Skip to content

Instantly share code, notes, and snippets.

@toastwaffle

toastwaffle/k8scluster.yaml Secret

Last active August 23, 2023 11:01
Show Gist options
  • Save toastwaffle/0e01929c1e801729eb76d70dace5a574 to your computer and use it in GitHub Desktop.
Save toastwaffle/0e01929c1e801729eb76d70dace5a574 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
k8scluster.yaml
apiVersion: gcp.crossplane.tmachine.io/v1alpha1
kind: K8sCluster
metadata:
name: my-k8scluster
namespace: my-namespace
spec:
compositeDeletePolicy: Foreground
compositionRef:
name: gke-cluster-comp
compositionRevisionRef:
name: gke-cluster-comp-cc23a44
compositionSelector:
matchLabels:
provider: gcp
compositionUpdatePolicy: Automatic
parameters:
cspLabels:
some_label: foo
location: europe-west2-a
masterCIDRBlock: 172.16.17.80/28
name: my-k8scluster
network: my-vpc-network
nodeConfig:
autoscaling:
maxNodeCount: 14
minNodeCount: 1
cspLabels:
some_label: foo
instanceType: e2-standard-8
podsSecondaryRange: pods
serviceAccount: ephemeral-gke@my-project.iam.gserviceaccount.com
servicesSecondaryRange: services
size: 14
storageGb: 50
subnetwork: vaults-0
project: my-project
providerConfigRef: my-provider-config
version: 1.23.17-gke.10700
resourceRef:
apiVersion: gcp.crossplane.tmachine.io/v1alpha1
kind: XK8sCluster
name: my-k8scluster-tgt48
Raw
post_upgrade_composition.yaml
---
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: gke-cluster-comp
labels:
crossplane.io/xrd: xk8scluster.gcp.crossplane.tmachine.io
provider: gcp
spec:
compositeTypeRef:
apiVersion: gcp.crossplane.tmachine.io/v1alpha1
kind: XK8sCluster
resources:
- name: cluster
base:
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
spec:
managementPolicies: ["Observe", "Create", "Update", "Delete"]
forProvider:
clusterAutoscaling:
- enabled: false
initialNodeCount: 1
loggingConfig:
- enableComponents:
- SYSTEM_COMPONENTS
- SCHEDULER
- CONTROLLER_MANAGER
nodeConfig:
- oauthScopes: # this is legacy but necessary for GKE 1.23 and below
- "https://www.googleapis.com/auth/cloud-platform"
removeDefaultNodePool: true
privateClusterConfig:
- enablePrivateNodes: true
masterGlobalAccessConfig:
- enabled: true
patches:
- fromFieldPath: spec.parameters.name
toFieldPath: metadata.name
- fromFieldPath: spec.parameters.providerConfigRef
toFieldPath: spec.providerConfigRef.name
- fromFieldPath: spec.parameters.project
toFieldPath: spec.forProvider.project
- fromFieldPath: spec.parameters.location
toFieldPath: spec.forProvider.location
- fromFieldPath: spec.parameters.network
toFieldPath: spec.forProvider.network
- fromFieldPath: spec.parameters.nodeConfig.subnetwork
toFieldPath: spec.forProvider.subnetwork
- fromFieldPath: spec.parameters.nodeConfig.podsSecondaryRange
toFieldPath: spec.forProvider.ipAllocationPolicy[0].clusterSecondaryRangeName
- fromFieldPath: spec.parameters.nodeConfig.servicesSecondaryRange
toFieldPath: spec.forProvider.ipAllocationPolicy[0].servicesSecondaryRangeName
- fromFieldPath: spec.parameters.nodeConfig.storageGb
toFieldPath: spec.forProvider.nodeConfig[0].diskSizeGb
- fromFieldPath: spec.parameters.nodeConfig.instanceType
toFieldPath: spec.forProvider.nodeConfig[0].machineType
- fromFieldPath: spec.parameters.nodeConfig.serviceAccount
toFieldPath: spec.forProvider.nodeConfig[0].serviceAccount
- fromFieldPath: spec.parameters.cspLabels
toFieldPath: spec.forProvider.resourceLabels
- fromFieldPath: spec.parameters.name
transforms:
- type: string
string:
fmt: "%s-nodes"
toFieldPath: spec.forProvider.nodeConfig[0].tags[0]
- fromFieldPath: spec.parameters.masterCIDRBlock
toFieldPath: spec.forProvider.privateClusterConfig[0].masterIpv4CidrBlock
- fromFieldPath: spec.parameters.version
toFieldPath: spec.forProvider.minMasterVersion
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.privateClusterConfig[0].privateEndpoint
toFieldPath: status.controlPlaneEndpoint
- name: allow-istio-firewall-rule
base:
apiVersion: compute.gcp.upbound.io/v1beta1
kind: Firewall
spec:
forProvider:
allow:
- ports:
- "12345" # N.b. actual ports redacted
protocol: tcp
direction: INGRESS
priority: 1000
patches:
- fromFieldPath: spec.parameters.name
transforms:
- type: string
string:
fmt: "allow-istio-webhook-%s-nodes"
toFieldPath: metadata.name
- fromFieldPath: spec.parameters.providerConfigRef
toFieldPath: spec.providerConfigRef.name
- fromFieldPath: spec.parameters.project
toFieldPath: spec.forProvider.project
- fromFieldPath: spec.parameters.network
toFieldPath: spec.forProvider.network
- fromFieldPath: spec.parameters.masterCIDRBlock
toFieldPath: spec.forProvider.sourceRanges[0]
- fromFieldPath: spec.parameters.name
transforms:
- type: string
string:
fmt: "%s-nodes"
toFieldPath: spec.forProvider.targetTags[0]
- name: node-pool
base:
apiVersion: container.gcp.upbound.io/v1beta1
kind: NodePool
spec:
managementPolicies: ["Observe", "Create", "Update", "Delete"]
forProvider:
networkConfig:
- enablePrivateNodes: true
nodeConfig:
- oauthScopes:
- https://www.googleapis.com/auth/cloud-platform
patches:
- fromFieldPath: spec.parameters.providerConfigRef
toFieldPath: spec.providerConfigRef.name
- fromFieldPath: spec.parameters.location
toFieldPath: spec.forProvider.location
- fromFieldPath: spec.parameters.nodeConfig.nodeLocations
toFieldPath: spec.forProvider.nodeLocations
- fromFieldPath: spec.parameters.nodeConfig.storageGb
toFieldPath: spec.forProvider.nodeConfig[0].diskSizeGb
- fromFieldPath: spec.parameters.nodeConfig.instanceType
toFieldPath: spec.forProvider.nodeConfig[0].machineType
- fromFieldPath: spec.parameters.nodeConfig.serviceAccount
toFieldPath: spec.forProvider.nodeConfig[0].serviceAccount
- fromFieldPath: spec.parameters.nodeConfig.cspLabels
toFieldPath: spec.forProvider.nodeConfig[0].resourceLabels
- fromFieldPath: spec.parameters.name
transforms:
- type: string
string:
fmt: "%s-nodes"
toFieldPath: metadata.name
- fromFieldPath: spec.parameters.name
transforms:
- type: string
string:
fmt: "%s-nodes"
toFieldPath: spec.forProvider.nodeConfig[0].tags[0]
- fromFieldPath: spec.parameters.name
toFieldPath: spec.forProvider.cluster
- fromFieldPath: spec.parameters.nodeConfig.autoscaling.minNodeCount
toFieldPath: spec.forProvider.autoscaling[0].minNodeCount
- fromFieldPath: spec.parameters.nodeConfig.autoscaling.maxNodeCount
toFieldPath: spec.forProvider.autoscaling[0].maxNodeCount
Raw
pre_upgrade_composition.yaml
---
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: gke-cluster-comp
labels:
crossplane.io/xrd: xk8scluster.gcp.crossplane.tmachine.io
provider: gcp
spec:
compositeTypeRef:
apiVersion: gcp.crossplane.tmachine.io/v1alpha1
kind: XK8sCluster
resources:
- name: cluster
base:
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
spec:
forProvider:
clusterAutoscaling:
- enabled: false
initialNodeCount: 1
loggingConfig:
- enableComponents:
- SYSTEM_COMPONENTS
- SCHEDULER
- CONTROLLER_MANAGER
nodeConfig:
- oauthScopes: # this is legacy but necessary for GKE 1.23 and below
- "https://www.googleapis.com/auth/cloud-platform"
removeDefaultNodePool: true
privateClusterConfig:
- enablePrivateNodes: true
masterGlobalAccessConfig:
- enabled: true
patches:
- fromFieldPath: spec.parameters.name
toFieldPath: metadata.name
- fromFieldPath: spec.parameters.providerConfigRef
toFieldPath: spec.providerConfigRef.name
- fromFieldPath: spec.parameters.project
toFieldPath: spec.forProvider.project
- fromFieldPath: spec.parameters.location
toFieldPath: spec.forProvider.location
- fromFieldPath: spec.parameters.network
toFieldPath: spec.forProvider.network
- fromFieldPath: spec.parameters.nodeConfig.subnetwork
toFieldPath: spec.forProvider.subnetwork
- fromFieldPath: spec.parameters.nodeConfig.podsSecondaryRange
toFieldPath: spec.forProvider.ipAllocationPolicy[0].clusterSecondaryRangeName
- fromFieldPath: spec.parameters.nodeConfig.servicesSecondaryRange
toFieldPath: spec.forProvider.ipAllocationPolicy[0].servicesSecondaryRangeName
- fromFieldPath: spec.parameters.nodeConfig.storageGb
toFieldPath: spec.forProvider.nodeConfig[0].diskSizeGb
- fromFieldPath: spec.parameters.nodeConfig.instanceType
toFieldPath: spec.forProvider.nodeConfig[0].machineType
- fromFieldPath: spec.parameters.nodeConfig.serviceAccount
toFieldPath: spec.forProvider.nodeConfig[0].serviceAccount
- fromFieldPath: spec.parameters.cspLabels
toFieldPath: spec.forProvider.resourceLabels
- fromFieldPath: spec.parameters.name
transforms:
- type: string
string:
fmt: "%s-nodes"
toFieldPath: spec.forProvider.nodeConfig[0].tags[0]
- fromFieldPath: spec.parameters.masterCIDRBlock
toFieldPath: spec.forProvider.privateClusterConfig[0].masterIpv4CidrBlock
- fromFieldPath: spec.parameters.version
toFieldPath: spec.forProvider.minMasterVersion
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.privateClusterConfig[0].privateEndpoint
toFieldPath: status.controlPlaneEndpoint
- name: allow-istio-firewall-rule
base:
apiVersion: compute.gcp.upbound.io/v1beta1
kind: Firewall
spec:
forProvider:
allow:
- ports:
- "12345" # N.b. actual ports redacted
protocol: tcp
direction: INGRESS
priority: 1000
patches:
- fromFieldPath: spec.parameters.name
transforms:
- type: string
string:
fmt: "allow-istio-webhook-%s-nodes"
toFieldPath: metadata.name
- fromFieldPath: spec.parameters.providerConfigRef
toFieldPath: spec.providerConfigRef.name
- fromFieldPath: spec.parameters.project
toFieldPath: spec.forProvider.project
- fromFieldPath: spec.parameters.network
toFieldPath: spec.forProvider.network
- fromFieldPath: spec.parameters.masterCIDRBlock
toFieldPath: spec.forProvider.sourceRanges[0]
- fromFieldPath: spec.parameters.name
transforms:
- type: string
string:
fmt: "%s-nodes"
toFieldPath: spec.forProvider.targetTags[0]
- name: node-pool
base:
apiVersion: container.gcp.upbound.io/v1beta1
kind: NodePool
spec:
forProvider:
networkConfig:
- enablePrivateNodes: true
nodeConfig:
- oauthScopes:
- https://www.googleapis.com/auth/cloud-platform
patches:
- fromFieldPath: spec.parameters.providerConfigRef
toFieldPath: spec.providerConfigRef.name
- fromFieldPath: spec.parameters.location
toFieldPath: spec.forProvider.location
- fromFieldPath: spec.parameters.nodeConfig.nodeLocations
toFieldPath: spec.forProvider.nodeLocations
- fromFieldPath: spec.parameters.nodeConfig.storageGb
toFieldPath: spec.forProvider.nodeConfig[0].diskSizeGb
- fromFieldPath: spec.parameters.nodeConfig.instanceType
toFieldPath: spec.forProvider.nodeConfig[0].machineType
- fromFieldPath: spec.parameters.nodeConfig.serviceAccount
toFieldPath: spec.forProvider.nodeConfig[0].serviceAccount
- fromFieldPath: spec.parameters.nodeConfig.cspLabels
toFieldPath: spec.forProvider.nodeConfig[0].resourceLabels
- fromFieldPath: spec.parameters.name
transforms:
- type: string
string:
fmt: "%s-nodes"
toFieldPath: metadata.name
- fromFieldPath: spec.parameters.name
transforms:
- type: string
string:
fmt: "%s-nodes"
toFieldPath: spec.forProvider.nodeConfig[0].tags[0]
- fromFieldPath: spec.parameters.name
toFieldPath: spec.forProvider.cluster
- fromFieldPath: spec.parameters.nodeConfig.autoscaling.minNodeCount
toFieldPath: spec.forProvider.autoscaling[0].minNodeCount
- fromFieldPath: spec.parameters.nodeConfig.autoscaling.maxNodeCount
toFieldPath: spec.forProvider.autoscaling[0].maxNodeCount
Raw
xk8scluster.yaml
apiVersion: gcp.crossplane.tmachine.io/v1alpha1
kind: XK8sCluster
metadata:
generateName: my-k8scluster-
labels:
crossplane.io/claim-name: my-k8scluster
crossplane.io/claim-namespace: my-namespace
crossplane.io/composite: my-k8scluster-tgt48
name: my-k8scluster-tgt48
spec:
claimRef:
apiVersion: gcp.crossplane.tmachine.io/v1alpha1
kind: K8sCluster
name: my-k8scluster
namespace: my-namespace
compositionRef:
name: gke-cluster-comp
compositionRevisionRef:
name: gke-cluster-comp-cc23a44
compositionSelector:
matchLabels:
provider: gcp
compositionUpdatePolicy: Automatic
parameters:
cspLabels:
some_label: foo
location: europe-west2-a
masterCIDRBlock: 172.16.17.80/28
name: my-k8scluster
network: my-vpc-network
nodeConfig:
autoscaling:
maxNodeCount: 14
minNodeCount: 1
cspLabels:
some_label: foo
instanceType: e2-standard-8
podsSecondaryRange: pods
serviceAccount: ephemeral-gke@my-project.iam.gserviceaccount.com
servicesSecondaryRange: services
size: 14
storageGb: 50
subnetwork: vaults-0
project: my-project
providerConfigRef: my-provider-config
version: 1.23.17-gke.10700
resourceRefs:
- apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
name: my-k8scluster
- apiVersion: compute.gcp.upbound.io/v1beta1
kind: Firewall
name: allow-istio-webhook-my-k8scluster-nodes
- apiVersion: container.gcp.upbound.io/v1beta1
kind: NodePool
name: my-k8scluster-nodes
Raw
xrd.yaml
---
apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
name: xk8sclusters.gcp.crossplane.tmachine.io
spec:
group: gcp.crossplane.tmachine.io
names:
kind: XK8sCluster
listKind: XK8sClusterList
plural: xk8sclusters
singular: xk8scluster
claimNames:
kind: K8sCluster
listKind: K8sClusterList
plural: k8sclusters
singular: k8scluster
enforcedCompositionRef:
name: gke-cluster-comp
defaultCompositeDeletePolicy: Foreground
versions:
- name: v1alpha1
served: true
referenceable: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
parameters:
type: object
properties:
name:
description: The name of the cluster.
type: string
project:
description: The GCP project where the GKE cluster will be located.
type: string
location:
description: The location of the GCP project where the GKE cluster will be located.
type: string
providerConfigRef:
description: The provider config of the host cluster.
type: string
network:
description: The VPC where the GKE cluster will be located
type: string
version:
description: The GKE version. Optional
type: string
cspLabels:
description: 'CSP labels to attach to the GKE cluster itself.'
type: object
# map[string]string requires this field so schema-unspecified fields are not pruned
x-kubernetes-preserve-unknown-fields: true
nodeConfig:
type: object
properties:
size:
description: Number of nodes in this pool
type: integer
autoscaling:
type: object
properties:
maxNodeCount:
description: Maximum number of nodes per zone in the NodePool.
type: integer
minNodeCount:
description: Minimum number of nodes per zone in the NodePool.
type: integer
required:
- maxNodeCount
- minNodeCount
instanceType:
description: The type of machine that will be used for the nodes
type: string
nodeLocations:
description: The list of zones in which the pool's nodes should be located.
type: array
items:
type: string
storageGb:
description: Size of the disk of each node in GB
type: integer
subnetwork:
description: The name of the subnet where the nodes will be created.
type: string
podsSecondaryRange:
description: The name of the secondary range that will hold the Pod IPs.
type: string
servicesSecondaryRange:
description: The name of the secondary range that will hold the Service IPs.
type: string
serviceAccount:
description: The name of the service account that the nodes will be using.
type: string
cspLabels:
description: 'CSP labels to attach to nodes in this pool.'
type: object
# map[string]string requires this field so schema-unspecified fields are not pruned
x-kubernetes-preserve-unknown-fields: true
required:
- size
- autoscaling
- instanceType
- storageGb
- subnetwork
- podsSecondaryRange
- servicesSecondaryRange
masterCIDRBlock:
description: CIDR block which will hold the k8s API gateway
type: string
required:
- name
- project
- location
- network
- providerConfigRef
- nodeConfig
- masterCIDRBlock
status:
type: object
properties:
controlPlaneEndpoint:
description: The IP address of the cluster control plane
type: string
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment