Update AWS out-of-tree examples

rancher · May 21, 2024 · 91d0082 · 91d0082
1 parent 3f6e618
commit 91d0082
Show file tree

Hide file tree

Showing 4 changed files with 166 additions and 93 deletions.
diff --git a/samples/aws/README.md b/samples/aws/README.md
@@ -22,9 +22,7 @@ Before creating a workload clusters, it is required to build an AMI for the RKE2
 
 The `internal` folder contains cluster templates to deploy an RKE2 cluster on AWS using the internal cloud provider (is DEPRECATED in favor of the external one), and the `external` folder contains the cluster templates to deploy a cluster with the external cloud provider.
 
-**Note**: `external` template is currently outdated.
-
-We will use the `internal` one for this guide.
+We will use the `internal` one for this guide, however the same steps apply for the `external` example.
 
 You will need to set the following environment variables:
 

diff --git a/samples/aws/external/cluster-template-external-cloud-provider.yaml b/samples/aws/external/cluster-template-external-cloud-provider.yaml
@@ -1,17 +1,12 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: ${CABPR_NAMESPACE}
 ---
 apiVersion: cluster.x-k8s.io/v1beta1
 kind: Cluster
 metadata:
+  name: ${CLUSTER_NAME}
+  namespace: ${CLUSTER_NAMESPACE}
   labels:
     ccm: external
-    cni: ${CLUSTER_NAME}-crs-0
     csi: external
-  name: ${CLUSTER_NAME}
-  namespace: ${CABPR_NAMESPACE}
 spec:
   clusterNetwork:
     pods:
@@ -30,102 +25,150 @@ apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
 kind: AWSCluster
 metadata:
   name: ${CLUSTER_NAME}
-  namespace: ${CABPR_NAMESPACE}
+  namespace: ${CLUSTER_NAMESPACE}
 spec:
+  bastion:
+    enabled: true
   network:
     vpc:
       availabilityZoneUsageLimit: 1
-  bastion:
-    enabled: true
+    additionalControlPlaneIngressRules:
+      - description: "RKE2 Control Plane additional group"
+        protocol: "tcp"
+        fromPort: 9345
+        toPort: 9345
+        sourceSecurityGroupRoles:
+          - node
+          - controlplane
+  controlPlaneLoadBalancer:
+      loadBalancerType: nlb
+      additionalListeners:
+        - port: 9345
+          protocol: "TCP"
+      ingressRules:
+      - description: RKE2 Control Plane
+        fromPort: 9345
+        protocol: tcp
+        sourceSecurityGroupRoles:
+        - node
+        - controlplane
+        toPort: 9345
+      - description: Kubernetes API
+        fromPort: 6443
+        protocol: tcp
+        toPort: 6443
+        cidrBlocks: 
+        - "0.0.0.0/0"
   region: ${AWS_REGION}
   sshKeyName: ${AWS_SSH_KEY_NAME}
+
 ---
 apiVersion: controlplane.cluster.x-k8s.io/v1beta1
 kind: RKE2ControlPlane
 metadata:
   name: ${CLUSTER_NAME}-control-plane
-  namespace: ${CABPR_NAMESPACE}
-spec: 
+  namespace: ${CLUSTER_NAMESPACE}
+spec:
+  version: ${RKE2_VERSION}
   preRKE2Commands:
   - sudo hostnamectl set-hostname $(curl -s http://169.254.169.254/1.0/meta-data/hostname)
-  replicas: ${CABPR_CP_REPLICAS}
-  version: ${KUBERNETES_VERSION}+rke2r1
-  serverConfig:
-    cni: calico
-    cloudProviderName: external
+  agentConfig:
+    airGapped: true
   infrastructureRef:
-    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+    apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
     kind: AWSMachineTemplate
     name: ${CLUSTER_NAME}-control-plane
   nodeDrainTimeout: 2m
+  replicas: 3
+  serverConfig:
+    cloudProviderName: external
+    cni: calico
+    etcd:
+      backupConfig:
+        retention: "10"
+        scheduleCron: "*/15 * * * *"
+  registrationMethod: "internal-first"
+  rolloutStrategy:
+    type: "RollingUpdate"
+    rollingUpdate:
+      maxSurge: 1
 ---
 apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
 kind: AWSMachineTemplate
 metadata:
   name: ${CLUSTER_NAME}-control-plane
-  namespace: ${CABPR_NAMESPACE}
+  namespace: ${CLUSTER_NAMESPACE}
 spec:
   template:
     spec:
+      ami:
+        id: ${AWS_AMI_ID}
       iamInstanceProfile: control-plane.cluster-api-provider-aws.sigs.k8s.io
       instanceType: ${AWS_CONTROL_PLANE_MACHINE_TYPE}
-      sshKeyName: ${AWS_SSH_KEY_NAME}
       rootVolume:
-        size: 51
+        size: 50
+      sshKeyName: ${AWS_SSH_KEY_NAME}
 ---
 apiVersion: cluster.x-k8s.io/v1beta1
 kind: MachineDeployment
 metadata:
   name: ${CLUSTER_NAME}-md-0
-  namespace: ${CABPR_NAMESPACE}
+  namespace: ${CLUSTER_NAMESPACE}
 spec:
   clusterName: ${CLUSTER_NAME}
   replicas: ${CABPR_WK_REPLICAS}
   selector:
-    matchLabels: null
+    matchLabels:
+      cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME}
   template:
+    metadata:
+      labels:
+        cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME}
     spec:
+      clusterName: ${CLUSTER_NAME}
+      version: ${RKE2_VERSION}
       bootstrap:
         configRef:
           apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
           kind: RKE2ConfigTemplate
           name: ${CLUSTER_NAME}-md-0
-      clusterName: ${CLUSTER_NAME}
       infrastructureRef:
+        name: ${CLUSTER_NAME}-md-0
         apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
         kind: AWSMachineTemplate
-        name: ${CLUSTER_NAME}-md-0
-      version: ${KUBERNETES_VERSION}+rke2r1
 ---
 apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
 kind: AWSMachineTemplate
 metadata:
   name: ${CLUSTER_NAME}-md-0
-  namespace: ${CABPR_NAMESPACE}
+  namespace: ${CLUSTER_NAMESPACE}
 spec:
   template:
     spec:
-      iamInstanceProfile: nodes.cluster-api-provider-aws.sigs.k8s.io
-      instanceType: ${AWS_NODE_MACHINE_TYPE}
-      sshKeyName: ${AWS_SSH_KEY_NAME}
+      ami:
+        id: ${AWS_AMI_ID}
+      instanceType: "${AWS_NODE_MACHINE_TYPE}"
+      iamInstanceProfile: "nodes.cluster-api-provider-aws.sigs.k8s.io"
+      sshKeyName: "${AWS_SSH_KEY_NAME}"
       rootVolume: 
         size: 50
 ---
 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
 kind: RKE2ConfigTemplate
 metadata:
-  namespace: ${CABPR_NAMESPACE}
   name: ${CLUSTER_NAME}-md-0
+  namespace: ${CLUSTER_NAMESPACE}
 spec: 
   template:
     spec:
-      agentConfig: {}
+      agentConfig:
+        airGapped: true
 ---
 apiVersion: addons.cluster.x-k8s.io/v1beta1
 kind: ClusterResourceSet
 metadata:
   name: crs-ccm
-  namespace: ${CABPR_NAMESPACE}
+  namespace: ${CLUSTER_NAMESPACE}
 spec:
   clusterSelector:
     matchLabels:
@@ -139,7 +182,7 @@ apiVersion: addons.cluster.x-k8s.io/v1beta1
 kind: ClusterResourceSet
 metadata:
   name: crs-csi
-  namespace: ${CABPR_NAMESPACE}
+  namespace: ${CLUSTER_NAMESPACE}
 spec:
   clusterSelector:
     matchLabels:
@@ -329,7 +372,7 @@ metadata:
   labels:
     type: generated
   name: cloud-controller-manager-addon
-  namespace: ${CABPR_NAMESPACE}
+  namespace: ${CLUSTER_NAMESPACE}
 ---
 apiVersion: v1
 data:
@@ -975,13 +1018,14 @@ metadata:
   labels:
     type: generated
   name: aws-ebs-csi-driver-addon
-  namespace: ${CABPR_NAMESPACE}
---- 
+  namespace: ${CLUSTER_NAMESPACE}
+---
 apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
 kind: AWSClusterControllerIdentity
 metadata:
   name: default
+  namespace: ${CLUSTER_NAMESPACE}
 spec:
   allowedNamespaces:
     list:
-      - ${CABPR_NAMESPACE}
+    - ${CLUSTER_NAMESPACE}