apiVersion: cluster.x-k8s.io/v1beta1
kind: MachineDeployment
metadata:
  labels:
    cluster.x-k8s.io/cluster-name: "{{.clusterName}}"
  name: "{{.workerNodeGroupName}}"
  namespace: "{{.eksaSystemNamespace}}"
  {{- if .autoscalingConfig }}
  annotations:
    cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "{{ .autoscalingConfig.MinCount }}"
    cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "{{ .autoscalingConfig.MaxCount }}"
  {{- end }}
spec:
  clusterName: "{{.clusterName}}"
  replicas: {{.workerReplicas}}
  selector:
    matchLabels: {}
  template:
    metadata:
      labels:
        cluster.x-k8s.io/cluster-name: "{{.clusterName}}"
    spec:
      bootstrap:
        configRef:
          apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
          kind: KubeadmConfigTemplate
          name: "{{.workloadkubeadmconfigTemplateName}}"
      clusterName: "{{.clusterName}}"
      infrastructureRef:
        apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
        kind: NutanixMachineTemplate
        name: "{{.workloadTemplateName}}"
      version: "{{.kubernetesVersion}}"
---
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: NutanixMachineTemplate
metadata:
  name: "{{.workloadTemplateName}}"
  namespace: "{{.eksaSystemNamespace}}"
spec:
  template:
    spec:
      providerID: "nutanix://{{.clusterName}}-m1"
      vcpusPerSocket: {{.vcpusPerSocket}}
      vcpuSockets: {{.vcpuSockets}}
      memorySize: {{.memorySize}}
      systemDiskSize: {{.systemDiskSize}}
      image:
{{- if (eq .imageIDType "name") }}
        type: name
        name: "{{.imageName}}"
{{ else if (eq .imageIDType "uuid") }}
        type: uuid
        uuid: "{{.imageUUID}}"
{{ end }}
      cluster:
{{- if (eq .nutanixPEClusterIDType "name") }}
        type: name
        name: "{{.nutanixPEClusterName}}"
{{- else if (eq .nutanixPEClusterIDType "uuid") }}
        type: uuid
        uuid: "{{.nutanixPEClusterUUID}}"
{{ end }}
      subnet:
{{- if (eq .subnetIDType "name") }}
        - type: name
          name: "{{.subnetName}}"
{{- else if (eq .subnetIDType "uuid") }}
        - type: uuid
          uuid: "{{.subnetUUID}}"
{{ end }}
{{- if .projectIDType}}
      project:
{{- if (eq .projectIDType "name") }}
        type: name
        name: "{{.projectName}}"
{{- else if (eq .projectIDType "uuid") }}
        type: uuid
        uuid: "{{.projectUUID}}"
{{ end }}
{{ end }}
{{- if .additionalCategories}}
      additionalCategories:
{{- range .additionalCategories}}
        - key:   "{{ .Key }}"
          value: "{{ .Value }}"
{{- end }}
{{- end }}
---
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
kind: KubeadmConfigTemplate
metadata:
  name: "{{.workloadkubeadmconfigTemplateName}}"
  namespace: "{{.eksaSystemNamespace}}"
spec:
  template:
    spec:
      preKubeadmCommands:
{{- if .registryMirrorMap }}
        - cat /etc/containerd/config_append.toml >> /etc/containerd/config.toml
{{- end }}
{{- if or .proxyConfig .registryMirrorMap }}
        - sudo systemctl daemon-reload
        - sudo systemctl restart containerd
{{- end }}
        - hostnamectl set-hostname "{{`{{ ds.meta_data.hostname }}`}}"
      joinConfiguration:
        nodeRegistration:
          kubeletExtraArgs:
            # We have to pin the cgroupDriver to cgroupfs as kubeadm >=1.21 defaults to systemd
            # kind will implement systemd support in: https://github.com/kubernetes-sigs/kind/issues/1726
            #cgroup-driver: cgroupfs
            eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
{{- if .kubeletExtraArgs }}
{{ .kubeletExtraArgs.ToYaml | indent 12 }}
{{- end }}
{{- if .workerNodeGroupTaints }}
          taints:
 {{- range .workerNodeGroupTaints}}
            - key: {{ .Key }}
              value: {{ .Value }}
              effect: {{ .Effect }}
 {{- if .TimeAdded }}
              timeAdded: {{ .TimeAdded }}
 {{- end }}
 {{- end }}
 {{- end }}
          name: '{{`{{ ds.meta_data.hostname }}`}}'
      users:
        - name: "{{.workerSshUsername}}"
          lockPassword: false
          sudo: ALL=(ALL) NOPASSWD:ALL
          sshAuthorizedKeys:
            - "{{.workerSshAuthorizedKey}}"
{{- if or .proxyConfig .registryMirrorMap }}
      files:
{{- end }}
{{- if .proxyConfig }}
      - content: |
          [Service]
          Environment="HTTP_PROXY={{.httpProxy}}"
          Environment="HTTPS_PROXY={{.httpsProxy}}"
          Environment="NO_PROXY={{ stringsJoin .noProxy "," }}"
        owner: root:root
        path: /etc/systemd/system/containerd.service.d/http-proxy.conf
{{- end }}
{{- if .registryCACert }}
      - content: |
{{ .registryCACert | indent 10 }}
        owner: root:root
        path: "/etc/containerd/certs.d/{{ .mirrorBase }}/ca.crt"
{{- end }}
{{- if .registryMirrorMap }}
      - content: |
          [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
            {{- range $orig, $mirror := .registryMirrorMap }}
            [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ $orig }}"]
              endpoint = ["https://{{ $mirror }}"]
{{- end }}
{{- if or .registryCACert .insecureSkip }}
            [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ .mirrorBase }}".tls]
{{- if .registryCACert }}
              ca_file = "/etc/containerd/certs.d/{{ .mirrorBase }}/ca.crt"
{{- end }}
{{- if .insecureSkip }}
              insecure_skip_verify = {{ .insecureSkip }}
{{- end }}
{{- end }}
{{- if .registryAuth }}
            [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ .mirrorBase }}".auth]
              username = "{{.registryUsername}}"
              password = "{{.registryPassword}}"
{{- end }}
        owner: root:root
        path: "/etc/containerd/config_append.toml"
{{- end }}