Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: update templates to specify control and worker shapes separately #19

Merged
merged 3 commits into from
Mar 23, 2022
Merged

feat: update templates to specify control and worker shapes separately #19

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ce69f23
feat: update templates to specify control and worker shapes separately
joekr Mar 4, 2022
a69c806
Fix requested changes in the create-workload-cluster.md
joekr Mar 10, 2022
4025ace
Remove memoryInGBs from our templates
joekr Mar 10, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
79 changes: 45 additions & 34 deletions docs/src/gs/create-workload-cluster.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,66 +2,80 @@

## Workload Cluster Templates

Choose one of the available templates for to create your workload clusters from the [latest released artifacts][latest-release]. Each workload cluster template can be further configured with the parameters below.
Choose one of the available templates for to create your workload clusters from the
[latest released artifacts][latest-release]. Each workload cluster template can be
further configured with the parameters below.

## Workload Cluster Parameters

The following Oracle Cloud Infrastructure (OCI) configuration parameters are available when creating a workload cluster on OCI:
The following Oracle Cloud Infrastructure (OCI) configuration parameters are available
when creating a workload cluster on OCI using one of our predefined templates:

| Parameter | Default Value | Description |
| ---------------------------- |---------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `OCI_COMPARTMENT_ID` | | The OCID of the compartment where the OCI resources are to be created |
| `OCI_IMAGE_ID` | | The OCID of the Compute Image (Oracle Linux or Ubuntu) with which to create the Kubernetes nodes |
| `OCI_SHAPE` | VM.Standard.E4.Flex | The shape of the Kubernetes nodes |
| `OCI_SHAPE_MEMORY_IN_GBS` | | The amount of memory to be allocated to the instances. If not provided it is automatically computed by compute API. |
| `OCI_SHAPE_OCPUS` | 1 | The number of OCPUs allocated to the instance |
| `OCI_SSH_KEY` | | The public SSH key to be added to the Kubernetes nodes. It can be used to login to the node and troubleshoot failures. |
| `OCI_PV_TRANSIT_ENCRYPTION` | true | [In-transit encryption](https://docs.oracle.com/en-us/iaas/Content/File/Tasks/intransitencryption.htm) provides a way to secure your data between instances and mounted file systems using TLS v.1.2 (Transport Layer Security) encryption. Only [some bare metal instances](https://docs.oracle.com/en-us/iaas/releasenotes/changes/60d602f5-abb3-4639-aa19-292a5744a808/) support In-transit encryption |
| Parameter | Default Value | Description |
|-------------------------------------------|---------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `OCI_COMPARTMENT_ID` | | The OCID of the compartment in which to create the required compute, storage and network resources. |
| `OCI_IMAGE_ID` | | The OCID of the image for the kubernetes nodes. This same image is used for both the control plane and the worker nodes. |
| `OCI_CONTROL_PLANE_MACHINE_TYPE` | VM.Standard.E4.Flex | The [shape](https://docs.oracle.com/en-us/iaas/Content/Compute/References/computeshapes.htm) of the Kubernetes control plane machine. |
| `OCI_CONTROL_PLANE_MACHINE_TYPE_OCPUS` | 1 | The number of OCPUs allocated to the control plane instance. |
| `OCI_NODE_MACHINE_TYPE` | VM.Standard.E4.Flex | The [shape](https://docs.oracle.com/en-us/iaas/Content/Compute/References/computeshapes.htm) of the Kubernetes worker machine. |
| `OCI_NODE_MACHINE_TYPE_OCPUS` | 1 | The number of OCPUs allocated to the worker instance. |
| `OCI_SSH_KEY` | | The public SSH key to be added to the Kubernetes nodes. It can be used to login to the node and troubleshoot failures. |
| `OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION` | true | Enables [in-flight Transport Layer Security (TLS) 1.2 encryption](https://docs.oracle.com/en-us/iaas/Content/File/Tasks/intransitencryption.htm) of data between control plane nodes and their associated block storage devices. |
| `OCI_NODE_PV_TRANSIT_ENCRYPTION` | true | Enables [in-flight Transport Layer Security (TLS) 1.2 encryption](https://docs.oracle.com/en-us/iaas/Content/File/Tasks/intransitencryption.htm) of data between worker nodes and their associated block storage devices. |

*NOTE* Only specific [bare metal shapes](https://docs.oracle.com/en-us/iaas/releasenotes/changes/60d602f5-abb3-4639-aa19-292a5744a808/)
support in-transit encryption. If an unsupported shape is specified, the deployment will fail completely.

*NOTE:* Using the predefined templates the machine's memory size is automatically allocated based on the chosen shape
and OCPU count.

The following Cluster API parameters are also available:
joekr marked this conversation as resolved.
Show resolved Hide resolved

| Parameter | Default Value | Description |
| ---------------------------- | ---------------------- | ----------- |
| `CLUSTER_NAME` | | The name of the workload cluster to create |
| `CONTROL_PLANE_MACHINE_COUNT` | 1 | The number of control plane machines for the workload cluster.|
| `KUBERNETES_VERSION` | | The Kubernetes version to use for the workload cluster. If unspecified, the value from OS environment variables or the .cluster-api/clusterctl.yaml config file will be used. |
| `NAMESPACE` | | The namespace to use for the workload cluster. If unspecified, the current namespace will be used |
| `POD_CIDR` | 1 | The CIDR range for the Kubernetes POD network. |
| `SERVICE_CIDR` | | The CIDR for the Kubernetes services network. |
| `SERVICE_DOMAIN` | | |
| `WORKER_MACHINE_COUNT` | | The number of worker machines for the workload cluster. |
| Parameter | Default Value | Description |
|-------------------------------|----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `CLUSTER_NAME` | | The name of the workload cluster to create. |
| `CONTROL_PLANE_MACHINE_COUNT` | 1 | The number of control plane machines for the workload cluster. |
| `KUBERNETES_VERSION` | | The Kubernetes version installed on the workload cluster nodes. If this environement variable is not configured, the version must be specifed in the `.cluster-api/clusterctl.yaml` file |
| `NAMESPACE` | | The namespace for the workload cluster. If not specified, the current namespace is used. |
| `POD_CIDR` | 192.168.0.0/16 | CIDR range of the Kubernetes pod-to-pod network. |
| `SERVICE_CIDR` | 10.128.0.0/12 | CIDR range of the Kubernetes pod-to-services network. |
| `NODE_MACHINE_COUNT` | | The number of worker machines for the workload cluster. |

## Create a new workload cluster on virtual instances using an Ubuntu custom image

Run the command below to create a Kubernetes cluster with 1 control plane node and 1 worker node:
The following command will create a workload cluster comprising a single
control plane node and single worker node using the default values as specified in the preceding
[Workload Cluster Parameters](#workload-cluster-parameters) table:

```bash
OCI_COMPARTMENT_ID=<compartment-id> \
OCI_IMAGE_ID=<ubuntu-custom-image-id> \
OCI_SHAPE=VM.Standard.E4.Flex \
OCI_SHAPE_OCPUS=1 \
OCI_SHAPE_MEMORY_IN_GBS= \
OCI_SSH_KEY=<ssh-key> \
CONTROL_PLANE_MACHINE_COUNT=1 \
KUBERNETES_VERSION=v1.20.10 \
NAMESPACE=default \
WORKER_MACHINE_COUNT=1 \
NODE_MACHINE_COUNT=1 \
clusterctl generate cluster <cluster-name>\
--from cluster-template.yaml | kubectl apply -f -
```

## Create a new workload cluster on bare metal instances using an Ubuntu custom image

Note the addition of `OCI_PV_TRANSIT_ENCRYPTION=false` which is required for most BM shapes.
The following command uses the `OCI_CONTROL_PLANE_MACHINE_TYPE` and `OCI_NODE_MACHINE_TYPE`
parameters to specify bare metal shapes instead of using CAPOCI's default virtual
instance shape. The `OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION` and `OCI_NODE_PV_TRANSIT_ENCRYPTION`
parameters disable encryption of data in flight between the bare metal instance and the block storage resources.

```bash
OCI_COMPARTMENT_ID=<compartment-id> \
OCI_IMAGE_ID=<ubuntu-custom-image-id> \
OCI_SHAPE=BM.Standard2.52 \
OCI_SHAPE_OCPUS=52 \
OCI_SHAPE_MEMORY_IN_GBS= \
OCI_SSH_KEY=<ssh-key> \
OCI_PV_TRANSIT_ENCRYPTION=false \
OCI_CONTROL_PLANE_MACHINE_TYPE=BM.Standard2.52 \
OCI_CONTROL_PLANE_MACHINE_TYPE_OCPUS=52 \
OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION=false \
OCI_NODE_MACHINE_TYPE=BM.Standard2.52 \
OCI_NODE_MACHINE_TYPE_OCPUS=52 \
OCI_NODE_PV_TRANSIT_ENCRYPTION=false \
joekr marked this conversation as resolved.
Show resolved Hide resolved
CONTROL_PLANE_MACHINE_COUNT=1 \
KUBERNETES_VERSION=v1.20.10 \
NAMESPACE=default \
Expand All @@ -75,9 +89,6 @@ clusterctl generate cluster <cluster-name>\
```bash
OCI_COMPARTMENT_ID=<compartment-id> \
OCI_IMAGE_ID=<oracle-linux-custom-image-id> \
OCI_SHAPE=VM.Standard.E4.Flex \
OCI_SHAPE_OCPUS=1 \
OCI_SHAPE_MEMORY_IN_GBS= \
OCI_SSH_KEY=<ssh-key> \
CONTROL_PLANE_MACHINE_COUNT=1 \
KUBERNETES_VERSION=v1.20.10 \
Expand Down
6 changes: 0 additions & 6 deletions docs/src/gs/create-workload-templates.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,6 @@ You can then reuse the `ConfigMap` to create your clusters. For example, to crea
```shell
OCI_COMPARTMENT_ID=<compartment-id> \
OCI_IMAGE_ID=<oracle-linux-custom-image-id> \
OCI_SHAPE=VM.Standard.E4.Flex \
OCI_SHAPE_OCPUS=1 \
OCI_SHAPE_MEMORY_IN_GBS= \
OCI_SSH_KEY=<ssh-key> \
CONTROL_PLANE_MACHINE_COUNT=1 \
KUBERNETES_VERSION=v1.20.10 \
Expand All @@ -38,9 +35,6 @@ Likewise, to create a workload cluster using Ubuntu:
```shell
OCI_COMPARTMENT_ID=<compartment-id> \
OCI_IMAGE_ID=<ubuntu-custom-image-id> \
OCI_SHAPE=VM.Standard.E4.Flex \
OCI_SHAPE_OCPUS=1 \
OCI_SHAPE_MEMORY_IN_GBS= \
OCI_SSH_KEY=<ssh-key> \
CONTROL_PLANE_MACHINE_COUNT=1 \
KUBERNETES_VERSION=v1.20.10 \
Expand Down
7 changes: 4 additions & 3 deletions scripts/ci-conformance.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,10 @@ export TAG="${defaultTag:-dev}"
export GINKGO_NODES=3

export OCI_SSH_KEY="${OCI_SSH_KEY:-""}"
export OCI_SHAPE="${OCI_SHAPE:-"VM.Standard.E3.Flex"}"
export OCI_SHAPE_OCPUS="${OCI_SHAPE_OCPUS:-"1"}"
export OCI_SHAPE_MEMORY_IN_GBS="${OCI_SHAPE_MEMORY_IN_GBS:-"16"}"
export OCI_CONTROL_PLANE_MACHINE_TYPE="${OCI_CONTROL_PLANE_MACHINE_TYPE:-"VM.Standard.E3.Flex"}"
export OCI_CONTROL_PLANE_MACHINE_TYPE_OCPUS="${OCI_CONTROL_PLANE_MACHINE_TYPE_OCPUS:-"1"}"
export OCI_NODE_MACHINE_TYPE="${OCI_NODE_MACHINE_TYPE:-"VM.Standard.E3.Flex"}"
export OCI_NODE_MACHINE_TYPE_OCPUS="${OCI_NODE_MACHINE_TYPE_OCPUS:-"1"}"
export KIND_EXPERIMENTAL_DOCKER_NETWORK="bridge"

# Generate SSH key.
Expand Down
7 changes: 4 additions & 3 deletions scripts/ci-e2e.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,10 @@ export TAG="${defaultTag:-dev}"
export GINKGO_NODES=3

export OCI_SSH_KEY="${OCI_SSH_KEY:-""}"
export OCI_SHAPE="${OCI_SHAPE:-"VM.Standard.E3.Flex"}"
export OCI_SHAPE_OCPUS="${OCI_SHAPE_OCPUS:-"1"}"
export OCI_SHAPE_MEMORY_IN_GBS="${OCI_SHAPE_MEMORY_IN_GBS:-"16"}"
export OCI_CONTROL_PLANE_MACHINE_TYPE="${OCI_CONTROL_PLANE_MACHINE_TYPE:-"VM.Standard.E3.Flex"}"
export OCI_CONTROL_PLANE_MACHINE_TYPE_OCPUS="${OCI_CONTROL_PLANE_MACHINE_TYPE_OCPUS:-"1"}"
export OCI_NODE_MACHINE_TYPE="${OCI_NODE_MACHINE_TYPE:-"VM.Standard.E3.Flex"}"
export OCI_NODE_MACHINE_TYPE_OCPUS="${OCI_NODE_MACHINE_TYPE_OCPUS:-"1"}"
export KIND_EXPERIMENTAL_DOCKER_NETWORK="bridge"

# Generate SSH key.
Expand Down
16 changes: 7 additions & 9 deletions templates/cluster-template-antrea.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -294,13 +294,12 @@ spec:
spec:
imageId: "${OCI_IMAGE_ID}"
compartmentId: "${OCI_COMPARTMENT_ID}"
shape: "${OCI_SHAPE}"
shape: "${OCI_CONTROL_PLANE_MACHINE_TYPE=VM.Standard.E4.Flex}"
shapeConfig:
ocpus: "${OCI_SHAPE_OCPUS}"
memoryInGBs: "${OCI_SHAPE_MEMORY_IN_GBS}"
ocpus: "${OCI_CONTROL_PLANE_MACHINE_TYPE_OCPUS=1}"
metadata:
ssh_authorized_keys: "${OCI_SSH_KEY}"
isPvEncryptionInTransitEnabled: ${OCI_PV_TRANSIT_ENCRYPTION=true}
isPvEncryptionInTransitEnabled: ${OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION=true}
---
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: OCIMachineTemplate
Expand All @@ -311,13 +310,12 @@ spec:
spec:
imageId: "${OCI_IMAGE_ID}"
compartmentId: "${OCI_COMPARTMENT_ID}"
shape: "${OCI_SHAPE}"
shape: "${OCI_NODE_MACHINE_TYPE=VM.Standard.E4.Flex}"
shapeConfig:
ocpus: "${OCI_SHAPE_OCPUS}"
memoryInGBs: "${OCI_SHAPE_MEMORY_IN_GBS}"
ocpus: "${OCI_NODE_MACHINE_TYPE_OCPUS=1}"
metadata:
ssh_authorized_keys: "${OCI_SSH_KEY}"
isPvEncryptionInTransitEnabled: ${OCI_PV_TRANSIT_ENCRYPTION=true}
isPvEncryptionInTransitEnabled: ${OCI_NODE_PV_TRANSIT_ENCRYPTION=true}
---
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha4
kind: KubeadmConfigTemplate
Expand All @@ -338,7 +336,7 @@ metadata:
name: "${CLUSTER_NAME}-md-0"
spec:
clusterName: "${CLUSTER_NAME}"
replicas: ${WORKER_MACHINE_COUNT}
replicas: ${NODE_MACHINE_COUNT}
selector:
matchLabels:
template:
Expand Down
14 changes: 7 additions & 7 deletions templates/cluster-template-arm-free-tier.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,14 +102,14 @@ spec:
spec:
imageId: "${OCI_IMAGE_ID}"
compartmentId: "${OCI_COMPARTMENT_ID}"
shape: "${OCI_SHAPE}"
shape: "${OCI_CONTROL_PLANE_MACHINE_TYPE=VM.Standard.E4.Flex}"
networkDetails:
assignPublicIp: true
shapeConfig:
ocpus: "${OCI_SHAPE_OCPUS}"
memoryInGBs: "${OCI_SHAPE_MEMORY_IN_GBS}"
ocpus: "${OCI_CONTROL_PLANE_MACHINE_TYPE_OCPUS=1}"
metadata:
ssh_authorized_keys: "${OCI_SSH_KEY}"
IsPvEncryptionInTransitEnabled: ${OCI_CONTROL_PLANE_PV_TRANSIT_ENCRYPTION=true}
---
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: OCIMachineTemplate
Expand All @@ -120,14 +120,14 @@ spec:
spec:
imageId: "${OCI_IMAGE_ID}"
compartmentId: "${OCI_COMPARTMENT_ID}"
shape: "${OCI_SHAPE}"
shape: "${OCI_NODE_MACHINE_TYPE=VM.Standard.E4.Flex}"
networkDetails:
assignPublicIp: true
shapeConfig:
ocpus: "${OCI_SHAPE_OCPUS}"
memoryInGBs: "${OCI_SHAPE_MEMORY_IN_GBS}"
ocpus: "${OCI_NODE_MACHINE_TYPE_OCPUS=1}"
metadata:
ssh_authorized_keys: "${OCI_SSH_KEY}"
IsPvEncryptionInTransitEnabled: ${OCI_NODE_PV_TRANSIT_ENCRYPTION=true}
---
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha4
kind: KubeadmConfigTemplate
Expand All @@ -151,7 +151,7 @@ metadata:
name: "${CLUSTER_NAME}-md-0"
spec:
clusterName: "${CLUSTER_NAME}"
replicas: ${WORKER_MACHINE_COUNT}
replicas: ${NODE_MACHINE_COUNT}
selector:
matchLabels:
template:
Expand Down