |
giantswarm.io/organization: "giantswarm" | |
application.giantswarm.io/team: "rocket" | |
app.kubernetes.io/version: "0.3.0" | |
helm.sh/chart: "cluster-vsphere-0.3.0" | |
spec: | |
template: | |
spec: | |
datacenter: | |
datastore: | |
server: | |
thumbprint: | |
cloneMode: linkedClone | |
diskGiB: 25 | |
memoryMiB: 8192 | |
network: | |
devices: | |
- dhcp4: true | |
networkName: grasshopper-capv | |
numCPUs: 2 | |
resourcePool: grasshopper | |
template: ubuntu-2004-kube-v1.25.6 | |
--- | |
# Source: cluster-vsphere/templates/vspheremachinetemplate.yaml | |
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 | |
kind: VSphereMachineTemplate | |
metadata: | |
name: gjirk25-default-3affd4ad | |
namespace: default | |
labels: | |
app: "cluster-vsphere" | |
app.kubernetes.io/managed-by: "Helm" | |
cluster.x-k8s.io/cluster-name: "gjirk25" | |
giantswarm.io/cluster: "gjirk25" | |
giantswarm.io/organization: "giantswarm" | |
application.giantswarm.io/team: "rocket" | |
app.kubernetes.io/version: "0.3.0" | |
helm.sh/chart: "cluster-vsphere-0.3.0" | |
spec: | |
template: | |
spec: | |
datacenter: | |
datastore: | |
server: | |
thumbprint: | |
cloneMode: linkedClone | |
diskGiB: 25 | |
network: | |
devices: | |
- dhcp4: true | |
networkName: grasshopper-capv | |
numCPUs: 2 | |
resourcePool: grasshopper | |
template: ubuntu-2004-kube-v1.25.6 | |
--- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment