Skip to content

Commit

Permalink
feat: update templates to specify control and worker shapes separately (
Browse files Browse the repository at this point in the history 
#19)

While the users can specify the shapes independently we wanted our
defined templates to support this as well. It should make it easier
for our users to quickly define different shapes independent of each
other.
  • Loading branch information
@joekr
joekr committed Mar 23, 2022
1 parent 56f54e0 commit 674d84b
Show file tree
Hide file tree
Showing 14 changed files with 101 additions and 105 deletions.
79 changes: 45 additions & 34 deletions docs/src/gs/create-workload-cluster.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,66 +2,80 @@

## Workload Cluster Templates

Choose one of the available templates for to create your workload clusters from the [latest released artifacts][latest-release]. Each workload cluster template can be further configured with the parameters below.
Choose one of the available templates for to create your workload clusters from the
[latest released artifacts][latest-release]. Each workload cluster template can be
further configured with the parameters below.

## Workload Cluster Parameters

The following Oracle Cloud Infrastructure (OCI) configuration parameters are available when creating a workload cluster on OCI:
The following Oracle Cloud Infrastructure (OCI) configuration parameters are available
when creating a workload cluster on OCI using one of our predefined templates:

| Parameter | Default Value | Description |
| ---------------------------- |---------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `OCI_COMPARTMENT_ID` | | The OCID of the compartment where the OCI resources are to be created |
| `OCI_IMAGE_ID` | | The OCID of the Compute Image (Oracle Linux or Ubuntu) with which to create the Kubernetes nodes |
| `OCI_SHAPE` | VM.Standard.E4.Flex | The shape of the Kubernetes nodes |
| `OCI_SHAPE_MEMORY_IN_GBS` | | The amount of memory to be allocated to the instances. If not provided it is automatically computed by compute API. |
| `OCI_SHAPE_OCPUS` | 1 | The number of OCPUs allocated to the instance |
| `OCI_SSH_KEY` | | The public SSH key to be added to the Kubernetes nodes. It can be used to login to the node and troubleshoot failures. |
| `OCI_PV_TRANSIT_ENCRYPTION` | true | [In-transit encryption](https://docs.oracle.com/en-us/iaas/Content/File/Tasks/intransitencryption.htm) provides a way to secure your data between instances and mounted file systems using TLS v.1.2 (Transport Layer Security) encryption. Only [some bare metal instances](https://docs.oracle.com/en-us/iaas/releasenotes/changes/60d602f5-abb3-4639-aa19-292a5744a808/) support In-transit encryption |
| Parameter | Default Value | Description |
|-------------------------------------------|---------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `OCI_COMPARTMENT_ID` | | The OCID of the compartment in which to create the required compute, storage and network resources. |
| `OCI_IMAGE_ID` | | The OCID of the image for the kubernetes nodes. This same image is used for both the control plane and the worker nodes. |
| `OCI_CONTROL_PLANE_MACHINE_TYPE` | VM.Standard.E4.Flex | The [shape](https://docs.oracle.com/en-us/iaas/Content/Compute/References/computeshapes.htm) of the Kubernetes control plane machine. |
| `OCI_CONTROL_PLANE_MACHINE_TYPE_OCPUS` | 1 | The number of OCPUs allocated to the control plane instance. |
| `OCI_NODE_MACHINE_TYPE` | VM.Standard.E4.Flex | The [shape](https://docs.oracle.com/en-us/iaas/Content/Compute/References/computeshapes.htm) of the Kubernetes worker machine. |
| `OCI_NODE_MACHINE_TYPE_OCPUS` | 1 | The number of OCPUs allocated to the worker instance. |
| `OCI_SSH_KEY` | | The public SSH key to be added to the Kubernetes nodes. It can be used to login to the node and troubleshoot failures. |
| `OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION` | true | Enables [in-flight Transport Layer Security (TLS) 1.2 encryption](https://docs.oracle.com/en-us/iaas/Content/File/Tasks/intransitencryption.htm) of data between control plane nodes and their associated block storage devices. |
| `OCI_NODE_PV_TRANSIT_ENCRYPTION` | true | Enables [in-flight Transport Layer Security (TLS) 1.2 encryption](https://docs.oracle.com/en-us/iaas/Content/File/Tasks/intransitencryption.htm) of data between worker nodes and their associated block storage devices. |

*NOTE* Only specific [bare metal shapes](https://docs.oracle.com/en-us/iaas/releasenotes/changes/60d602f5-abb3-4639-aa19-292a5744a808/)
support in-transit encryption. If an unsupported shape is specified, the deployment will fail completely.

*NOTE:* Using the predefined templates the machine's memory size is automatically allocated based on the chosen shape
and OCPU count.

The following Cluster API parameters are also available:

| Parameter | Default Value | Description |
| ---------------------------- | ---------------------- | ----------- |
| `CLUSTER_NAME` | | The name of the workload cluster to create |
| `CONTROL_PLANE_MACHINE_COUNT` | 1 | The number of control plane machines for the workload cluster.|
| `KUBERNETES_VERSION` | | The Kubernetes version to use for the workload cluster. If unspecified, the value from OS environment variables or the .cluster-api/clusterctl.yaml config file will be used. |
| `NAMESPACE` | | The namespace to use for the workload cluster. If unspecified, the current namespace will be used |
| `POD_CIDR` | 1 | The CIDR range for the Kubernetes POD network. |
| `SERVICE_CIDR` | | The CIDR for the Kubernetes services network. |
| `SERVICE_DOMAIN` | | |
| `WORKER_MACHINE_COUNT` | | The number of worker machines for the workload cluster. |
| Parameter | Default Value | Description |
|-------------------------------|----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `CLUSTER_NAME` | | The name of the workload cluster to create. |
| `CONTROL_PLANE_MACHINE_COUNT` | 1 | The number of control plane machines for the workload cluster. |
| `KUBERNETES_VERSION` | | The Kubernetes version installed on the workload cluster nodes. If this environement variable is not configured, the version must be specifed in the `.cluster-api/clusterctl.yaml` file |
| `NAMESPACE` | | The namespace for the workload cluster. If not specified, the current namespace is used. |
| `POD_CIDR` | 192.168.0.0/16 | CIDR range of the Kubernetes pod-to-pod network. |
| `SERVICE_CIDR` | 10.128.0.0/12 | CIDR range of the Kubernetes pod-to-services network. |
| `NODE_MACHINE_COUNT` | | The number of worker machines for the workload cluster. |

## Create a new workload cluster on virtual instances using an Ubuntu custom image

Run the command below to create a Kubernetes cluster with 1 control plane node and 1 worker node:
The following command will create a workload cluster comprising a single
control plane node and single worker node using the default values as specified in the preceding
[Workload Cluster Parameters](#workload-cluster-parameters) table:

```bash
OCI_COMPARTMENT_ID=<compartment-id> \
OCI_IMAGE_ID=<ubuntu-custom-image-id> \
OCI_SHAPE=VM.Standard.E4.Flex \
OCI_SHAPE_OCPUS=1 \
OCI_SHAPE_MEMORY_IN_GBS= \
OCI_SSH_KEY=<ssh-key> \
CONTROL_PLANE_MACHINE_COUNT=1 \
KUBERNETES_VERSION=v1.20.10 \
NAMESPACE=default \
WORKER_MACHINE_COUNT=1 \
NODE_MACHINE_COUNT=1 \
clusterctl generate cluster <cluster-name>\
--from cluster-template.yaml | kubectl apply -f -
```

## Create a new workload cluster on bare metal instances using an Ubuntu custom image

Note the addition of `OCI_PV_TRANSIT_ENCRYPTION=false` which is required for most BM shapes.
The following command uses the `OCI_CONTROL_PLANE_MACHINE_TYPE` and `OCI_NODE_MACHINE_TYPE`
parameters to specify bare metal shapes instead of using CAPOCI's default virtual
instance shape. The `OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION` and `OCI_NODE_PV_TRANSIT_ENCRYPTION`
parameters disable encryption of data in flight between the bare metal instance and the block storage resources.

```bash
OCI_COMPARTMENT_ID=<compartment-id> \
OCI_IMAGE_ID=<ubuntu-custom-image-id> \
OCI_SHAPE=BM.Standard2.52 \
OCI_SHAPE_OCPUS=52 \
OCI_SHAPE_MEMORY_IN_GBS= \
OCI_SSH_KEY=<ssh-key> \
OCI_PV_TRANSIT_ENCRYPTION=false \
OCI_CONTROL_PLANE_MACHINE_TYPE=BM.Standard2.52 \
OCI_CONTROL_PLANE_MACHINE_TYPE_OCPUS=52 \
OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION=false \
OCI_NODE_MACHINE_TYPE=BM.Standard2.52 \
OCI_NODE_MACHINE_TYPE_OCPUS=52 \
OCI_NODE_PV_TRANSIT_ENCRYPTION=false \
CONTROL_PLANE_MACHINE_COUNT=1 \
KUBERNETES_VERSION=v1.20.10 \
NAMESPACE=default \
Expand All @@ -75,9 +89,6 @@ clusterctl generate cluster <cluster-name>\
```bash
OCI_COMPARTMENT_ID=<compartment-id> \
OCI_IMAGE_ID=<oracle-linux-custom-image-id> \
OCI_SHAPE=VM.Standard.E4.Flex \
OCI_SHAPE_OCPUS=1 \
OCI_SHAPE_MEMORY_IN_GBS= \
OCI_SSH_KEY=<ssh-key> \
CONTROL_PLANE_MACHINE_COUNT=1 \
KUBERNETES_VERSION=v1.20.10 \
Expand Down
6 changes: 0 additions & 6 deletions docs/src/gs/create-workload-templates.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,6 @@ You can then reuse the `ConfigMap` to create your clusters. For example, to crea
```shell
OCI_COMPARTMENT_ID=<compartment-id> \
OCI_IMAGE_ID=<oracle-linux-custom-image-id> \
OCI_SHAPE=VM.Standard.E4.Flex \
OCI_SHAPE_OCPUS=1 \
OCI_SHAPE_MEMORY_IN_GBS= \
OCI_SSH_KEY=<ssh-key> \
CONTROL_PLANE_MACHINE_COUNT=1 \
KUBERNETES_VERSION=v1.20.10 \
Expand All @@ -38,9 +35,6 @@ Likewise, to create a workload cluster using Ubuntu:
```shell
OCI_COMPARTMENT_ID=<compartment-id> \
OCI_IMAGE_ID=<ubuntu-custom-image-id> \
OCI_SHAPE=VM.Standard.E4.Flex \
OCI_SHAPE_OCPUS=1 \
OCI_SHAPE_MEMORY_IN_GBS= \
OCI_SSH_KEY=<ssh-key> \
CONTROL_PLANE_MACHINE_COUNT=1 \
KUBERNETES_VERSION=v1.20.10 \
Expand Down
7 changes: 4 additions & 3 deletions scripts/ci-conformance.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,10 @@ export TAG="${defaultTag:-dev}"
export GINKGO_NODES=3

export OCI_SSH_KEY="${OCI_SSH_KEY:-""}"
export OCI_SHAPE="${OCI_SHAPE:-"VM.Standard.E3.Flex"}"
export OCI_SHAPE_OCPUS="${OCI_SHAPE_OCPUS:-"1"}"
export OCI_SHAPE_MEMORY_IN_GBS="${OCI_SHAPE_MEMORY_IN_GBS:-"16"}"
export OCI_CONTROL_PLANE_MACHINE_TYPE="${OCI_CONTROL_PLANE_MACHINE_TYPE:-"VM.Standard.E3.Flex"}"
export OCI_CONTROL_PLANE_MACHINE_TYPE_OCPUS="${OCI_CONTROL_PLANE_MACHINE_TYPE_OCPUS:-"1"}"
export OCI_NODE_MACHINE_TYPE="${OCI_NODE_MACHINE_TYPE:-"VM.Standard.E3.Flex"}"
export OCI_NODE_MACHINE_TYPE_OCPUS="${OCI_NODE_MACHINE_TYPE_OCPUS:-"1"}"
export KIND_EXPERIMENTAL_DOCKER_NETWORK="bridge"

# Generate SSH key.
Expand Down
7 changes: 4 additions & 3 deletions scripts/ci-e2e.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,10 @@ export TAG="${defaultTag:-dev}"
export GINKGO_NODES=3

export OCI_SSH_KEY="${OCI_SSH_KEY:-""}"
export OCI_SHAPE="${OCI_SHAPE:-"VM.Standard.E3.Flex"}"
export OCI_SHAPE_OCPUS="${OCI_SHAPE_OCPUS:-"1"}"
export OCI_SHAPE_MEMORY_IN_GBS="${OCI_SHAPE_MEMORY_IN_GBS:-"16"}"
export OCI_CONTROL_PLANE_MACHINE_TYPE="${OCI_CONTROL_PLANE_MACHINE_TYPE:-"VM.Standard.E3.Flex"}"
export OCI_CONTROL_PLANE_MACHINE_TYPE_OCPUS="${OCI_CONTROL_PLANE_MACHINE_TYPE_OCPUS:-"1"}"
export OCI_NODE_MACHINE_TYPE="${OCI_NODE_MACHINE_TYPE:-"VM.Standard.E3.Flex"}"
export OCI_NODE_MACHINE_TYPE_OCPUS="${OCI_NODE_MACHINE_TYPE_OCPUS:-"1"}"
export KIND_EXPERIMENTAL_DOCKER_NETWORK="bridge"

# Generate SSH key.
Expand Down
16 changes: 7 additions & 9 deletions templates/cluster-template-antrea.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -294,13 +294,12 @@ spec:
spec:
imageId: "${OCI_IMAGE_ID}"
compartmentId: "${OCI_COMPARTMENT_ID}"
shape: "${OCI_SHAPE}"
shape: "${OCI_CONTROL_PLANE_MACHINE_TYPE=VM.Standard.E4.Flex}"
shapeConfig:
ocpus: "${OCI_SHAPE_OCPUS}"
memoryInGBs: "${OCI_SHAPE_MEMORY_IN_GBS}"
ocpus: "${OCI_CONTROL_PLANE_MACHINE_TYPE_OCPUS=1}"
metadata:
ssh_authorized_keys: "${OCI_SSH_KEY}"
isPvEncryptionInTransitEnabled: ${OCI_PV_TRANSIT_ENCRYPTION=true}
isPvEncryptionInTransitEnabled: ${OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION=true}
---
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: OCIMachineTemplate
Expand All @@ -311,13 +310,12 @@ spec:
spec:
imageId: "${OCI_IMAGE_ID}"
compartmentId: "${OCI_COMPARTMENT_ID}"
shape: "${OCI_SHAPE}"
shape: "${OCI_NODE_MACHINE_TYPE=VM.Standard.E4.Flex}"
shapeConfig:
ocpus: "${OCI_SHAPE_OCPUS}"
memoryInGBs: "${OCI_SHAPE_MEMORY_IN_GBS}"
ocpus: "${OCI_NODE_MACHINE_TYPE_OCPUS=1}"
metadata:
ssh_authorized_keys: "${OCI_SSH_KEY}"
isPvEncryptionInTransitEnabled: ${OCI_PV_TRANSIT_ENCRYPTION=true}
isPvEncryptionInTransitEnabled: ${OCI_NODE_PV_TRANSIT_ENCRYPTION=true}
---
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha4
kind: KubeadmConfigTemplate
Expand All @@ -338,7 +336,7 @@ metadata:
name: "${CLUSTER_NAME}-md-0"
spec:
clusterName: "${CLUSTER_NAME}"
replicas: ${WORKER_MACHINE_COUNT}
replicas: ${NODE_MACHINE_COUNT}
selector:
matchLabels:
template:
Expand Down
14 changes: 7 additions & 7 deletions templates/cluster-template-arm-free-tier.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,14 +102,14 @@ spec:
spec:
imageId: "${OCI_IMAGE_ID}"
compartmentId: "${OCI_COMPARTMENT_ID}"
shape: "${OCI_SHAPE}"
shape: "${OCI_CONTROL_PLANE_MACHINE_TYPE=VM.Standard.E4.Flex}"
networkDetails:
assignPublicIp: true
shapeConfig:
ocpus: "${OCI_SHAPE_OCPUS}"
memoryInGBs: "${OCI_SHAPE_MEMORY_IN_GBS}"
ocpus: "${OCI_CONTROL_PLANE_MACHINE_TYPE_OCPUS=1}"
metadata:
ssh_authorized_keys: "${OCI_SSH_KEY}"
IsPvEncryptionInTransitEnabled: ${OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION=true}
---
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: OCIMachineTemplate
Expand All @@ -120,14 +120,14 @@ spec:
spec:
imageId: "${OCI_IMAGE_ID}"
compartmentId: "${OCI_COMPARTMENT_ID}"
shape: "${OCI_SHAPE}"
shape: "${OCI_NODE_MACHINE_TYPE=VM.Standard.E4.Flex}"
networkDetails:
assignPublicIp: true
shapeConfig:
ocpus: "${OCI_SHAPE_OCPUS}"
memoryInGBs: "${OCI_SHAPE_MEMORY_IN_GBS}"
ocpus: "${OCI_NODE_MACHINE_TYPE_OCPUS=1}"
metadata:
ssh_authorized_keys: "${OCI_SSH_KEY}"
IsPvEncryptionInTransitEnabled: ${OCI_NODE_PV_TRANSIT_ENCRYPTION=true}
---
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha4
kind: KubeadmConfigTemplate
Expand All @@ -151,7 +151,7 @@ metadata:
name: "${CLUSTER_NAME}-md-0"
spec:
clusterName: "${CLUSTER_NAME}"
replicas: ${WORKER_MACHINE_COUNT}
replicas: ${NODE_MACHINE_COUNT}
selector:
matchLabels:
template:
Expand Down

0 comments on commit 674d84b

Please sign in to comment.