apiVersion: cluster.x-k8s.io/v1beta1 kind: Cluster metadata: labels: cni-windows: calico csi-proxy: enabled windows: enabled name: ${CLUSTER_NAME} namespace: default spec: clusterNetwork: pods: cidrBlocks: - 192.168.0.0/16 controlPlaneRef: apiVersion: controlplane.cluster.x-k8s.io/v1beta1 kind: KubeadmControlPlane name: ${CLUSTER_NAME}-control-plane infrastructureRef: apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureCluster name: ${CLUSTER_NAME} --- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureCluster metadata: name: ${CLUSTER_NAME} namespace: default spec: identityRef: apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureClusterIdentity name: ${CLUSTER_IDENTITY_NAME} location: ${AZURE_LOCATION} networkSpec: subnets: - name: control-plane-subnet role: control-plane - name: node-subnet role: node vnet: name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} subscriptionID: ${AZURE_SUBSCRIPTION_ID} --- apiVersion: controlplane.cluster.x-k8s.io/v1beta1 kind: KubeadmControlPlane metadata: name: ${CLUSTER_NAME}-control-plane namespace: default spec: kubeadmConfigSpec: clusterConfiguration: apiServer: extraArgs: cloud-provider: external timeoutForControlPlane: 20m controllerManager: extraArgs: allocate-node-cidrs: "false" cloud-provider: external cluster-name: ${CLUSTER_NAME} etcd: local: dataDir: /var/lib/etcddisk/etcd extraArgs: quota-backend-bytes: "8589934592" diskSetup: filesystems: - device: /dev/disk/azure/scsi1/lun0 extraOpts: - -E - lazy_itable_init=1,lazy_journal_init=1 filesystem: ext4 label: etcd_disk - device: ephemeral0.1 filesystem: ext4 label: ephemeral0 replaceFS: ntfs partitions: - device: /dev/disk/azure/scsi1/lun0 layout: true overwrite: false tableType: gpt files: - contentFrom: secret: key: control-plane-azure.json name: ${CLUSTER_NAME}-control-plane-azure-json owner: root:root path: /etc/kubernetes/azure.json permissions: "0644" initConfiguration: nodeRegistration: kubeletExtraArgs: cloud-provider: external name: '{{ ds.meta_data["local_hostname"] }}' joinConfiguration: nodeRegistration: kubeletExtraArgs: cloud-provider: external name: '{{ ds.meta_data["local_hostname"] }}' mounts: - - LABEL=etcd_disk - /var/lib/etcddisk postKubeadmCommands: [] preKubeadmCommands: [] machineTemplate: infrastructureRef: apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureMachineTemplate name: ${CLUSTER_NAME}-control-plane replicas: ${CONTROL_PLANE_MACHINE_COUNT:=1} version: ${KUBERNETES_VERSION} --- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureMachineTemplate metadata: name: ${CLUSTER_NAME}-control-plane namespace: default spec: template: spec: dataDisks: - diskSizeGB: 256 lun: 0 nameSuffix: etcddisk identity: UserAssigned osDisk: diskSizeGB: 128 osType: Linux sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} userAssignedIdentities: - providerID: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} --- apiVersion: cluster.x-k8s.io/v1beta1 kind: MachineDeployment metadata: name: ${CLUSTER_NAME}-md-0 namespace: default spec: clusterName: ${CLUSTER_NAME} replicas: ${WORKER_MACHINE_COUNT:=2} selector: matchLabels: null template: spec: bootstrap: configRef: apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 kind: KubeadmConfigTemplate name: ${CLUSTER_NAME}-md-0 clusterName: ${CLUSTER_NAME} infrastructureRef: apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureMachineTemplate name: ${CLUSTER_NAME}-md-0 version: ${KUBERNETES_VERSION} --- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureMachineTemplate metadata: name: ${CLUSTER_NAME}-md-0 namespace: default spec: template: spec: osDisk: diskSizeGB: 128 osType: Linux sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} vmSize: ${AZURE_NODE_MACHINE_TYPE} --- apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 kind: KubeadmConfigTemplate metadata: name: ${CLUSTER_NAME}-md-0 namespace: default spec: template: spec: files: - contentFrom: secret: key: worker-node-azure.json name: ${CLUSTER_NAME}-md-0-azure-json owner: root:root path: /etc/kubernetes/azure.json permissions: "0644" joinConfiguration: nodeRegistration: kubeletExtraArgs: cloud-provider: external name: '{{ ds.meta_data["local_hostname"] }}' preKubeadmCommands: [] --- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureClusterIdentity metadata: labels: clusterctl.cluster.x-k8s.io/move-hierarchy: "true" name: ${CLUSTER_IDENTITY_NAME} namespace: default spec: allowedNamespaces: {} clientID: ${AZURE_CLIENT_ID_USER_ASSIGNED_IDENTITY} tenantID: ${AZURE_TENANT_ID} type: ${CLUSTER_IDENTITY_TYPE:=WorkloadIdentity} --- apiVersion: cluster.x-k8s.io/v1beta1 kind: MachineDeployment metadata: name: ${CLUSTER_NAME}-md-win namespace: default spec: clusterName: ${CLUSTER_NAME} replicas: ${WORKER_MACHINE_COUNT:=2} selector: matchLabels: null template: spec: bootstrap: configRef: apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 kind: KubeadmConfigTemplate name: ${CLUSTER_NAME}-md-win clusterName: ${CLUSTER_NAME} infrastructureRef: apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureMachineTemplate name: ${CLUSTER_NAME}-md-win version: ${KUBERNETES_VERSION} --- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureMachineTemplate metadata: annotations: runtime: containerd name: ${CLUSTER_NAME}-md-win namespace: default spec: template: metadata: annotations: runtime: containerd spec: identity: UserAssigned osDisk: diskSizeGB: 128 managedDisk: storageAccountType: Premium_LRS osType: Windows sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} userAssignedIdentities: - providerID: /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} vmSize: ${AZURE_NODE_MACHINE_TYPE} --- apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 kind: KubeadmConfigTemplate metadata: name: ${CLUSTER_NAME}-md-win namespace: default spec: template: spec: files: - contentFrom: secret: key: worker-node-azure.json name: ${CLUSTER_NAME}-md-win-azure-json owner: root:root path: c:/k/azure.json permissions: "0644" - content: |- Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico-ipam.exe path: C:/defender-exclude-calico.ps1 permissions: "0744" joinConfiguration: nodeRegistration: criSocket: npipe:////./pipe/containerd-containerd kubeletExtraArgs: cloud-provider: external v: "2" windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS name: '{{ ds.meta_data["local_hostname"] }}' postKubeadmCommands: - nssm set kubelet start SERVICE_AUTO_START - powershell C:/defender-exclude-calico.ps1 preKubeadmCommands: [] users: - groups: Administrators name: capi sshAuthorizedKeys: - ${AZURE_SSH_PUBLIC_KEY:=""}