Add Azure AKS Cluster Template

Mirantis · Dec 18, 2024 · 56df32f · 56df32f
1 parent 60a6edc
commit 56df32f
Show file tree

Hide file tree

Showing 13 changed files with 824 additions and 0 deletions.
diff --git a/templates/cluster/azure-aks/.helmignore b/templates/cluster/azure-aks/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/templates/cluster/azure-aks/Chart.yaml b/templates/cluster/azure-aks/Chart.yaml
@@ -0,0 +1,12 @@
+apiVersion: v2
+name: azure-aks
+description: |
+  An HMC template to deploy a cluster on AKS.
+type: application
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.0.1
+annotations:
+  cluster.x-k8s.io/provider: infrastructure-azure
+  cluster.x-k8s.io/infrastructure-azure: v1beta1
diff --git a/templates/cluster/azure-aks/templates/_helpers.tpl b/templates/cluster/azure-aks/templates/_helpers.tpl
@@ -0,0 +1,11 @@
+{{- define "cluster.name" -}}
+    {{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{- define "machinepool.system.name" -}}
+    {{- include "cluster.name" . }}-system
+{{- end }}
+
+{{- define "machinepool.user.name" -}}
+    {{- include "cluster.name" . }}-user
+{{- end }}
diff --git a/templates/cluster/azure-aks/templates/azureasomanagedcluster.yaml b/templates/cluster/azure-aks/templates/azureasomanagedcluster.yaml
@@ -0,0 +1,14 @@
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
+kind: AzureASOManagedCluster
+metadata:
+  name: {{ include "cluster.name" . }}
+spec:
+  resources:
+    - apiVersion: resources.azure.com/v1api20200601
+      kind: ResourceGroup
+      metadata:
+        annotations:
+          serviceoperator.azure.com/credential-from: {{ .Values.clusterIdentity.name }}
+        name: {{ include "cluster.name" . }}
+      spec:
+        location: {{ .Values.location }}
diff --git a/templates/cluster/azure-aks/templates/azureasomanagedcontrolplane.yaml b/templates/cluster/azure-aks/templates/azureasomanagedcontrolplane.yaml
@@ -0,0 +1,89 @@
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
+kind: AzureASOManagedControlPlane
+metadata:
+  name: {{ include "cluster.name" . }}
+spec:
+  resources:
+    - apiVersion: containerservice.azure.com/v1api20231001
+      kind: ManagedCluster
+      metadata:
+        annotations:
+          serviceoperator.azure.com/credential-from: {{ .Values.clusterIdentity.name }}
+        name: {{ include "cluster.name" . }}
+      spec:
+        apiServerAccessProfile:
+          authorizedIPRanges: {{ .Values.apiServerAccessProfile.authorizedIPRanges }}
+          disableRunCommand: {{ .Values.apiServerAccessProfile.disableRunCommand }}
+          {{- if .Values.apiServerAccessProfile.enablePrivateCluster }}
+          enablePrivateCluster: {{ .Values.apiServerAccessProfile.enablePrivateCluster }}
+          enablePrivateClusterPublicFQDN: {{ .Values.apiServerAccessProfile.enablePrivateClusterPublicFQDN }}
+          privateDNSZone: {{ .Values.apiServerAccessProfile.privateDNSZone }}
+          {{- end }}
+        {{- with .Values.azureMonitorProfile }}
+        azureMonitorProfile:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        dnsPrefix: {{ include "cluster.name" . }}
+        identity:
+          type: SystemAssigned
+        location: {{ .Values.location }}
+        networkProfile:
+          dnsServiceIP: {{ .Values.dnsServiceIP }}
+          networkPlugin: {{ .Values.kubernetes.networkPlugin }}
+          networkPolicy: {{ .Values.kubernetes.networkPolicy }}
+        oidcIssuerProfile:
+          enabled: {{ .Values.oidcIssuerProfile.enabled }}
+        owner:
+          name: {{ include "cluster.name" . }}
+        securityProfile:
+          {{- if .Values.securityProfile.azureKeyVaultKms.enabled }}
+          azureKeyVaultKms:
+            enabled: {{ .Values.securityProfile.azureKeyVaultKms.enabled }}
+            keyId: {{ .Values.securityProfile.azureKeyVaultKms.keyId }}
+            keyVaultNetworkAccess: {{ .Values.securityProfile.azureKeyVaultKms.keyVaultNetworkAccess }}
+            {{- with .Values.securityProfile.azureKeyVaultKms.keyVaultResourceReference }}
+            keyVaultResourceReference:
+              {{- toYaml . | nindent 14 }}
+            {{- end }}
+          {{- end }}
+          defender:
+            {{- with .Values.securityProfile.defender.logAnalyticsWorkspaceResourceReference }}
+            logAnalyticsWorkspaceResourceReference:
+              {{- toYaml . | nindent 14 }}
+            {{- end }}
+            securityMonitoring:
+              enabled: {{ .Values.securityProfile.defender.securityMonitoring.enabled }}
+          imageCleaner:
+            enabled: {{ .Values.securityProfile.imageCleaner.enabled }}
+            intervalHours: {{ .Values.securityProfile.imageCleaner.intervalHours }}
+          workloadIdentity:
+            enabled: {{ .Values.securityProfile.workloadIdentity.enabled }}
+        serviceMeshProfile:
+          mode: {{ .Values.serviceMeshProfile.mode }}
+          {{- if eq .Values.serviceMeshProfile.mode "Istio" }}
+          istio:
+            certificateAuthority:
+              certChainObjectName: {{ .Values.serviceMeshProfile.istio.certificateAuthority.certChainObjectName }}
+              certObjectName: {{ .Values.serviceMeshProfile.istio.certificateAuthority.certObjectName }}
+              keyObjectName: {{ .Values.serviceMeshProfile.istio.certificateAuthority.keyObjectName }}
+              {{- with .Values.serviceMeshProfile.istio.certificateAuthority.keyVaultReference }}
+              keyVaultReference:
+                {{- toYaml . | nindent 14 }}
+              {{- end }}
+              rootCertObjectName: {{ .Values.serviceMeshProfile.istio.certificateAuthority.rootCertObjectName }}
+            {{- with .Values.serviceMeshProfile.istio.components }}
+            components:
+              {{- toYaml . | nindent 14 }}
+            {{- end }}
+            {{- with .Values.serviceMeshProfile.istio.revisions }}
+            revisions:
+              {{- toYaml . | nindent 14 }}
+            {{- end }}
+        {{- end }}
+        servicePrincipalProfile:
+          clientId: msi
+        {{- with .Values.sku }}
+        sku:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+  version: {{ .Values.kubernetes.version }}
diff --git a/templates/cluster/azure-aks/templates/azureasomanagedmachinepool-controlplane.yaml b/templates/cluster/azure-aks/templates/azureasomanagedmachinepool-controlplane.yaml
@@ -0,0 +1,30 @@
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
+kind: AzureASOManagedMachinePool
+metadata:
+  name: {{ include "machinepool.system.name" . }}
+spec:
+  resources:
+    - apiVersion: containerservice.azure.com/v1api20231001
+      kind: ManagedClustersAgentPool
+      metadata:
+        annotations:
+          serviceoperator.azure.com/credential-from: {{ .Values.clusterIdentity.name }}
+        name: {{ include "machinepool.system.name" . }}
+      spec:
+        azureName: systempool
+        enableNodePublicIP: {{ .Values.machinePools.system.enableNodePublicIP }}
+        maxPods: {{ .Values.machinePools.system.maxPods }}
+        mode: System
+        {{- with .Values.machinePools.system.nodeLabels }}
+        nodeLabels:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        {{- with .Values.machinePools.system.nodeTaints }}
+        nodeTaints:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        osDiskSizeGB: {{ .Values.machinePools.system.osDiskSizeGB }}
+        owner:
+          name: {{ include "cluster.name" . }}
+        type: {{ .Values.machinePools.system.type }}
+        vmSize: {{ .Values.machinePools.system.vmSize }}
diff --git a/templates/cluster/azure-aks/templates/azureasomanagedmachinepool-worker.yaml b/templates/cluster/azure-aks/templates/azureasomanagedmachinepool-worker.yaml
@@ -0,0 +1,30 @@
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
+kind: AzureASOManagedMachinePool
+metadata:
+  name: {{ include "machinepool.user.name" . }}
+spec:
+  resources:
+    - apiVersion: containerservice.azure.com/v1api20231001
+      kind: ManagedClustersAgentPool
+      metadata:
+        annotations:
+          serviceoperator.azure.com/credential-from: {{ .Values.clusterIdentity.name }}
+        name: {{ include "machinepool.user.name" . }}
+      spec:
+        azureName: userpool
+        enableNodePublicIP: {{ .Values.machinePools.user.enableNodePublicIP }}
+        maxPods: {{ .Values.machinePools.user.maxPods }}
+        mode: User
+        {{- with .Values.machinePools.user.nodeLabels }}
+        nodeLabels:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        {{- with .Values.machinePools.user.nodeTaints }}
+        nodeTaints:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        osDiskSizeGB: {{ .Values.machinePools.user.osDiskSizeGB }}
+        owner:
+          name: {{ include "cluster.name" . }}
+        type: {{ .Values.machinePools.user.type }}
+        vmSize: {{ .Values.machinePools.user.vmSize }}
diff --git a/templates/cluster/azure-aks/templates/cluster.yaml b/templates/cluster/azure-aks/templates/cluster.yaml
@@ -0,0 +1,17 @@
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: {{ include "cluster.name" . }}
+spec:
+  {{- with .Values.clusterNetwork }}
+  clusterNetwork:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  controlPlaneRef:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
+    kind: AzureASOManagedControlPlane
+    name: {{ include "cluster.name" .  }}
+  infrastructureRef:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
+    kind: AzureASOManagedCluster
+    name: {{ include "cluster.name" . }}
diff --git a/templates/cluster/azure-aks/templates/machinepool-controlplane.yaml b/templates/cluster/azure-aks/templates/machinepool-controlplane.yaml
@@ -0,0 +1,17 @@
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: MachinePool
+metadata:
+  name: {{ include "machinepool.system.name" . }}
+spec:
+  clusterName: {{ include "cluster.name" . }}
+  replicas: {{ .Values.machinePools.system.count }}
+  template:
+    spec:
+      bootstrap:
+        dataSecretName: {{ include "machinepool.system.name" . }}
+      clusterName: {{ include "cluster.name" . }}
+      infrastructureRef:
+        apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
+        kind: AzureASOManagedMachinePool
+        name: {{ include "machinepool.system.name" . }}
+      version: {{ .Values.kubernetes.version }}
diff --git a/templates/cluster/azure-aks/templates/machinepool-worker.yaml b/templates/cluster/azure-aks/templates/machinepool-worker.yaml
@@ -0,0 +1,17 @@
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: MachinePool
+metadata:
+  name: {{ include "machinepool.user.name" . }}
+spec:
+  clusterName: {{ include "cluster.name" . }}
+  replicas: {{ .Values.machinePools.user.count }}
+  template:
+    spec:
+      bootstrap:
+        dataSecretName: {{ include "machinepool.user.name" . }}
+      clusterName: {{ include "cluster.name" . }}
+      infrastructureRef:
+        apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
+        kind: AzureASOManagedMachinePool
+        name: {{ include "machinepool.user.name" . }}
+      version: {{ .Values.kubernetes.version }}