diff --git a/providers/openstack/kamaji/1-30/cluster-addon-values.yaml b/providers/openstack/kamaji/1-30/cluster-addon-values.yaml new file mode 100644 index 00000000..17171abe --- /dev/null +++ b/providers/openstack/kamaji/1-30/cluster-addon-values.yaml @@ -0,0 +1,5 @@ +values: | + metrics-server: + commonLabels: + domain: "{{ .Cluster.spec.controlPlaneEndpoint.host }}" + clusterAddonVersion: "v1" diff --git a/providers/openstack/kamaji/1-30/cluster-addon/.helmignore b/providers/openstack/kamaji/1-30/cluster-addon/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/providers/openstack/kamaji/1-30/cluster-addon/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/providers/openstack/kamaji/1-30/cluster-addon/Chart.lock b/providers/openstack/kamaji/1-30/cluster-addon/Chart.lock new file mode 100644 index 00000000..af765e82 --- /dev/null +++ b/providers/openstack/kamaji/1-30/cluster-addon/Chart.lock @@ -0,0 +1,15 @@ +dependencies: +- name: metrics-server + repository: https://kubernetes-sigs.github.io/metrics-server/ + version: 3.12.0 +- name: cilium + repository: https://helm.cilium.io/ + version: 1.15.2 +- name: openstack-cloud-controller-manager + repository: https://kubernetes.github.io/cloud-provider-openstack + version: 2.30.0 +- name: openstack-cinder-csi + repository: https://kubernetes.github.io/cloud-provider-openstack + version: 2.30.0 +digest: sha256:8d0f42e7a6b58afda62cbf2842168aead0eadabd698d27ab086800d080d091b8 +generated: "2024-05-21T05:57:51.234735433+02:00" diff --git a/providers/openstack/kamaji/1-30/cluster-addon/Chart.yaml b/providers/openstack/kamaji/1-30/cluster-addon/Chart.yaml new file mode 100644 index 00000000..e0527fc2 --- /dev/null +++ b/providers/openstack/kamaji/1-30/cluster-addon/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +dependencies: +- alias: metrics-server + name: metrics-server + repository: https://kubernetes-sigs.github.io/metrics-server/ + version: 3.12.0 +- alias: cilium + name: cilium + repository: https://helm.cilium.io/ + version: 1.15.2 +- alias: openstack-cloud-controller-manager + name: openstack-cloud-controller-manager + repository: https://kubernetes.github.io/cloud-provider-openstack + version: 2.30.0 +- alias: openstack-cinder-csi + name: openstack-cinder-csi + repository: https://kubernetes.github.io/cloud-provider-openstack + version: 2.30.0 +name: openstack-kamaji-1-30-cluster-addon +type: application +version: v1 diff --git a/providers/openstack/kamaji/1-30/cluster-addon/charts/cilium-1.15.2.tgz b/providers/openstack/kamaji/1-30/cluster-addon/charts/cilium-1.15.2.tgz new file mode 100644 index 00000000..6bf08bd0 Binary files /dev/null and b/providers/openstack/kamaji/1-30/cluster-addon/charts/cilium-1.15.2.tgz differ diff --git a/providers/openstack/kamaji/1-30/cluster-addon/charts/metrics-server-3.12.0.tgz b/providers/openstack/kamaji/1-30/cluster-addon/charts/metrics-server-3.12.0.tgz new file mode 100644 index 00000000..22f9f8dc Binary files /dev/null and b/providers/openstack/kamaji/1-30/cluster-addon/charts/metrics-server-3.12.0.tgz differ diff --git a/providers/openstack/kamaji/1-30/cluster-addon/charts/openstack-cinder-csi-2.30.0.tgz b/providers/openstack/kamaji/1-30/cluster-addon/charts/openstack-cinder-csi-2.30.0.tgz new file mode 100644 index 00000000..9b8d6d99 Binary files /dev/null and b/providers/openstack/kamaji/1-30/cluster-addon/charts/openstack-cinder-csi-2.30.0.tgz differ diff --git a/providers/openstack/kamaji/1-30/cluster-addon/charts/openstack-cloud-controller-manager-2.30.0.tgz b/providers/openstack/kamaji/1-30/cluster-addon/charts/openstack-cloud-controller-manager-2.30.0.tgz new file mode 100644 index 00000000..c9037311 Binary files /dev/null and b/providers/openstack/kamaji/1-30/cluster-addon/charts/openstack-cloud-controller-manager-2.30.0.tgz differ diff --git a/providers/openstack/kamaji/1-30/cluster-addon/values.yaml b/providers/openstack/kamaji/1-30/cluster-addon/values.yaml new file mode 100644 index 00000000..4a01b395 --- /dev/null +++ b/providers/openstack/kamaji/1-30/cluster-addon/values.yaml @@ -0,0 +1,38 @@ +metrics-server: + fullnameOverride: metrics-server + replicas: 1 + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + + service: + labels: + kubernetes.io/cluster-service: "true" + kubernetes.io/name: "Metrics-server" + + defaultArgs: + - --cert-dir=/tmp + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --kubelet-use-node-status-port + - --metric-resolution=15s + + args: + - --kubelet-insecure-tls +openstack-cloud-controller-manager: + secret: + enabled: true + name: cloud-config + create: false + nodeSelector: + tolerations: + - key: node.cloudprovider.kubernetes.io/uninitialized + value: "true" + effect: NoSchedule + +openstack-cinder-csi: + secret: + enabled: true + name: cloud-config + create: false diff --git a/providers/openstack/kamaji/1-30/cluster-class/.helmignore b/providers/openstack/kamaji/1-30/cluster-class/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/providers/openstack/kamaji/1-30/cluster-class/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/providers/openstack/kamaji/1-30/cluster-class/Chart.yaml b/providers/openstack/kamaji/1-30/cluster-class/Chart.yaml new file mode 100644 index 00000000..ca7ecd1c --- /dev/null +++ b/providers/openstack/kamaji/1-30/cluster-class/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +description: | + This chart installs and configures: + * Openstack Kamaji Cluster Class +name: openstack-kamaji-1-30-cluster-class +type: application +version: v1 diff --git a/providers/openstack/kamaji/1-30/cluster-class/templates/_helpers.tpl b/providers/openstack/kamaji/1-30/cluster-class/templates/_helpers.tpl new file mode 100644 index 00000000..2339c125 --- /dev/null +++ b/providers/openstack/kamaji/1-30/cluster-class/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cluster-class.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cluster-class.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cluster-class.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cluster-class.labels" -}} +helm.sh/chart: {{ include "cluster-class.chart" . }} +{{ include "cluster-class.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cluster-class.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cluster-class.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cluster-class.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "cluster-class.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/providers/openstack/kamaji/1-30/cluster-class/templates/cluster-class.yaml b/providers/openstack/kamaji/1-30/cluster-class/templates/cluster-class.yaml new file mode 100644 index 00000000..4e0cecda --- /dev/null +++ b/providers/openstack/kamaji/1-30/cluster-class/templates/cluster-class.yaml @@ -0,0 +1,460 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: {{ .Release.Name }}-{{ .Chart.Version }} +spec: + controlPlane: + ref: + apiVersion: controlplane.cluster.x-k8s.io/v1alpha1 + kind: KamajiControlPlaneTemplate + name: {{ .Release.Name }}-{{ .Chart.Version }}-control-plane + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OpenStackClusterTemplate + name: {{ .Release.Name }}-{{ .Chart.Version }}-cluster + workers: + machineDeployments: + - class: default-worker + template: + bootstrap: + ref: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + name: {{ .Release.Name }}-{{ .Chart.Version }}-default-worker + infrastructure: + ref: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OpenStackMachineTemplate + name: {{ .Release.Name }}-{{ .Chart.Version }}-default-worker + variables: + - name: data_store + required: true + schema: + openAPIV3Schema: + type: string + example: "default" + description: "Name of the Kamaji DataStore to use for the given KamajiControlPlane." + - name: dns_service_ips + required: false + schema: + openAPIV3Schema: + type: array + minItems: 1 + description: "List of IP addresses for the cluster DNS server." + default: ["10.96.0.10"] + example: ["10.96.0.10"] + items: + type: string + - name: external_id + required: false + schema: + openAPIV3Schema: + type: string + default: "ebfe5546-f09f-4f42-ab54-094e457d42ec" + example: "ebfe5546-f09f-4f42-ab54-094e457d42ec" + format: "uuid4" + description: "ExternalNetworkID is the ID of an external OpenStack Network. This is necessary to get public internet to the VMs." + - name: dns_nameservers + required: false + schema: + openAPIV3Schema: + type: array + description: "DNSNameservers is the list of nameservers for the OpenStack Subnet being created. Set this value when you need to create a new network/subnet while the access through DNS is required." + default: ["5.1.66.255", "185.150.99.255"] + example: ["5.1.66.255", "185.150.99.255"] + items: + type: string + - name: worker_flavor + required: false + schema: + openAPIV3Schema: + type: string + default: "SCS-2V-4-20" + example: "SCS-2V-4-20" + description: "OpenStack instance flavor for worker nodes." + - name: worker_root_disk + required: false + schema: + openAPIV3Schema: + type: integer + minimum: 1 + example: 20 + description: "Root disk size in GiB for worker nodes. OpenStack volume will be created and used instead of an ephemeral disk defined in flavor. Should be used also for the diskless flavors." + - name: node_cidr + required: false + schema: + openAPIV3Schema: + type: string + format: "cidr" + default: "10.8.0.0/20" + example: "10.8.0.0/20" + description: "NodeCIDR is the OpenStack Subnet to be created. Cluster actuator will create a network, a subnet with NodeCIDR, and a router connected to this subnet. If you leave this empty, no network will be created." + - name: openstack_security_groups + required: false + schema: + openAPIV3Schema: + type: array + default: [] + example: ["security-group-1"] + description: "The names of the security groups to assign to the instance" + items: + type: string + - name: cloud_name + required: false + schema: + openAPIV3Schema: + type: string + default: "openstack" + example: "openstack" + description: "The name of the cloud to use from the clouds secret" + - name: secret_name + required: false + schema: + openAPIV3Schema: + type: string + default: "openstack" + example: "openstack" + description: "The name of the clouds secret" + - name: worker_server_group_id + required: false + schema: + openAPIV3Schema: + type: string + default: "" + example: "869fe071-1e56-46a9-9166-47c9f228e297" + description: "The server group to assign the worker nodes to." + - name: ssh_key + required: false + schema: + openAPIV3Schema: + type: string + default: "" + example: "capi-keypair" + description: "The ssh key to inject in the nodes." + - name: certSANs + required: false + schema: + openAPIV3Schema: + type: array + default: [] + example: ["mydomain.example"] + description: "CertSANs sets extra Subject Alternative Names for the API Server signing cert." + items: + type: string + - name: oidc_config + required: false + schema: + openAPIV3Schema: + type: object + properties: + client_id: + type: string + example: "kubectl" + description: "A client id that all tokens must be issued for." + issuer_url: + type: string + example: "https://dex.k8s.scs.community" + description: "URL of the provider that allows the API server to + discover public signing keys. Only URLs that use the https:// scheme are + accepted. This is typically the provider's discovery URL, changed to have an + empty path" + username_claim: + type: string + example: "preferred_username" + default: "sub" + description: "JWT claim to use as the user name. By default sub, + which is expected to be a unique identifier of the end user. Admins can choose + other claims, such as email or name, depending on their provider. However, + claims other than email will be prefixed with the issuer URL to prevent naming + clashes with other plugins." + groups_claim: + type: string + example: "groups" + default: "groups" + description: "JWT claim to use as the user's group. If the claim + is present it must be an array of strings." + username_prefix: + type: string + example: "oidc:" + default: "oidc:" + description: "Prefix prepended to username claims to prevent + clashes with existing names (such as system: users). For example, the value + oidc: will create usernames like oidc:jane.doe. If this flag isn't provided and + --oidc-username-claim is a value other than email the prefix defaults to ( + Issuer URL )# where ( Issuer URL ) is the value of --oidc-issuer-url. The value + - can be used to disable all prefixing." + groups_prefix: + type: string + example: "oidc:" + default: "oidc:" + description: "Prefix prepended to group claims to prevent clashes + with existing names (such as system: groups). For example, the value oidc: will + create group names like oidc:engineering and oidc:infra." + patches: + - name: k8s_version + description: "Sets the openstack node image for workers to the cluster-api image with the version mentioned in spec.topology.version." + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OpenStackMachineTemplate + matchResources: + machineDeploymentClass: + names: + - default-worker + jsonPatches: + - op: replace + path: "/spec/template/spec/image/filter/name" + valueFrom: + template: ubuntu-capi-image-{{ `{{ .builtin.cluster.topology.version }}` }} + - name: worker_flavor + description: "Sets the openstack instance flavor for the worker nodes." + enabledIf: {{ `'{{ ne .worker_flavor "" }}'` }} + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OpenStackMachineTemplate + matchResources: + machineDeploymentClass: + names: + - default-worker + jsonPatches: + - op: replace + path: "/spec/template/spec/flavor" + valueFrom: + variable: worker_flavor + - name: worker_root_disk + description: "Sets the root disk size in GiB for worker nodes." + enabledIf: {{ `"{{ if .worker_root_disk }}true{{end}}"` }} + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OpenStackMachineTemplate + matchResources: + machineDeploymentClass: + names: + - default-worker + jsonPatches: + - op: add + path: "/spec/template/spec/rootVolume" + valueFrom: + template: | + sizeGiB: {{"{{"}} .worker_root_disk {{"}}"}} + - name: data_store + description: "Sets the name of the Kamaji DataStore to use for the given KamajiControlPlane." + definitions: + - selector: + apiVersion: controlplane.cluster.x-k8s.io/v1alpha1 + kind: KamajiControlPlaneTemplate + matchResources: + controlPlane: true + jsonPatches: + - op: add + path: "/spec/template/spec/dataStoreName" + valueFrom: + variable: data_store + - name: dns_service_ips + description: "Sets the list of IP addresses for the cluster DNS server." + enabledIf: {{ `"{{ if .dns_service_ips }}true{{end}}"` }} + definitions: + - selector: + apiVersion: controlplane.cluster.x-k8s.io/v1alpha1 + kind: KamajiControlPlaneTemplate + matchResources: + controlPlane: true + jsonPatches: + - op: add + path: "/spec/template/spec/addons/coreDNS/dnsServiceIPs" + valueFrom: + variable: dns_service_ips + - name: external_id + description: "Sets the ID of an external OpenStack Network. This is necessary to get public internet to the VMs." + enabledIf: {{ `'{{ ne .external_id "" }}'` }} + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OpenStackClusterTemplate + matchResources: + infrastructureCluster: true + jsonPatches: + - op: replace + path: "/spec/template/spec/externalNetwork/id" + valueFrom: + variable: external_id + - name: subnet + description: "Sets the NodeCIDR and optional nameservers for the OpenStack Subnet to be created. Cluster actuator will create a network, a subnet with NodeCIDR, and a router connected to this subnet." + enabledIf: {{ `'{{ ne .node_cidr "" }}'` }} + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OpenStackClusterTemplate + matchResources: + infrastructureCluster: true + jsonPatches: + - op: replace + path: "/spec/template/spec/managedSubnets" + valueFrom: + template: | + - cidr: '{{"{{"}} .node_cidr {{"}}"}}' + dnsNameservers: + {{`{{- range .dns_nameservers }}`}} + - {{`{{ . }}`}} + {{`{{- end }}`}} + - name: openstack_security_groups + description: "Sets the list of the openstack security groups for the worker instances." + enabledIf: {{ `"{{ if .openstack_security_groups }}true{{end}}"` }} + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OpenStackMachineTemplate + matchResources: + machineDeploymentClass: + names: + - default-worker + jsonPatches: + - op: add + path: "/spec/template/spec/securityGroups" + valueFrom: + template: {{ `"[ {{ range .openstack_security_groups }} { filter: { name: {{ . }}}}, {{ end }} ]"` }} + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OpenStackClusterTemplate + matchResources: + infrastructureCluster: true + jsonPatches: + - op: replace + path: "/spec/template/spec/managedSecurityGroups/allowAllInClusterTraffic" + value: false + - name: cloud_name + description: "Sets the name of the cloud to use from the clouds secret." + enabledIf: {{ `'{{ ne .cloud_name "" }}'` }} + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OpenStackClusterTemplate + matchResources: + infrastructureCluster: true + jsonPatches: + - op: replace + path: "/spec/template/spec/identityRef/cloudName" + valueFrom: + variable: cloud_name + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OpenStackMachineTemplate + matchResources: + machineDeploymentClass: + names: + - default-worker + jsonPatches: + - op: replace + path: "/spec/template/spec/identityRef/cloudName" + valueFrom: + variable: cloud_name + - name: secret_name + description: "Sets the name of the clouds secret." + enabledIf: {{ `'{{ ne .secret_name "" }}'` }} + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OpenStackClusterTemplate + matchResources: + infrastructureCluster: true + jsonPatches: + - op: replace + path: "/spec/template/spec/identityRef/name" + valueFrom: + variable: secret_name + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OpenStackMachineTemplate + matchResources: + machineDeploymentClass: + names: + - default-worker + jsonPatches: + - op: replace + path: "/spec/template/spec/identityRef/name" + valueFrom: + variable: secret_name + - name: worker_server_group_id + description: "Sets the server group to assign the worker nodes to." + enabledIf: {{ `'{{ ne .worker_server_group_id "" }}'` }} + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OpenStackMachineTemplate + matchResources: + machineDeploymentClass: + names: + - default-worker + jsonPatches: + - op: add + path: "/spec/template/spec/serverGroup" + valueFrom: + template: | + id: {{"{{"}} .worker_server_group_id {{"}}"}} + - name: ssh_key + description: "Sets the ssh key to inject in the nodes." + enabledIf: {{ `'{{ ne .ssh_key "" }}'` }} + definitions: + - selector: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: OpenStackMachineTemplate + matchResources: + machineDeploymentClass: + names: + - default-worker + jsonPatches: + - op: add + path: "/spec/template/spec/sshKeyName" + valueFrom: + variable: ssh_key + - name: certSANs + description: "CertSANs sets extra Subject Alternative Names for the API Server signing cert." + enabledIf: {{ `"{{ if .certSANs }}true{{end}}"` }} + definitions: + - selector: + apiVersion: controlplane.cluster.x-k8s.io/v1alpha1 + kind: KamajiControlPlaneTemplate + matchResources: + controlPlane: true + jsonPatches: + - op: add + path: "/spec/template/spec/network/certSANs" + valueFrom: + variable: certSANs + - name: oidc_config + description: "Configure API Server to use external authentication service." + enabledIf: {{ `"{{ if and .oidc_config .oidc_config.client_id .oidc_config.issuer_url }}true{{end}}"` }} + definitions: + - selector: + apiVersion: controlplane.cluster.x-k8s.io/v1alpha1 + kind: KamajiControlPlaneTemplate + matchResources: + controlPlane: true + jsonPatches: + - op: add + path: "/spec/template/spec/apiServer/extraArgs/-" + valueFrom: + template: --oidc-client-id={{ `{{ .oidc_config.client_id }}` }} + - op: add + path: "/spec/template/spec/apiServer/extraArgs/-" + valueFrom: + template: --oidc-issuer-url={{ `{{ .oidc_config.issuer_url }}` }} + - op: add + path: "/spec/template/spec/apiServer/extraArgs/-" + valueFrom: + template: --oidc-username-claim={{ `{{ .oidc_config.username_claim }}` }} + - op: add + path: "/spec/template/spec/apiServer/extraArgs/-" + valueFrom: + template: --oidc-groups-claim={{ `{{ .oidc_config.groups_claim }}` }} + - op: add + path: "/spec/template/spec/apiServer/extraArgs/-" + valueFrom: + template: --oidc-username-prefix={{ `{{ .oidc_config.username_prefix }}` }} + - op: add + path: "/spec/template/spec/apiServer/extraArgs/-" + valueFrom: + template: --oidc-groups-prefix={{ `{{ .oidc_config.groups_prefix }}` }} diff --git a/providers/openstack/kamaji/1-30/cluster-class/templates/kamaji-control-plane-template.yaml b/providers/openstack/kamaji/1-30/cluster-class/templates/kamaji-control-plane-template.yaml new file mode 100644 index 00000000..68b0fe7d --- /dev/null +++ b/providers/openstack/kamaji/1-30/cluster-class/templates/kamaji-control-plane-template.yaml @@ -0,0 +1,25 @@ +apiVersion: controlplane.cluster.x-k8s.io/v1alpha1 +kind: KamajiControlPlaneTemplate +metadata: + name: {{ .Release.Name }}-{{ .Chart.Version }}-control-plane +spec: + template: + spec: + addons: + coreDNS: {} + konnectivity: {} + kubeProxy: {} + apiServer: + extraArgs: + - --cloud-provider=external + controllerManager: + extraArgs: + - --cloud-provider=external + kubelet: + cgroupfs: systemd + preferredAddressTypes: + - InternalIP + - ExternalIP + - Hostname + network: + serviceType: LoadBalancer diff --git a/providers/openstack/kamaji/1-30/cluster-class/templates/kubeadm-config-template-default-worker.yaml b/providers/openstack/kamaji/1-30/cluster-class/templates/kubeadm-config-template-default-worker.yaml new file mode 100644 index 00000000..2e9ff290 --- /dev/null +++ b/providers/openstack/kamaji/1-30/cluster-class/templates/kubeadm-config-template-default-worker.yaml @@ -0,0 +1,13 @@ +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfigTemplate +metadata: + name: {{ .Release.Name }}-{{ .Chart.Version }}-default-worker +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + provider-id: openstack:///'{{"{{"}} instance_id {{"}}"}}' + name: '{{"{{"}} local_hostname {{"}}"}}' diff --git a/providers/openstack/kamaji/1-30/cluster-class/templates/openstack-cluster-template.yaml b/providers/openstack/kamaji/1-30/cluster-class/templates/openstack-cluster-template.yaml new file mode 100644 index 00000000..c49ba797 --- /dev/null +++ b/providers/openstack/kamaji/1-30/cluster-class/templates/openstack-cluster-template.yaml @@ -0,0 +1,23 @@ +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: OpenStackClusterTemplate +metadata: + name: {{ .Release.Name }}-{{ .Chart.Version }}-cluster +spec: + template: + spec: + identityRef: + name: {{ .Values.identityRef.name }} + cloudName: {{ .Values.identityRef.cloudName }} + disableAPIServerFloatingIP: true + apiServerLoadBalancer: + enabled: false + managedSecurityGroups: + allowAllInClusterTraffic: true + managedSubnets: + - cidr: {{ .Values.node_cidr }} + dnsNameservers: + {{- range .Values.dns_nameservers }} + - {{ . }} + {{- end }} + externalNetwork: + id: {{ .Values.external_id }} diff --git a/providers/openstack/kamaji/1-30/cluster-class/templates/openstack-machine-template-default-worker.yaml b/providers/openstack/kamaji/1-30/cluster-class/templates/openstack-machine-template-default-worker.yaml new file mode 100644 index 00000000..db871cca --- /dev/null +++ b/providers/openstack/kamaji/1-30/cluster-class/templates/openstack-machine-template-default-worker.yaml @@ -0,0 +1,14 @@ +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: OpenStackMachineTemplate +metadata: + name: {{ .Release.Name }}-{{ .Chart.Version }}-default-worker +spec: + template: + spec: + flavor: {{ .Values.worker_flavor }} + identityRef: + name: {{ .Values.identityRef.name }} + cloudName: {{ .Values.identityRef.cloudName }} + image: + filter: + name: placeholder diff --git a/providers/openstack/kamaji/1-30/cluster-class/values.yaml b/providers/openstack/kamaji/1-30/cluster-class/values.yaml new file mode 100644 index 00000000..525ee99c --- /dev/null +++ b/providers/openstack/kamaji/1-30/cluster-class/values.yaml @@ -0,0 +1,11 @@ +# mirrored from variables.tf +external_id: ebfe5546-f09f-4f42-ab54-094e457d42ec +dns_nameservers: +- 5.1.66.255 +- 185.150.99.255 +worker_flavor: SCS-2V-4-20 +node_cidr: 10.8.0.0/20 + +identityRef: + name: "openstack" + cloudName: "openstack" diff --git a/providers/openstack/kamaji/1-30/csctl.yaml b/providers/openstack/kamaji/1-30/csctl.yaml new file mode 100644 index 00000000..2cb83ca1 --- /dev/null +++ b/providers/openstack/kamaji/1-30/csctl.yaml @@ -0,0 +1,9 @@ +apiVersion: csctl.clusterstack.x-k8s.io/v1alpha1 +config: + kubernetesVersion: v1.30.1 + clusterStackName: kamaji + provider: + type: openstack + apiVersion: openstack.csctl.clusterstack.x-k8s.io/v1alpha1 + config: + method: get diff --git a/providers/openstack/kamaji/1-30/node-images/config.yaml b/providers/openstack/kamaji/1-30/node-images/config.yaml new file mode 100644 index 00000000..f557dc05 --- /dev/null +++ b/providers/openstack/kamaji/1-30/node-images/config.yaml @@ -0,0 +1,8 @@ +apiVersion: openstack.infrastructure.clusterstack.x-k8s.io/v1alpha1 +openStackNodeImages: +- url: https://swift.services.a.regiocloud.tech/swift/v1/AUTH_b182637428444b9aa302bb8d5a5a418c/openstack-k8s-capi-images/ubuntu-2204-kube-v1.30/ubuntu-2204-kube-v1.30.1.qcow2 + createOpts: + name: ubuntu-capi-image-v1.30.1 + disk_format: qcow2 + container_format: bare + visibility: private