From 891cbaa76e062210f1bbe74446ca0cc0a2191684 Mon Sep 17 00:00:00 2001 From: Rodrigo Reis Date: Mon, 17 Jun 2024 17:31:33 +0200 Subject: [PATCH] Use Cluster.Provider instead of config item Signed-off-by: Rodrigo Reis --- cluster/cluster.yaml | 44 ++++++++-------- cluster/manifests/01-aws-node/daemonset.yaml | 2 +- cluster/manifests/01-aws-node/sa.yaml | 2 +- .../01-coredns-local/daemonset-coredns.yaml | 10 ++-- .../01-coredns-local/service-coredns.yaml | 2 +- .../02-admission-control/deployment.yaml | 2 +- .../02-admission-control/secret.yaml | 2 +- .../02-admission-control/service.yaml | 2 +- .../02-admission-control/teapot.yaml | 52 +++++++++---------- .../deployment.yaml | 2 +- .../02-skipper-validation-webhook/secret.yaml | 2 +- .../service.yaml | 2 +- .../skipper-webhook.yaml | 4 +- .../deployment.yaml | 2 +- cluster/manifests/04-ebs-csi/controller.yaml | 2 +- .../daemonset.yaml | 2 +- .../aws-cloud-controller-manager/rbac.yaml | 2 +- .../aws-node-decommissioner/01-rbac.yaml | 2 +- .../deployment.yaml | 4 +- cluster/manifests/deletions.yaml | 2 +- .../deployment-service/controller-rbac.yaml | 2 +- .../status-service-rbac.yaml | 2 +- cluster/manifests/etcd-backup/01-rbac.yaml | 2 +- cluster/manifests/etcd-backup/cronjob.yaml | 2 +- cluster/manifests/external-dns/01-rbac.yaml | 2 +- cluster/manifests/flannel/daemonset.yaml | 2 +- cluster/manifests/flannel/rbac.yaml | 2 +- .../manifests/ingress-controller/01-rbac.yaml | 2 +- .../kube-cluster-autoscaler/01-rbac.yaml | 2 +- .../kube-cluster-autoscaler/daemonset.yaml | 8 +-- .../kube-metrics-adapter/01-rbac.yaml | 2 +- .../kube-node-ready-controller/daemonset.yaml | 8 +-- .../manifests/kube-node-ready/01-rbac.yaml | 2 +- cluster/manifests/kube-proxy/configmap.yaml | 2 +- cluster/manifests/kube-proxy/daemonset.yaml | 2 +- cluster/manifests/kube-proxy/rbac.yaml | 2 +- cluster/manifests/prometheus/configmap.yaml | 2 +- cluster/manifests/skipper/deployment.yaml | 2 +- .../manifests/skipper/service-internal.yaml | 2 +- .../z-karpenter/01-serviceaccount.yaml | 2 +- cluster/manifests/z-karpenter/deployment.yaml | 2 +- cluster/node-pools/worker-combined/stack.yaml | 2 +- .../worker-karpenter/provisioners.yaml | 4 +- cluster/node-pools/worker-splitaz/files.yaml | 2 +- cluster/node-pools/worker-splitaz/stack.yaml | 2 +- .../node-pools/worker-splitaz/userdata.yaml | 14 ++--- 46 files changed, 111 insertions(+), 111 deletions(-) diff --git a/cluster/cluster.yaml b/cluster/cluster.yaml index 3c5aa9e8ce..f28256ac71 100644 --- a/cluster/cluster.yaml +++ b/cluster/cluster.yaml @@ -5,7 +5,7 @@ Metadata: InfrastructureComponent: "true" application: "kubernetes" Resources: -{{ if eq .Cluster.ConfigItems.eks "true" }} +{{ if eq .Cluster.Provider "zalando-eks" }} EKSClusterRole: Type: AWS::IAM::Role Properties: @@ -707,7 +707,7 @@ Resources: - !Ref MasterIAMRole Version: 2012-10-17 Path: / -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} ManagedPolicyArns: - "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy" - "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" @@ -801,7 +801,7 @@ Resources: } ] } -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} - OIDC: !Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]] {{- else }} - OIDC: "{{.Cluster.LocalID}}.{{.Values.hosted_zone}}" @@ -872,7 +872,7 @@ Resources: } ] } -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} - OIDC: !Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]] {{- else }} - OIDC: "{{.Cluster.LocalID}}.{{.Values.hosted_zone}}" @@ -1294,7 +1294,7 @@ Resources: } ] } -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} - OIDC: !Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]] {{- else }} - OIDC: "{{.Cluster.LocalID}}.{{.Values.hosted_zone}}" @@ -1396,7 +1396,7 @@ Resources: } ] } -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} - OIDC: !Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]] {{- else }} - OIDC: "{{.Cluster.LocalID}}.{{.Values.hosted_zone}}" @@ -1454,7 +1454,7 @@ Resources: } ] } -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} - OIDC: !Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]] {{- else }} - OIDC: "{{.Cluster.LocalID}}.{{.Values.hosted_zone}}" @@ -1495,7 +1495,7 @@ Resources: } ] } -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} - OIDC: !Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]] {{- else }} - OIDC: "{{.Cluster.LocalID}}.{{.Values.hosted_zone}}" @@ -1656,7 +1656,7 @@ Resources: } ] } -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} - OIDC: !Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]] {{- else }} - OIDC: "{{.Cluster.LocalID}}.{{.Values.hosted_zone}}" @@ -1709,7 +1709,7 @@ Resources: { "Version": "2012-10-17", "Statement": [ -{{- if ne .Cluster.ConfigItems.eks "true" }} +{{- if ne .Cluster.Provider "zalando-eks" }} { "Action": [ "sts:AssumeRole" @@ -1738,7 +1738,7 @@ Resources: } ] } -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} - OIDC: !Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]] {{- else }} - OIDC: "{{.Cluster.LocalID}}.{{.Values.hosted_zone}}" @@ -1833,7 +1833,7 @@ Resources: Version: 2012-10-17 PolicyName: root Type: 'AWS::IAM::Role' -{{- if ne .Cluster.ConfigItems.eks "true" }} +{{- if ne .Cluster.Provider "zalando-eks" }} CloudControllerManagerIAMRole: Properties: AssumeRolePolicyDocument: @@ -1986,7 +1986,7 @@ Resources: } ] } -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} - OIDC: !Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]] {{- else }} - OIDC: "{{.Cluster.LocalID}}.{{.Values.hosted_zone}}" @@ -2267,7 +2267,7 @@ Resources: } ] } -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} - OIDC: !Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]] {{- else }} - OIDC: "{{.Cluster.LocalID}}.{{.Values.hosted_zone}}" @@ -2326,7 +2326,7 @@ Resources: } ] } -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} - OIDC: !Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]] {{- else }} - OIDC: "{{.Cluster.LocalID}}.{{.Values.hosted_zone}}" @@ -2377,7 +2377,7 @@ Resources: } ] } -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} - OIDC: !Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]] {{- else }} - OIDC: "{{.Cluster.LocalID}}.{{.Values.hosted_zone}}" @@ -2629,7 +2629,7 @@ Resources: } ] } -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} - OIDC: !Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]] {{- else }} - OIDC: "{{.Cluster.LocalID}}.{{.Values.hosted_zone}}" @@ -2670,7 +2670,7 @@ Resources: } ] } -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} - OIDC: !Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]] {{- else }} - OIDC: "{{.Cluster.LocalID}}.{{.Values.hosted_zone}}" @@ -2721,7 +2721,7 @@ Resources: } ] } -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} - OIDC: !Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]] {{- else }} - OIDC: "{{.Cluster.LocalID}}.{{.Values.hosted_zone}}" @@ -2812,7 +2812,7 @@ Resources: - "kms:*" - "tag:TagResources" Resource: "*" -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} - Sid: "Allow EKSClusterRole access to describe the key" Effect: "Allow" Principal: @@ -2835,7 +2835,7 @@ Resources: - "kms:Encrypt" - "kms:Decrypt" {{- end }} -{{- if ne .Cluster.ConfigItems.eks "true" }} +{{- if ne .Cluster.Provider "zalando-eks" }} MasterFilesEncryptionKey: Type: "AWS::KMS::Key" Properties: @@ -2912,7 +2912,7 @@ Resources: Action: - "kms:Decrypt" Outputs: -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} EKSControlPlaneEndpoint: Export: Name: "{{.Cluster.ID}}:eks-control-plane-endpoint" diff --git a/cluster/manifests/01-aws-node/daemonset.yaml b/cluster/manifests/01-aws-node/daemonset.yaml index 2247cfb9db..768e6be3af 100644 --- a/cluster/manifests/01-aws-node/daemonset.yaml +++ b/cluster/manifests/01-aws-node/daemonset.yaml @@ -1,4 +1,4 @@ -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} apiVersion: apps/v1 kind: DaemonSet metadata: diff --git a/cluster/manifests/01-aws-node/sa.yaml b/cluster/manifests/01-aws-node/sa.yaml index e287112f9e..f87499f9fc 100644 --- a/cluster/manifests/01-aws-node/sa.yaml +++ b/cluster/manifests/01-aws-node/sa.yaml @@ -1,4 +1,4 @@ -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} --- apiVersion: v1 kind: ServiceAccount diff --git a/cluster/manifests/01-coredns-local/daemonset-coredns.yaml b/cluster/manifests/01-coredns-local/daemonset-coredns.yaml index 9f65b24e49..70957d218b 100644 --- a/cluster/manifests/01-coredns-local/daemonset-coredns.yaml +++ b/cluster/manifests/01-coredns-local/daemonset-coredns.yaml @@ -27,7 +27,7 @@ spec: spec: initContainers: - name: ensure-apiserver -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/ensure-apiserver:master-6 {{- else }} image: container-registry.zalando.net/teapot/ensure-apiserver:master-6 @@ -61,7 +61,7 @@ spec: command: - dig - "+short" -{{- if and (eq .Cluster.ConfigItems.eks "true") (eq .Cluster.ConfigItems.eks_ip_family "ipv4") }} +{{- if and (eq .Cluster.Provider "zalando-eks") (eq .Cluster.ConfigItems.eks_ip_family "ipv4") }} - "@127.0.0.1" {{- else }} - "::1" @@ -101,7 +101,7 @@ spec: {{ end }} {{ if eq .Cluster.ConfigItems.dns_cache "dnsmasq" }} - name: dnsmasq - {{- if eq .Cluster.ConfigItems.eks "true" }} + {{- if eq .Cluster.Provider "zalando-eks" }} image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/k8s-dns-dnsmasq-nanny:1.17.4-master-15 {{- else }} image: container-registry.zalando.net/teapot/k8s-dns-dnsmasq-nanny:1.17.4-master-15 @@ -147,7 +147,7 @@ spec: cpu: {{.Cluster.ConfigItems.dns_dnsmasq_cpu}} memory: {{.Cluster.ConfigItems.dns_dnsmasq_mem}} - name: sidecar - {{- if eq .Cluster.ConfigItems.eks "true" }} + {{- if eq .Cluster.Provider "zalando-eks" }} image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/k8s-dns-sidecar:1.17.4-master-15 {{- else }} image: container-registry.zalando.net/teapot/k8s-dns-sidecar:1.17.4-master-15 @@ -181,7 +181,7 @@ spec: memory: {{.Cluster.ConfigItems.dns_dnsmasq_sidecar_mem}} {{ end }} - name: coredns - {{- if eq .Cluster.ConfigItems.eks "true" }} + {{- if eq .Cluster.Provider "zalando-eks" }} image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/coredns:1.11.3-master-24 {{- else }} image: container-registry.zalando.net/teapot/coredns:1.11.3-master-24 diff --git a/cluster/manifests/01-coredns-local/service-coredns.yaml b/cluster/manifests/01-coredns-local/service-coredns.yaml index ae017bc0f4..d418bc75a0 100644 --- a/cluster/manifests/01-coredns-local/service-coredns.yaml +++ b/cluster/manifests/01-coredns-local/service-coredns.yaml @@ -9,7 +9,7 @@ metadata: spec: selector: component: coredns -{{- if ne .Cluster.ConfigItems.eks "true"}} +{{- if ne .Cluster.Provider "zalando-eks"}} # TODO: what to do with eks service range? clusterIP: 10.5.0.11 {{- end}} diff --git a/cluster/manifests/02-admission-control/deployment.yaml b/cluster/manifests/02-admission-control/deployment.yaml index 1bc3258e72..05600dee46 100644 --- a/cluster/manifests/02-admission-control/deployment.yaml +++ b/cluster/manifests/02-admission-control/deployment.yaml @@ -1,4 +1,4 @@ -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/cluster/manifests/02-admission-control/secret.yaml b/cluster/manifests/02-admission-control/secret.yaml index db33e14713..7497480652 100644 --- a/cluster/manifests/02-admission-control/secret.yaml +++ b/cluster/manifests/02-admission-control/secret.yaml @@ -1,4 +1,4 @@ -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} apiVersion: v1 kind: Secret metadata: diff --git a/cluster/manifests/02-admission-control/service.yaml b/cluster/manifests/02-admission-control/service.yaml index 84dc171758..7cda8af841 100644 --- a/cluster/manifests/02-admission-control/service.yaml +++ b/cluster/manifests/02-admission-control/service.yaml @@ -1,4 +1,4 @@ -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} apiVersion: v1 kind: Service metadata: diff --git a/cluster/manifests/02-admission-control/teapot.yaml b/cluster/manifests/02-admission-control/teapot.yaml index 5e85a7b2a0..ec1c09720d 100644 --- a/cluster/manifests/02-admission-control/teapot.yaml +++ b/cluster/manifests/02-admission-control/teapot.yaml @@ -7,7 +7,7 @@ metadata: component: teapot-admission-controller webhooks: - name: pod-admitter.teapot.zalan.do -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} # avoid admission-control applying to the admission-controller components (🐔🥚) objectSelector: matchExpressions: @@ -19,7 +19,7 @@ webhooks: values: ["kube-proxy"] {{- end }} clientConfig: - {{- if eq .Cluster.ConfigItems.eks "true"}} + {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "admission-controller" namespace: "kube-system" @@ -39,7 +39,7 @@ webhooks: resources: ["pods", "pods/ephemeralcontainers"] {{- if eq .Cluster.ConfigItems.teapot_admission_controller_inject_environment_variables "true" }} - name: pod-binding-admitter.teapot.zalan.do -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} # avoid admission-control applying to the admission-controller components (🐔🥚) objectSelector: matchExpressions: @@ -51,7 +51,7 @@ webhooks: values: ["kube-proxy"] {{- end }} clientConfig: - {{- if eq .Cluster.ConfigItems.eks "true"}} + {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "admission-controller" namespace: "kube-system" @@ -71,7 +71,7 @@ webhooks: {{- end }} - name: storageclass-admitter.teapot.zalan.do clientConfig: - {{- if eq .Cluster.ConfigItems.eks "true"}} + {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "admission-controller" namespace: "kube-system" @@ -89,7 +89,7 @@ webhooks: apiVersions: ["v1", "v1beta1"] resources: ["storageclasses"] - name: node-admitter.teapot.zalan.do -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} # avoid admission-control applying to seed node where the admission-controller components run (🐔🥚) objectSelector: matchExpressions: @@ -98,7 +98,7 @@ webhooks: values: ["cluster-seed"] {{- end }} clientConfig: - {{- if eq .Cluster.ConfigItems.eks "true"}} + {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "admission-controller" namespace: "kube-system" @@ -118,7 +118,7 @@ webhooks: resources: ["nodes"] - name: configmap-admitter.teapot.zalan.do clientConfig: - {{- if eq .Cluster.ConfigItems.eks "true"}} + {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "admission-controller" namespace: "kube-system" @@ -138,7 +138,7 @@ webhooks: resources: ["configmaps"] - name: cronjob-admitter.teapot.zalan.do clientConfig: - {{- if eq .Cluster.ConfigItems.eks "true"}} + {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "admission-controller" namespace: "kube-system" @@ -157,7 +157,7 @@ webhooks: resources: ["cronjobs"] - name: job-admitter.teapot.zalan.do clientConfig: - {{- if eq .Cluster.ConfigItems.eks "true"}} + {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "admission-controller" namespace: "kube-system" @@ -176,7 +176,7 @@ webhooks: apiVersions: ["v1"] resources: ["jobs"] - name: deployment-admitter.teapot.zalan.do -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} # avoid admission-control applying to the admission-controller components (🐔🥚) objectSelector: matchExpressions: @@ -185,7 +185,7 @@ webhooks: values: ["admission-controller"] {{- end }} clientConfig: - {{- if eq .Cluster.ConfigItems.eks "true"}} + {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "admission-controller" namespace: "kube-system" @@ -205,7 +205,7 @@ webhooks: resources: ["deployments"] - name: statefulset-admitter.teapot.zalan.do clientConfig: - {{- if eq .Cluster.ConfigItems.eks "true"}} + {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "admission-controller" namespace: "kube-system" @@ -225,7 +225,7 @@ webhooks: resources: ["statefulsets"] - name: crd-admitter.teapot.zalan.do clientConfig: - {{- if eq .Cluster.ConfigItems.eks "true"}} + {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "admission-controller" namespace: "kube-system" @@ -245,7 +245,7 @@ webhooks: resources: ["customresourcedefinitions"] - name: stack-admitter.teapot.zalan.do clientConfig: - {{- if eq .Cluster.ConfigItems.eks "true"}} + {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "admission-controller" namespace: "kube-system" @@ -264,7 +264,7 @@ webhooks: resources: ["stacks"] - name: stackset-admitter.teapot.zalan.do clientConfig: - {{- if eq .Cluster.ConfigItems.eks "true"}} + {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "admission-controller" namespace: "kube-system" @@ -283,7 +283,7 @@ webhooks: resources: ["stacksets"] - name: hpa-admitter.teapot.zalan.do clientConfig: - {{- if eq .Cluster.ConfigItems.eks "true"}} + {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "admission-controller" namespace: "kube-system" @@ -302,7 +302,7 @@ webhooks: apiVersions: ["v2"] resources: ["horizontalpodautoscalers"] - name: serviceaccount-admitter.teapot.zalan.do -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} # avoid admission-control applying to the admission-controller components (🐔🥚) objectSelector: matchExpressions: @@ -311,7 +311,7 @@ webhooks: values: ["admission-controller", "aws-node", "coredns"] {{- end }} clientConfig: - {{- if eq .Cluster.ConfigItems.eks "true"}} + {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "admission-controller" namespace: "kube-system" @@ -331,7 +331,7 @@ webhooks: resources: ["serviceaccounts"] {{- if eq .Cluster.ConfigItems.teapot_admission_controller_check_daemonset_resources "true" }} - name: daemonset-admitter.teapot.zalan.do -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} # avoid admission-control applying to the admission-controller components (🐔🥚) objectSelector: matchExpressions: @@ -343,7 +343,7 @@ webhooks: values: ["kube-proxy"] {{- end }} clientConfig: - {{- if eq .Cluster.ConfigItems.eks "true"}} + {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "admission-controller" namespace: "kube-system" @@ -364,7 +364,7 @@ webhooks: {{- end }} - name: priorityclass-admitter.teapot.zalan.do clientConfig: - {{- if eq .Cluster.ConfigItems.eks "true"}} + {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "admission-controller" namespace: "kube-system" @@ -384,7 +384,7 @@ webhooks: resources: ["priorityclasses"] - name: postgresql-admitter.teapot.zalan.do clientConfig: - {{- if eq .Cluster.ConfigItems.eks "true"}} + {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "admission-controller" namespace: "kube-system" @@ -404,7 +404,7 @@ webhooks: resources: ["postgresqls"] - name: namespace-admitter.teapot.zalan.do clientConfig: - {{- if eq .Cluster.ConfigItems.eks "true"}} + {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "admission-controller" namespace: "kube-system" @@ -423,7 +423,7 @@ webhooks: apiVersions: ["v1"] resources: ["namespaces"] - name: service-admitter.teapot.zalan.do -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} # avoid admission-control applying to the admission-controller components (🐔🥚) objectSelector: matchExpressions: @@ -432,7 +432,7 @@ webhooks: values: ["admission-controller"] {{- end }} clientConfig: - {{- if eq .Cluster.ConfigItems.eks "true"}} + {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "admission-controller" namespace: "kube-system" diff --git a/cluster/manifests/02-skipper-validation-webhook/deployment.yaml b/cluster/manifests/02-skipper-validation-webhook/deployment.yaml index 9142d86902..04cfec7553 100644 --- a/cluster/manifests/02-skipper-validation-webhook/deployment.yaml +++ b/cluster/manifests/02-skipper-validation-webhook/deployment.yaml @@ -1,4 +1,4 @@ -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/cluster/manifests/02-skipper-validation-webhook/secret.yaml b/cluster/manifests/02-skipper-validation-webhook/secret.yaml index 7137c0d9d5..d68083108a 100644 --- a/cluster/manifests/02-skipper-validation-webhook/secret.yaml +++ b/cluster/manifests/02-skipper-validation-webhook/secret.yaml @@ -1,4 +1,4 @@ -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} apiVersion: v1 kind: Secret metadata: diff --git a/cluster/manifests/02-skipper-validation-webhook/service.yaml b/cluster/manifests/02-skipper-validation-webhook/service.yaml index d72dce2c28..50e65dba6e 100644 --- a/cluster/manifests/02-skipper-validation-webhook/service.yaml +++ b/cluster/manifests/02-skipper-validation-webhook/service.yaml @@ -1,4 +1,4 @@ -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} apiVersion: v1 kind: Service metadata: diff --git a/cluster/manifests/02-skipper-validation-webhook/skipper-webhook.yaml b/cluster/manifests/02-skipper-validation-webhook/skipper-webhook.yaml index 5adb2a0c56..f4cb621462 100644 --- a/cluster/manifests/02-skipper-validation-webhook/skipper-webhook.yaml +++ b/cluster/manifests/02-skipper-validation-webhook/skipper-webhook.yaml @@ -14,7 +14,7 @@ webhooks: apiVersions: ["v1"] resources: ["routegroups"] clientConfig: - # {{- if eq .Cluster.ConfigItems.eks "true"}} + # {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "skipper-validation-webhook" namespace: "kube-system" @@ -35,7 +35,7 @@ webhooks: apiVersions: ["v1"] resources: ["ingresses"] clientConfig: - # {{- if eq .Cluster.ConfigItems.eks "true"}} + # {{- if eq .Cluster.Provider "zalando-eks"}} service: name: "skipper-validation-webhook" namespace: "kube-system" diff --git a/cluster/manifests/03-kube-aws-iam-controller/deployment.yaml b/cluster/manifests/03-kube-aws-iam-controller/deployment.yaml index 38605bcc80..3fc66a2609 100644 --- a/cluster/manifests/03-kube-aws-iam-controller/deployment.yaml +++ b/cluster/manifests/03-kube-aws-iam-controller/deployment.yaml @@ -45,7 +45,7 @@ spec: - key: node.kubernetes.io/role value: master effect: NoSchedule -{{- if ne .Cluster.ConfigItems.eks "true" }} +{{- if ne .Cluster.Provider "zalando-eks" }} nodeSelector: node.kubernetes.io/role: master {{- end }} diff --git a/cluster/manifests/04-ebs-csi/controller.yaml b/cluster/manifests/04-ebs-csi/controller.yaml index 583c8a8730..0d0dc93f07 100644 --- a/cluster/manifests/04-ebs-csi/controller.yaml +++ b/cluster/manifests/04-ebs-csi/controller.yaml @@ -22,7 +22,7 @@ spec: spec: serviceAccountName: ebs-csi-controller-sa priorityClassName: system-cluster-critical -{{- if ne .Cluster.ConfigItems.eks "true" }} +{{- if ne .Cluster.Provider "zalando-eks" }} nodeSelector: node.kubernetes.io/role: master {{- end }} diff --git a/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml b/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml index 36182835e1..d99e5613be 100644 --- a/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml +++ b/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml @@ -1,4 +1,4 @@ -{{- if ne .Cluster.ConfigItems.eks "true"}} +{{- if ne .Cluster.Provider "zalando-eks"}} {{- if eq .Cluster.ConfigItems.aws_cloud_controller_manager_enabled "true" }} apiVersion: apps/v1 kind: DaemonSet diff --git a/cluster/manifests/aws-cloud-controller-manager/rbac.yaml b/cluster/manifests/aws-cloud-controller-manager/rbac.yaml index 917a62f82d..e22782b5a2 100644 --- a/cluster/manifests/aws-cloud-controller-manager/rbac.yaml +++ b/cluster/manifests/aws-cloud-controller-manager/rbac.yaml @@ -1,4 +1,4 @@ -{{- if ne .Cluster.ConfigItems.eks "true"}} +{{- if ne .Cluster.Provider "zalando-eks"}} {{- if eq .Cluster.ConfigItems.aws_cloud_controller_manager_enabled "true" }} apiVersion: v1 kind: ServiceAccount diff --git a/cluster/manifests/aws-node-decommissioner/01-rbac.yaml b/cluster/manifests/aws-node-decommissioner/01-rbac.yaml index 527986abfb..66b312a733 100644 --- a/cluster/manifests/aws-node-decommissioner/01-rbac.yaml +++ b/cluster/manifests/aws-node-decommissioner/01-rbac.yaml @@ -7,7 +7,7 @@ metadata: application: kubernetes component: aws-node-decommissioner annotations: -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} eks.amazonaws.com/role-arn: "arn:aws:iam::{{.Cluster.InfrastructureAccount | getAWSAccountID}}:role/{{ .Cluster.LocalID }}-aws-node-decommissioner" {{- else}} iam.amazonaws.com/role: "{{ .Cluster.LocalID }}-aws-node-decommissioner" diff --git a/cluster/manifests/cluster-lifecycle-controller/deployment.yaml b/cluster/manifests/cluster-lifecycle-controller/deployment.yaml index 6be31c1c13..a019fc3e13 100644 --- a/cluster/manifests/cluster-lifecycle-controller/deployment.yaml +++ b/cluster/manifests/cluster-lifecycle-controller/deployment.yaml @@ -33,7 +33,7 @@ spec: effect: NoSchedule - key: node.kubernetes.io/not-ready operator: Exists -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} - operator: Exists effect: NoSchedule {{- end}} @@ -59,7 +59,7 @@ spec: env: - name: AWS_REGION value: "{{ .Cluster.Region }}" -{{- if ne .Cluster.ConfigItems.eks "true" }} +{{- if ne .Cluster.Provider "zalando-eks" }} nodeSelector: node.kubernetes.io/role: master {{- end }} diff --git a/cluster/manifests/deletions.yaml b/cluster/manifests/deletions.yaml index 83e249cebb..7e24066469 100644 --- a/cluster/manifests/deletions.yaml +++ b/cluster/manifests/deletions.yaml @@ -3,7 +3,7 @@ pre_apply: [] # everything defined under here will be deleted after applying the manifests post_apply: -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} - name: coredns kind: Deployment namespace: kube-system diff --git a/cluster/manifests/deployment-service/controller-rbac.yaml b/cluster/manifests/deployment-service/controller-rbac.yaml index 1e36b34862..2554846796 100644 --- a/cluster/manifests/deployment-service/controller-rbac.yaml +++ b/cluster/manifests/deployment-service/controller-rbac.yaml @@ -7,7 +7,7 @@ metadata: application: "deployment-service" component: "controller" annotations: - {{- if eq .Cluster.ConfigItems.eks "true" }} + {{- if eq .Cluster.Provider "zalando-eks" }} eks.amazonaws.com/role-arn: "arn:aws:iam::{{.Cluster.InfrastructureAccount | getAWSAccountID}}:role/{{.Cluster.LocalID}}-deployment-service-controller" {{- else }} iam.amazonaws.com/role: "{{.Cluster.LocalID}}-deployment-service-controller" diff --git a/cluster/manifests/deployment-service/status-service-rbac.yaml b/cluster/manifests/deployment-service/status-service-rbac.yaml index fe25acb91e..93a1fd7a56 100644 --- a/cluster/manifests/deployment-service/status-service-rbac.yaml +++ b/cluster/manifests/deployment-service/status-service-rbac.yaml @@ -7,7 +7,7 @@ metadata: application: "deployment-service" component: "status-service" annotations: - {{- if eq .Cluster.ConfigItems.eks "true" }} + {{- if eq .Cluster.Provider "zalando-eks" }} eks.amazonaws.com/role-arn: "arn:aws:iam::{{.Cluster.InfrastructureAccount | getAWSAccountID}}:role/{{.Cluster.LocalID}}-deployment-service-status-service" {{- else }} iam.amazonaws.com/role: "{{.Cluster.LocalID}}-deployment-service-status-service" diff --git a/cluster/manifests/etcd-backup/01-rbac.yaml b/cluster/manifests/etcd-backup/01-rbac.yaml index ee412b156a..37870f3585 100644 --- a/cluster/manifests/etcd-backup/01-rbac.yaml +++ b/cluster/manifests/etcd-backup/01-rbac.yaml @@ -1,4 +1,4 @@ -{{- if ne .Cluster.ConfigItems.eks "true" }} +{{- if ne .Cluster.Provider "zalando-eks" }} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/cluster/manifests/etcd-backup/cronjob.yaml b/cluster/manifests/etcd-backup/cronjob.yaml index 8095839128..4602450e08 100644 --- a/cluster/manifests/etcd-backup/cronjob.yaml +++ b/cluster/manifests/etcd-backup/cronjob.yaml @@ -1,4 +1,4 @@ -{{- if ne .Cluster.ConfigItems.eks "true" }} +{{- if ne .Cluster.Provider "zalando-eks" }} apiVersion: batch/v1 kind: CronJob metadata: diff --git a/cluster/manifests/external-dns/01-rbac.yaml b/cluster/manifests/external-dns/01-rbac.yaml index 2f31af00cb..e9a420f4ed 100644 --- a/cluster/manifests/external-dns/01-rbac.yaml +++ b/cluster/manifests/external-dns/01-rbac.yaml @@ -8,7 +8,7 @@ metadata: application: kubernetes component: external-dns annotations: -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} eks.amazonaws.com/role-arn: "arn:aws:iam::{{.Cluster.InfrastructureAccount | getAWSAccountID}}:role/{{ .Cluster.LocalID }}-app-external-dns" {{- else}} iam.amazonaws.com/role: "{{ .Cluster.LocalID }}-app-external-dns" diff --git a/cluster/manifests/flannel/daemonset.yaml b/cluster/manifests/flannel/daemonset.yaml index ccffbbacda..25281c9e91 100644 --- a/cluster/manifests/flannel/daemonset.yaml +++ b/cluster/manifests/flannel/daemonset.yaml @@ -1,5 +1,5 @@ # TODO: what to do with kube-proxy for eks? -{{- if ne .Cluster.ConfigItems.eks "true"}} +{{- if ne .Cluster.Provider "zalando-eks"}} apiVersion: apps/v1 kind: DaemonSet metadata: diff --git a/cluster/manifests/flannel/rbac.yaml b/cluster/manifests/flannel/rbac.yaml index 8251de0b8d..82c023933e 100644 --- a/cluster/manifests/flannel/rbac.yaml +++ b/cluster/manifests/flannel/rbac.yaml @@ -1,5 +1,5 @@ # TODO: what to do with kube-proxy for eks? -{{- if ne .Cluster.ConfigItems.eks "true"}} +{{- if ne .Cluster.Provider "zalando-eks"}} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/cluster/manifests/ingress-controller/01-rbac.yaml b/cluster/manifests/ingress-controller/01-rbac.yaml index f20c784c84..c5def0f41a 100644 --- a/cluster/manifests/ingress-controller/01-rbac.yaml +++ b/cluster/manifests/ingress-controller/01-rbac.yaml @@ -4,7 +4,7 @@ metadata: name: kube-ingress-aws-controller namespace: kube-system annotations: -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} eks.amazonaws.com/role-arn: "arn:aws:iam::{{.Cluster.InfrastructureAccount | getAWSAccountID}}:role/{{ .Cluster.LocalID }}-app-ingr-ctrl" {{- else}} iam.amazonaws.com/role: "{{ .Cluster.LocalID }}-app-ingr-ctrl" diff --git a/cluster/manifests/kube-cluster-autoscaler/01-rbac.yaml b/cluster/manifests/kube-cluster-autoscaler/01-rbac.yaml index 50700c09e8..a9dfb4e050 100644 --- a/cluster/manifests/kube-cluster-autoscaler/01-rbac.yaml +++ b/cluster/manifests/kube-cluster-autoscaler/01-rbac.yaml @@ -7,7 +7,7 @@ metadata: application: kubernetes component: kube-cluster-autoscaler annotations: -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} eks.amazonaws.com/role-arn: "arn:aws:iam::{{.Cluster.InfrastructureAccount | getAWSAccountID}}:role/{{ .Cluster.LocalID }}-app-autoscaler" {{- else}} iam.amazonaws.com/role: "{{ .Cluster.LocalID }}-app-autoscaler" diff --git a/cluster/manifests/kube-cluster-autoscaler/daemonset.yaml b/cluster/manifests/kube-cluster-autoscaler/daemonset.yaml index 5c22f4a965..de8f80ef80 100644 --- a/cluster/manifests/kube-cluster-autoscaler/daemonset.yaml +++ b/cluster/manifests/kube-cluster-autoscaler/daemonset.yaml @@ -1,5 +1,5 @@ apiVersion: apps/v1 -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} kind: Deployment {{- else}} kind: DaemonSet @@ -14,7 +14,7 @@ spec: selector: matchLabels: daemonset: kube-cluster-autoscaler -{{- if ne .Cluster.ConfigItems.eks "true"}} +{{- if ne .Cluster.Provider "zalando-eks"}} updateStrategy: type: RollingUpdate {{- end}} @@ -37,7 +37,7 @@ spec: serviceAccountName: cluster-autoscaler dnsPolicy: Default tolerations: -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} - key: dedicated value: cluster-seed {{- else}} @@ -83,7 +83,7 @@ spec: env: - name: AWS_REGION value: "{{ .Cluster.Region }}" -{{- if ne .Cluster.ConfigItems.eks "true"}} +{{- if ne .Cluster.Provider "zalando-eks"}} nodeSelector: node.kubernetes.io/role: master {{- end}} diff --git a/cluster/manifests/kube-metrics-adapter/01-rbac.yaml b/cluster/manifests/kube-metrics-adapter/01-rbac.yaml index c56db461e8..1ab767612e 100644 --- a/cluster/manifests/kube-metrics-adapter/01-rbac.yaml +++ b/cluster/manifests/kube-metrics-adapter/01-rbac.yaml @@ -4,7 +4,7 @@ metadata: name: custom-metrics-apiserver namespace: kube-system annotations: - {{- if eq .Cluster.ConfigItems.eks "true" }} + {{- if eq .Cluster.Provider "zalando-eks" }} eks.amazonaws.com/role-arn: "arn:aws:iam::{{.Cluster.InfrastructureAccount | getAWSAccountID}}:role/{{ .Cluster.LocalID }}-kube-metrics-adapter" {{- else }} iam.amazonaws.com/role: "{{ .Cluster.LocalID }}-kube-metrics-adapter" diff --git a/cluster/manifests/kube-node-ready-controller/daemonset.yaml b/cluster/manifests/kube-node-ready-controller/daemonset.yaml index 736b819c5c..138b98e61b 100644 --- a/cluster/manifests/kube-node-ready-controller/daemonset.yaml +++ b/cluster/manifests/kube-node-ready-controller/daemonset.yaml @@ -1,5 +1,5 @@ apiVersion: apps/v1 -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} kind: Deployment {{- else}} kind: DaemonSet @@ -14,7 +14,7 @@ spec: selector: matchLabels: daemonset: kube-node-ready-controller -{{- if ne .Cluster.ConfigItems.eks "true"}} +{{- if ne .Cluster.Provider "zalando-eks"}} updateStrategy: type: RollingUpdate {{- end}} @@ -41,7 +41,7 @@ spec: - key: node.kubernetes.io/role value: master effect: NoSchedule -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} - key: dedicated value: cluster-seed effect: NoSchedule @@ -53,7 +53,7 @@ spec: requests: cpu: {{.Cluster.ConfigItems.kube_node_ready_controller_cpu}} memory: {{.Cluster.ConfigItems.kube_node_ready_controller_memory}} -{{- if ne .Cluster.ConfigItems.eks "true"}} +{{- if ne .Cluster.Provider "zalando-eks"}} nodeSelector: node.kubernetes.io/role: master {{- end}} diff --git a/cluster/manifests/kube-node-ready/01-rbac.yaml b/cluster/manifests/kube-node-ready/01-rbac.yaml index 0746c12f82..e7f3252335 100644 --- a/cluster/manifests/kube-node-ready/01-rbac.yaml +++ b/cluster/manifests/kube-node-ready/01-rbac.yaml @@ -4,7 +4,7 @@ metadata: name: kube-node-ready namespace: kube-system annotations: - {{- if eq .Cluster.ConfigItems.eks "true" }} + {{- if eq .Cluster.Provider "zalando-eks" }} eks.amazonaws.com/role-arn: "arn:aws:iam::{{.Cluster.InfrastructureAccount | getAWSAccountID}}:role/{{ .Cluster.LocalID }}-kube-node-ready" {{- else }} iam.amazonaws.com/role: "{{ .Cluster.LocalID }}-kube-node-ready" diff --git a/cluster/manifests/kube-proxy/configmap.yaml b/cluster/manifests/kube-proxy/configmap.yaml index 71e790de55..136d52b703 100644 --- a/cluster/manifests/kube-proxy/configmap.yaml +++ b/cluster/manifests/kube-proxy/configmap.yaml @@ -1,4 +1,4 @@ -{{- if ne .Cluster.ConfigItems.eks "true"}} +{{- if ne .Cluster.Provider "zalando-eks"}} apiVersion: v1 kind: ConfigMap metadata: diff --git a/cluster/manifests/kube-proxy/daemonset.yaml b/cluster/manifests/kube-proxy/daemonset.yaml index 03f88721b8..3980e049a2 100644 --- a/cluster/manifests/kube-proxy/daemonset.yaml +++ b/cluster/manifests/kube-proxy/daemonset.yaml @@ -1,5 +1,5 @@ # TODO: what to do with kube-proxy for eks? -{{- if ne .Cluster.ConfigItems.eks "true"}} +{{- if ne .Cluster.Provider "zalando-eks"}} apiVersion: apps/v1 kind: DaemonSet metadata: diff --git a/cluster/manifests/kube-proxy/rbac.yaml b/cluster/manifests/kube-proxy/rbac.yaml index b054cf1a11..2bfa94cc25 100644 --- a/cluster/manifests/kube-proxy/rbac.yaml +++ b/cluster/manifests/kube-proxy/rbac.yaml @@ -1,5 +1,5 @@ # TODO: what to do with kube-proxy for eks? -{{- if ne .Cluster.ConfigItems.eks "true"}} +{{- if ne .Cluster.Provider "zalando-eks"}} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/cluster/manifests/prometheus/configmap.yaml b/cluster/manifests/prometheus/configmap.yaml index db0f7eba2d..07004b4074 100644 --- a/cluster/manifests/prometheus/configmap.yaml +++ b/cluster/manifests/prometheus/configmap.yaml @@ -183,7 +183,7 @@ data: target_label: node_name - action: labeldrop regex: "^(pod|node|container)$" -{{- if ne .Cluster.ConfigItems.eks "true" }} +{{- if ne .Cluster.Provider "zalando-eks" }} - job_name: 'etcd-servers' scheme: http dns_sd_configs: diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index 4be95567bf..493c11584a 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -532,7 +532,7 @@ spec: - "-enable-kubernetes-endpointslices={{ .Cluster.ConfigItems.skipper_endpointslices_enabled }}" - "-address=:9990" - "-wait-for-healthcheck-interval={{ .Cluster.ConfigItems.skipper_wait_for_healthcheck_interval }}" -{{- if and (eq .Cluster.ConfigItems.eks "true") (eq .Cluster.ConfigItems.eks_ip_family "ipv6")}} +{{- if and (eq .Cluster.Provider "zalando-eks") (eq .Cluster.ConfigItems.eks_ip_family "ipv6")}} # TODO: dynamically get the subnet range (or figure out if these are known internal addresses?) - "-whitelisted-healthcheck-cidr=2a05:d014:09c0:bf00:0:0:0:0/64,2a05:d014:09c0:bf01:0:0:0:0/64,2a05:d014:09c0:bf02:0:0:0:0/64" {{- end }} diff --git a/cluster/manifests/skipper/service-internal.yaml b/cluster/manifests/skipper/service-internal.yaml index 167693f0a7..cb78ffda8d 100644 --- a/cluster/manifests/skipper/service-internal.yaml +++ b/cluster/manifests/skipper/service-internal.yaml @@ -14,7 +14,7 @@ metadata: component: ingress spec: type: ClusterIP -{{- if ne .Cluster.ConfigItems.eks "true"}} +{{- if ne .Cluster.Provider "zalando-eks"}} # TODO: how to do internal-ingress? # function to derive IP from range? # Can be hardcoded for ipv4, must be dynamic for ipv6 diff --git a/cluster/manifests/z-karpenter/01-serviceaccount.yaml b/cluster/manifests/z-karpenter/01-serviceaccount.yaml index 7b5f0fc5c4..91424adf9b 100644 --- a/cluster/manifests/z-karpenter/01-serviceaccount.yaml +++ b/cluster/manifests/z-karpenter/01-serviceaccount.yaml @@ -10,7 +10,7 @@ metadata: application: kubernetes component: karpenter annotations: -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} eks.amazonaws.com/role-arn: "arn:aws:iam::{{.Cluster.InfrastructureAccount | getAWSAccountID}}:role/{{ .Cluster.LocalID }}-app-karpenter" {{- else}} iam.amazonaws.com/role: '{{ .Cluster.LocalID }}-app-karpenter' diff --git a/cluster/manifests/z-karpenter/deployment.yaml b/cluster/manifests/z-karpenter/deployment.yaml index 935e9c99d2..f309163ec8 100644 --- a/cluster/manifests/z-karpenter/deployment.yaml +++ b/cluster/manifests/z-karpenter/deployment.yaml @@ -164,7 +164,7 @@ spec: - key: node.kubernetes.io/role value: master effect: NoSchedule -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} - key: dedicated value: cluster-seed effect: NoSchedule diff --git a/cluster/node-pools/worker-combined/stack.yaml b/cluster/node-pools/worker-combined/stack.yaml index 57eba5890c..86f14bd2e6 100644 --- a/cluster/node-pools/worker-combined/stack.yaml +++ b/cluster/node-pools/worker-combined/stack.yaml @@ -151,7 +151,7 @@ Resources: NetworkInterfaces: - DeviceIndex: 0 AssociatePublicIpAddress: true - {{- if and (eq .Cluster.ConfigItems.eks "true") (eq .Cluster.ConfigItems.eks_ip_family "ipv6") }} + {{- if and (eq .Cluster.Provider "zalando-eks") (eq .Cluster.ConfigItems.eks_ip_family "ipv6") }} Ipv6AddressCount: 1 {{- end}} Groups: diff --git a/cluster/node-pools/worker-karpenter/provisioners.yaml b/cluster/node-pools/worker-karpenter/provisioners.yaml index 2538700e4a..04f2b9282c 100644 --- a/cluster/node-pools/worker-karpenter/provisioners.yaml +++ b/cluster/node-pools/worker-karpenter/provisioners.yaml @@ -113,7 +113,7 @@ spec: # Operators { In, NotIn, Exists, DoesNotExist, Gt, and Lt } are supported. # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#operators requirements: -#{{ if and (eq .Cluster.ConfigItems.eks "true") (eq .Cluster.ConfigItems.eks_ip_family "ipv6") }} +#{{ if and (eq .Cluster.Provider "zalando-eks") (eq .Cluster.ConfigItems.eks_ip_family "ipv6") }} - key: karpenter.k8s.aws/instance-hypervisor operator: In values: @@ -190,7 +190,7 @@ spec: kubelet: clusterDNS: [ "10.0.1.100" ] cpuCFSQuota: false -#{{ if eq .Cluster.ConfigItems.eks "true" }} +#{{ if eq .Cluster.Provider "zalando-eks" }} # TODO: Uses lower limit for simplicity need to support dynamic value based # on instance type. maxPods: 10 diff --git a/cluster/node-pools/worker-splitaz/files.yaml b/cluster/node-pools/worker-splitaz/files.yaml index df18020d52..d1ccb2c331 100644 --- a/cluster/node-pools/worker-splitaz/files.yaml +++ b/cluster/node-pools/worker-splitaz/files.yaml @@ -2,7 +2,7 @@ files: - path: /etc/kubernetes/.local-id data: "{{ .Cluster.LocalID | base64 }}" permissions: 0400 -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} - path: /etc/kubernetes/ssl/ca.pem data: {{.Cluster.ConfigItems.eks_certficate_authority_data}} permissions: 0400 diff --git a/cluster/node-pools/worker-splitaz/stack.yaml b/cluster/node-pools/worker-splitaz/stack.yaml index 39d0310ab0..6e86fbd7bb 100644 --- a/cluster/node-pools/worker-splitaz/stack.yaml +++ b/cluster/node-pools/worker-splitaz/stack.yaml @@ -164,7 +164,7 @@ Resources: NetworkInterfaces: - DeviceIndex: 0 AssociatePublicIpAddress: true - {{- if and (eq .Cluster.ConfigItems.eks "true") (eq .Cluster.ConfigItems.eks_ip_family "ipv6") }} + {{- if and (eq .Cluster.Provider "zalando-eks") (eq .Cluster.ConfigItems.eks_ip_family "ipv6") }} Ipv6AddressCount: 1 {{- end}} Groups: diff --git a/cluster/node-pools/worker-splitaz/userdata.yaml b/cluster/node-pools/worker-splitaz/userdata.yaml index 67a5c34729..8af0a238e7 100644 --- a/cluster/node-pools/worker-splitaz/userdata.yaml +++ b/cluster/node-pools/worker-splitaz/userdata.yaml @@ -34,7 +34,7 @@ write_files: clusters: - name: local cluster: - {{- if eq .Cluster.ConfigItems.eks "true" }} + {{- if eq .Cluster.Provider "zalando-eks" }} server: {{.Cluster.ConfigItems.eks_endpoint}} certificate-authority-data: "{{.Cluster.ConfigItems.eks_certficate_authority_data}}" {{- else }} @@ -50,7 +50,7 @@ write_files: - eks - get-token - --cluster-name - - '{{- if eq .Cluster.ConfigItems.eks "true" }}{{.Cluster.ID | eksID}}{{else}}{{.Cluster.ID}}{{end}}' + - '{{- if eq .Cluster.Provider "zalando-eks" }}{{.Cluster.ID | eksID}}{{else}}{{.Cluster.ID}}{{end}}' contexts: - context: cluster: local @@ -71,7 +71,7 @@ write_files: imageGCLowThresholdPercent: {{.Cluster.ConfigItems.kubelet_image_gc_low_threshold}} clusterDomain: cluster.local cpuCFSQuota: false -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} hairpinMode: hairpin-veth {{- end }} featureGates: @@ -79,12 +79,12 @@ write_files: {{- if eq .NodePool.ConfigItems.exec_probe_timeout_enabled "false" }} ExecProbeTimeout: false {{- end }} -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} RotateKubeletServerCertificate: true {{- end }} podPidsLimit: {{ .NodePool.ConfigItems.pod_max_pids }} cpuManagerPolicy: {{ .NodePool.ConfigItems.cpu_manager_policy }} -{{- if eq .Cluster.ConfigItems.eks "true" }} +{{- if eq .Cluster.Provider "zalando-eks" }} # TODO: Uses lower limit for simplicity need to support dynamic value # based on instance type. maxPods: 14 @@ -96,7 +96,7 @@ write_files: {{- end }} healthzPort: 10248 healthzBindAddress: "0.0.0.0" -{{- if eq .Cluster.ConfigItems.eks "true"}} +{{- if eq .Cluster.Provider "zalando-eks"}} serverTLSBootstrap: true {{- else }} tlsCertFile: "/etc/kubernetes/ssl/worker.pem" @@ -151,7 +151,7 @@ write_files: {{- end}} {{- end}} -{{- if ne .Cluster.ConfigItems.eks "true" }} +{{- if ne .Cluster.Provider "zalando-eks" }} - owner: root:root path: /etc/kubernetes/cni/net.d/10-flannel.conflist content: |