apiVersion: cluster.x-k8s.io/v1beta1 kind: MachineDeployment metadata: labels: cluster.x-k8s.io/cluster-name: {{.clusterName}} pool: {{.workerNodeGroupName}} name: {{.clusterName}}-{{.workerNodeGroupName}} namespace: {{.eksaSystemNamespace}} {{- if .autoscalingConfig }} annotations: cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "{{ .autoscalingConfig.MinCount }}" cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "{{ .autoscalingConfig.MaxCount }}" {{- end }} spec: clusterName: {{.clusterName}} replicas: {{.workerReplicas}} selector: matchLabels: {} template: metadata: labels: cluster.x-k8s.io/cluster-name: {{.clusterName}} pool: {{.workerNodeGroupName}} spec: bootstrap: configRef: apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 kind: KubeadmConfigTemplate name: {{.workloadkubeadmconfigTemplateName}} clusterName: {{.clusterName}} infrastructureRef: apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: TinkerbellMachineTemplate name: {{.workloadTemplateName}} version: {{.kubernetesVersion}} {{- if .upgradeRolloutStrategy }} strategy: rollingUpdate: maxSurge: {{.maxSurge}} maxUnavailable: {{.maxUnavailable}} {{- end }} --- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: TinkerbellMachineTemplate metadata: name: {{.workloadTemplateName}} namespace: {{.eksaSystemNamespace}} spec: template: {{- if and .workertemplateOverride (ne .format "")}} spec: hardwareAffinity: required: - labelSelector: matchLabels: {{ range $key, $value := .hardwareSelector}} {{ $key }}: {{ $value}} {{- end }} templateOverride: | {{.workertemplateOverride | indent 8}} {{- end}} {{- if (eq .workertemplateOverride "") }} spec: {} {{- end }} --- apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 kind: KubeadmConfigTemplate metadata: name: {{.workloadkubeadmconfigTemplateName}} namespace: {{.eksaSystemNamespace}} spec: template: spec: joinConfiguration: {{- if (eq .format "bottlerocket") }} pause: imageRepository: {{.pauseRepository}} imageTag: {{.pauseVersion}} bottlerocketBootstrap: imageRepository: {{.bottlerocketBootstrapRepository}} imageTag: {{.bottlerocketBootstrapVersion}} {{- end }} {{- if and .proxyConfig (eq .format "bottlerocket") }} proxy: httpsProxy: {{.httpsProxy}} noProxy: {{ range .noProxy }} - {{ . }} {{- end }} {{- end }} {{- if and .registryMirrorMap (eq .format "bottlerocket") }} registryMirror: endpoint: {{ .publicMirror }} {{- if .registryCACert }} caCert: | {{ .registryCACert | indent 12 }} {{- end }} {{- end }} {{- if .bottlerocketSettings }} {{ .bottlerocketSettings | indent 8 }} {{- end }} {{- if .certBundles }} certBundles: {{- range .certBundles }} - name: "{{ .Name }}" data: | {{ .Data | indent 12 }} {{- end }} {{- end}} nodeRegistration: {{- if .workerNodeGroupTaints }} taints: {{- range .workerNodeGroupTaints}} - key: {{ .Key }} value: {{ .Value }} effect: {{ .Effect }} {{- if .TimeAdded }} timeAdded: {{ .TimeAdded }} {{- end }} {{- end }} {{- end }} kubeletExtraArgs: provider-id: PROVIDER_ID read-only-port: "0" anonymous-auth: "false" {{- if .kubeletExtraArgs }} {{ .kubeletExtraArgs.ToYaml | indent 12 }} {{- end }} {{- if and (ne .format "bottlerocket") (or .proxyConfig .registryMirrorMap) }} files: {{- end }} {{- if and .proxyConfig (ne .format "bottlerocket") }} - content: | [Service] Environment="HTTP_PROXY={{.httpProxy}}" Environment="HTTPS_PROXY={{.httpsProxy}}" Environment="NO_PROXY={{ stringsJoin .noProxy "," }}" owner: root:root path: /etc/systemd/system/containerd.service.d/http-proxy.conf {{- end }} {{- if (ne .format "bottlerocket") }} {{- if .registryCACert }} - content: | {{ .registryCACert | indent 12 }} owner: root:root path: "/etc/containerd/certs.d/{{ .mirrorBase }}/ca.crt" {{- end }} {{- if .registryMirrorMap }} - content: | [plugins."io.containerd.grpc.v1.cri".registry.mirrors] {{- range $orig, $mirror := .registryMirrorMap }} [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ $orig }}"] endpoint = ["https://{{ $mirror }}"] {{- end }} {{- if or .registryCACert .insecureSkip }} [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ .mirrorBase }}".tls] {{- if .registryCACert }} ca_file = "/etc/containerd/certs.d/{{ .mirrorBase }}/ca.crt" {{- end }} {{- if .insecureSkip }} insecure_skip_verify = {{.insecureSkip}} {{- end }} {{- end }} {{- if .registryAuth }} [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ .mirrorBase }}".auth] username = "{{.registryUsername}}" password = "{{.registryPassword}}" {{- end }} owner: root:root path: "/etc/containerd/config_append.toml" {{- end }} {{- end }} {{- if .ntpServers }} ntp: enabled: true servers: {{ range .ntpServers }} - {{ . }} {{- end }} {{- end }} {{- if and (or .proxyConfig .registryMirrorMap) (ne .format "bottlerocket") }} preKubeadmCommands: {{- if .registryMirrorMap }} - cat /etc/containerd/config_append.toml >> /etc/containerd/config.toml {{- end }} - sudo systemctl daemon-reload - sudo systemctl restart containerd {{- end }} users: - name: {{.workerSshUsername}} sshAuthorizedKeys: - '{{.workerSshAuthorizedKey}}' sudo: ALL=(ALL) NOPASSWD:ALL format: {{.format}}