apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
kind: KubeadmConfigTemplate
metadata:
  name: {{.workloadkubeadmconfigTemplateName}}
  namespace: {{.eksaSystemNamespace}}
spec:
  template:
    spec:
      joinConfiguration:
        nodeRegistration:
          criSocket: /var/run/containerd/containerd.sock
{{- if .workerNodeGroupTaints }}
          taints:{{ range .workerNodeGroupTaints}}
          - key: {{ .Key }}
            value: {{ .Value }}
            effect: {{ .Effect }}
{{- if .TimeAdded }}
            timeAdded: {{ .TimeAdded }}
{{- end }}
{{- end }}
{{- else}}
          taints: []
{{- end }}
          kubeletExtraArgs:
            provider-id: cloudstack:///'{{`{{ ds.meta_data.instance_id }}`}}'
            read-only-port: "0"
            anonymous-auth: "false"
{{- if .kubeletExtraArgs }}
{{ .kubeletExtraArgs.ToYaml | indent 12 }}
{{- end }}
          name: "{{`{{ ds.meta_data.hostname }}`}}"
{{- if or .proxyConfig .registryMirrorMap }}
      files:
{{- end }}
{{- if .proxyConfig }}
      - content: |
          [Service]
          Environment="HTTP_PROXY={{.httpProxy}}"
          Environment="HTTPS_PROXY={{.httpsProxy}}"
          Environment="NO_PROXY={{ stringsJoin .noProxy "," }}"
        owner: root:root
        path: /etc/systemd/system/containerd.service.d/http-proxy.conf
{{- end }}
{{- if .registryCACert }}
      - content: |
{{ .registryCACert | indent 10 }}
        owner: root:root
        path: "/etc/containerd/certs.d/{{ .mirrorBase }}/ca.crt"
{{- end }}
{{- if .registryMirrorMap }}
      - content: |
          [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
            {{- range $orig, $mirror := .registryMirrorMap }}
            [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ $orig }}"]
              endpoint = ["https://{{ $mirror }}"]
            {{- end }}
            {{- if or .registryCACert .insecureSkip }}
            [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ .mirrorBase }}".tls]
            {{- if .registryCACert }}
              ca_file = "/etc/containerd/certs.d/{{ .mirrorBase }}/ca.crt"
            {{- end }}
            {{- if .insecureSkip }}
              insecure_skip_verify = {{.insecureSkip}}
            {{- end }}
            {{- end }}
        owner: root:root
        path: "/etc/containerd/config_append.toml"
{{- end }}
      preKubeadmCommands:
      - swapoff -a
{{- if .registryMirrorMap }}
      - cat /etc/containerd/config_append.toml >> /etc/containerd/config.toml
{{- end }}
{{- if or .proxyConfig .registryMirrorMap }}
      - sudo systemctl daemon-reload
      - sudo systemctl restart containerd
{{- end }}
      - hostname "{{`{{ ds.meta_data.hostname }}`}}"
      - echo "::1         ipv6-localhost ipv6-loopback" >/etc/hosts
      - echo "127.0.0.1   localhost" >>/etc/hosts
      - echo "127.0.0.1   {{`{{ ds.meta_data.hostname }}`}}" >>/etc/hosts
      - echo "{{`{{ ds.meta_data.hostname }}`}}" >/etc/hostname
{{- range $dir, $target := .cloudstackSymlinks}}
      - >-
        if [ ! -L {{$dir}} ] ;
          then
            mv {{$dir}} {{$dir}}-$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 10) ;
            mkdir -p {{$target}} && ln -s {{$target}} {{$dir}} ;
          else echo "{{$dir}} already symlnk" ;
        fi
{{- end}}
{{- if .cloudstackDiskOfferingProvided }}
      diskSetup:
        filesystems:
          - device: {{ .cloudstackDiskOfferingDevice }}1
            overwrite: false
            extraOpts:
              - -E
              - lazy_itable_init=1,lazy_journal_init=1
            filesystem: {{ .cloudstackDiskOfferingFilesystem }}
            label: {{ .cloudstackDiskOfferingLabel }}
        partitions:
          - device: {{ .cloudstackDiskOfferingDevice }}
            layout: true
            overwrite: false
            tableType: gpt
      mounts:
        - - LABEL={{ .cloudstackDiskOfferingLabel }}
          - {{ .cloudstackDiskOfferingPath }}
{{- end }}
      users:
      - name: {{.workerSshUsername}}
        sshAuthorizedKeys:
        - '{{.cloudstackWorkerSshAuthorizedKey}}'
        sudo: ALL=(ALL) NOPASSWD:ALL
      format: {{.format}}
---
apiVersion: cluster.x-k8s.io/v1beta1
kind: MachineDeployment
metadata:
  labels:
    cluster.x-k8s.io/cluster-name: {{.clusterName}}
  name: {{.workerNodeGroupName}}
  namespace: {{.eksaSystemNamespace}}
  {{- if .autoscalingConfig }}
  annotations:
    cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "{{ .autoscalingConfig.MinCount }}"
    cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "{{ .autoscalingConfig.MaxCount }}"
{{- end }}
spec:
  clusterName: {{.clusterName}}
  replicas: {{.workerReplicas}}
  selector:
    matchLabels: {}
  template:
    metadata:
      labels:
        cluster.x-k8s.io/cluster-name: {{.clusterName}}
    spec:
      bootstrap:
        configRef:
          apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
          kind: KubeadmConfigTemplate
          name: {{.workloadkubeadmconfigTemplateName}}
      clusterName: {{.clusterName}}
      infrastructureRef:
        apiVersion: infrastructure.cluster.x-k8s.io/v1beta3
        kind: CloudStackMachineTemplate
        name: {{.workloadTemplateName}}
      version: {{.kubernetesVersion}}
{{- if .upgradeRolloutStrategy }}
      strategy:
        rollingUpdate:
          maxSurge: {{.maxSurge}}
          maxUnavailable: {{.maxUnavailable}}
{{- end }}