apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 kind: KubeadmConfigTemplate metadata: name: {{.workloadkubeadmconfigTemplateName}} namespace: {{.eksaSystemNamespace}} spec: template: spec: joinConfiguration: {{- if .kubeletConfiguration }} patches: directory: /etc/kubernetes/patches {{- end }} {{- if (eq .format "bottlerocket") }} pause: imageRepository: {{.pauseRepository}} imageTag: {{.pauseVersion}} bottlerocketBootstrap: imageRepository: {{.bottlerocketBootstrapRepository}} imageTag: {{.bottlerocketBootstrapVersion}} {{- end }} {{- if and .proxyConfig (eq .format "bottlerocket") }} proxy: httpsProxy: {{.httpsProxy}} noProxy: {{ range .noProxy }} - {{ . }} {{- end }} {{- end }} {{- if and .registryMirrorMap (eq .format "bottlerocket") }} registryMirror: {{- if .publicECRMirror }} endpoint: {{ .publicECRMirror }} {{- end }} {{- if .registryCACert }} caCert: | {{ .registryCACert | indent 12 }} {{- end }} {{- if not .publicECRMirror }} mirrors: {{- range $orig, $mirror := .registryMirrorMap }} - registry: "{{ $orig }}" endpoints: - {{ $mirror }} {{- end }} {{- end }} {{- end }} {{- if .bottlerocketSettings }} {{ .bottlerocketSettings | indent 8 }} {{- end }} {{- if .certBundles }} certBundles: {{- range .certBundles }} - name: "{{ .Name }}" data: | {{ .Data | indent 12 }} {{- end }} {{- end }} nodeRegistration: criSocket: /var/run/containerd/containerd.sock {{- if .workerNodeGroupTaints }} taints:{{ range .workerNodeGroupTaints}} - key: {{ .Key }} value: {{ .Value }} effect: {{ .Effect }} {{- if .TimeAdded }} timeAdded: {{ .TimeAdded }} {{- end }} {{- end }} {{- else}} taints: [] {{- end }} kubeletExtraArgs: cloud-provider: external {{- if not .kubeletConfiguration }} read-only-port: "0" anonymous-auth: "false" {{- if .cgroupDriverSystemd}} cgroup-driver: systemd {{- end }} {{- if .kubeletExtraArgs }} {{ .kubeletExtraArgs.ToYaml | indent 12 }} {{- end }} {{- end }} {{- if .nodeLabelArgs }} {{ .nodeLabelArgs.ToYaml | indent 12 }} {{- end }} name: '{{"{{"}} ds.meta_data.hostname {{"}}"}}' {{- if or (and (ne .format "bottlerocket") (or .proxyConfig .registryMirrorMap)) .kubeletConfiguration }} files: {{- end }} {{- if .kubeletConfiguration }} - content: | {{ .kubeletConfiguration | indent 10 }} owner: root:root permissions: "0644" path: /etc/kubernetes/patches/kubeletconfiguration0+strategic.yaml {{- end }} {{- if and .proxyConfig (ne .format "bottlerocket") }} - content: | [Service] Environment="HTTP_PROXY={{.httpProxy}}" Environment="HTTPS_PROXY={{.httpsProxy}}" Environment="NO_PROXY={{ stringsJoin .noProxy "," }}" owner: root:root path: /etc/systemd/system/containerd.service.d/http-proxy.conf {{- end }} {{- if (ne .format "bottlerocket") }} {{- if .registryCACert }} - content: | {{ .registryCACert | indent 10 }} owner: root:root path: "/etc/containerd/certs.d/{{ .mirrorBase }}/ca.crt" {{- end }} {{- if .registryMirrorMap }} - content: | [plugins."io.containerd.grpc.v1.cri".registry.mirrors] {{- range $orig, $mirror := .registryMirrorMap }} [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ $orig }}"] endpoint = ["https://{{ $mirror }}"] {{- end }} {{- if or .registryCACert .insecureSkip }} [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ .mirrorBase }}".tls] {{- if .registryCACert }} ca_file = "/etc/containerd/certs.d/{{ .mirrorBase }}/ca.crt" {{- end }} {{- if .insecureSkip }} insecure_skip_verify = {{.insecureSkip}} {{- end }} {{- end }} {{- if .registryAuth }} [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ .mirrorBase }}".auth] username = "{{.registryUsername}}" password = "{{.registryPassword}}" {{- end }} owner: root:root path: "/etc/containerd/config_append.toml" {{- end }} {{- end }} {{- if .ntpServers }} ntp: enabled: true servers: {{ range .ntpServers }} - {{ . }} {{- end }} {{- end }} preKubeadmCommands: {{- if and .registryMirrorMap (ne .format "bottlerocket") }} - cat /etc/containerd/config_append.toml >> /etc/containerd/config.toml {{- end }} {{- if and (or .proxyConfig .registryMirrorMap) (ne .format "bottlerocket") }} - sudo systemctl daemon-reload - sudo systemctl restart containerd {{- end }} - hostname "{{`{{ ds.meta_data.hostname }}`}}" - echo "::1 ipv6-localhost ipv6-loopback" >/etc/hosts - echo "127.0.0.1 localhost" >>/etc/hosts - echo "127.0.0.1 {{`{{ ds.meta_data.hostname }}`}}" >>/etc/hosts - echo "{{`{{ ds.meta_data.hostname }}`}}" >/etc/hostname users: - name: {{.workerSshUsername}} sshAuthorizedKeys: - '{{.vsphereWorkerSshAuthorizedKey}}' sudo: ALL=(ALL) NOPASSWD:ALL format: {{.format}} --- apiVersion: cluster.x-k8s.io/v1beta1 kind: MachineDeployment metadata: labels: cluster.x-k8s.io/cluster-name: {{.clusterName}} name: {{.workerNodeGroupName}} namespace: {{.eksaSystemNamespace}} {{- if .autoscalingConfig }} annotations: cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "{{ .autoscalingConfig.MinCount }}" cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "{{ .autoscalingConfig.MaxCount }}" {{- end }} spec: clusterName: {{.clusterName}} {{- if not .autoscalingConfig }} replicas: {{.workerReplicas}} {{- end }} selector: matchLabels: {} template: metadata: labels: cluster.x-k8s.io/cluster-name: {{.clusterName}} spec: bootstrap: configRef: apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 kind: KubeadmConfigTemplate name: {{.workloadkubeadmconfigTemplateName}} clusterName: {{.clusterName}} infrastructureRef: apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: VSphereMachineTemplate name: {{.workloadTemplateName}} version: {{.kubernetesVersion}} {{- if .failureDomain }} failureDomain: {{.failureDomain}} {{- end }} {{- if .upgradeRolloutStrategy }} strategy: {{- if (eq .upgradeRolloutStrategyType "InPlace") }} type: {{.upgradeRolloutStrategyType}} {{- else}} rollingUpdate: maxSurge: {{.maxSurge}} maxUnavailable: {{.maxUnavailable}} {{- end }} {{- end }} --- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: VSphereMachineTemplate metadata: name: {{.workloadTemplateName}} namespace: {{.eksaSystemNamespace}} spec: template: spec: cloneMode: {{.workerCloneMode}} datacenter: '{{.vsphereDatacenter}}' datastore: {{.workerVsphereDatastore}} diskGiB: {{.workloadDiskGiB}} folder: '{{.workerVsphereFolder}}' memoryMiB: {{.workloadVMsMemoryMiB}} network: devices: - dhcp4: true networkName: {{.vsphereNetwork}} numCPUs: {{.workloadVMsNumCPUs}} resourcePool: '{{.workerVsphereResourcePool}}' server: {{.vsphereServer}} {{- if (ne .workerVsphereStoragePolicyName "") }} storagePolicyName: "{{.workerVsphereStoragePolicyName}}" {{- end }} template: {{.workerTemplate}} thumbprint: '{{.thumbprint}}' {{- if .workerTagIDs }} tagIDs: {{- range .workerTagIDs }} - {{ . }} {{- end }} {{- end }}