Add Amazon VPC CNI support

Makefile

@@ -302,7 +302,7 @@ create-cluster: $(CLUSTERCTL) ## Create a development Kubernetes cluster on AWS
 	-m ./examples/_out/controlplane.yaml \
 	-c ./examples/_out/cluster.yaml \
 	-p ./examples/_out/provider-components.yaml \
-	-a ./examples/addons.yaml
+	-a ./examples/_out/addons.yaml
 
 
 .PHONY: create-cluster-management
@@ -330,7 +330,7 @@ create-cluster-management: $(CLUSTERCTL) ## Create a development Kubernetes clus
 	$(CLUSTERCTL) \
 		alpha phases apply-addons -v=3 \
 		--kubeconfig=./kubeconfig \
-		-a examples/addons.yaml
+		-a examples/_out/addons.yaml
 	# Create a worker node with MachineDeployment.
 	kubectl \
 		--kubeconfig=$$(kind get kubeconfig-path --name="clusterapi") \

examples/amazon-k8s-cni-addons.yaml

@@ -0,0 +1,148 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: aws-node
+rules:
+  - apiGroups:
+      - crd.k8s.amazonaws.com
+    resources:
+      - "*"
+      - namespaces
+    verbs:
+      - "*"
+  - apiGroups: [""]
+    resources:
+      - pods
+      - nodes
+      - namespaces
+    verbs: ["list", "watch", "get"]
+  - apiGroups: ["extensions"]
+    resources:
+      - daemonsets
+    verbs: ["list", "watch"]
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: aws-node
+  namespace: kube-system
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: aws-node
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: aws-node
+subjects:
+  - kind: ServiceAccount
+    name: aws-node
+    namespace: kube-system
+
+---
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: aws-node
+  namespace: kube-system
+  labels:
+    k8s-app: aws-node
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      k8s-app: aws-node
+  template:
+    metadata:
+      labels:
+        k8s-app: aws-node
+    spec:
+      priorityClassName: system-node-critical
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: "beta.kubernetes.io/os"
+                    operator: In
+                    values:
+                      - linux
+                  - key: "beta.kubernetes.io/arch"
+                    operator: In
+                    values:
+                      - amd64
+      serviceAccountName: aws-node
+      hostNetwork: true
+      tolerations:
+        - operator: Exists
+      containers:
+        - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.3
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 61678
+              name: metrics
+          name: aws-node
+          #readinessProbe:
+          #  exec:
+          #    command: ["/app/grpc_health_probe", "-addr=:50051"]
+          #  initialDelaySeconds: 25
+          #livenessProbe:
+          #  exec:
+          #    command: ["/app/grpc_health_probe", "-addr=:50051"]
+          #  initialDelaySeconds: 25
+          env:
+            - name: AWS_VPC_K8S_CNI_LOGLEVEL
+              value: DEBUG
+            - name: MY_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          resources:
+            requests:
+              cpu: 10m
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: /host/opt/cni/bin
+              name: cni-bin-dir
+            - mountPath: /host/etc/cni/net.d
+              name: cni-net-dir
+            - mountPath: /host/var/log
+              name: log-dir
+            - mountPath: /var/run/containerd/containerd.sock
+              name: dockersock
+      volumes:
+        - name: cni-bin-dir
+          hostPath:
+            path: /opt/cni/bin
+        - name: cni-net-dir
+          hostPath:
+            path: /etc/cni/net.d
+        - name: log-dir
+          hostPath:
+            path: /var/log
+        - name: dockersock
+          hostPath:
+            path: /var/run/containerd/containerd.sock
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: eniconfigs.crd.k8s.amazonaws.com
+spec:
+  scope: Cluster
+  group: crd.k8s.amazonaws.com
+  versions:
+    - name: v1alpha1
+      served: true
+      storage: true
+  names:
+    plural: eniconfigs
+    singular: eniconfig
+    kind: ENIConfig

examples/cluster/cluster.yaml

@@ -2,11 +2,17 @@
 apiVersion: cluster.x-k8s.io/v1alpha2
 kind: Cluster
 metadata:
+  annotations:
+    cluster.x-k8s.io/network-cni: ${NETWORK}
   name: ${CLUSTER_NAME}
 spec:
   clusterNetwork:
+    services:
+      cidrBlocks:
+        - ${SERVICECIDR}
     pods:
-      cidrBlocks: ["192.168.0.0/16"]
+      cidrBlocks:
+        - ${PODCIDR}
   infrastructureRef:
     apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
     kind: AWSCluster

examples/controlplane/controlplane.yaml

@@ -36,6 +36,8 @@ spec:
       name: '{{ ds.meta_data.hostname }}'
       kubeletExtraArgs:
         cloud-provider: aws
+        node-ip: '{{ ds.meta_data.local_ipv4 }}'
+        max-pods: "${CONTROL_PLANE_MAXPODS}"
   clusterConfiguration:
     apiServer:
       extraArgs:
@@ -83,6 +85,8 @@ spec:
       name: '{{ ds.meta_data.hostname }}'
       kubeletExtraArgs:
         cloud-provider: aws
+        node-ip: '{{ ds.meta_data.local_ipv4 }}'
+        max-pods: "${CONTROL_PLANE_MAXPODS}"
 ---
 apiVersion: cluster.x-k8s.io/v1alpha2
 kind: Machine
@@ -123,3 +127,5 @@ spec:
       name: '{{ ds.meta_data.hostname }}'
       kubeletExtraArgs:
         cloud-provider: aws
+        node-ip: '{{ ds.meta_data.local_ipv4 }}'
+        max-pods: "${CONTROL_PLANE_MAXPODS}"

examples/generate.sh

@@ -27,13 +27,20 @@ command -v "${ENVSUBST}" >/dev/null 2>&1 || echo -v "Cannot find ${ENVSUBST} in
 CLUSTERAWSADM=${CLUSTERAWSADM:-${SOURCE_DIR}/../bin/clusterawsadm}
 command -v "${CLUSTERAWSADM}" >/dev/null 2>&1 || echo -v "Cannot find ${CLUSTERAWSADM} in path, build it using 'make binaries' in this repository."
 
+# NETWORK
+export NETWORK="${NETWORK:-Calico}"
+export PODCIDR="${PODCIDR:-192.168.0.0/16}"
+export SERVICECIDR="${PODCIDR:-192.168.0.0/16}"
+
 # Cluster.
 export CLUSTER_NAME="${CLUSTER_NAME:-test1}"
 export KUBERNETES_VERSION="${KUBERNETES_VERSION:-v1.15.3}"
 
 # Machine settings.
 export CONTROL_PLANE_MACHINE_TYPE="${CONTROL_PLANE_MACHINE_TYPE:-t2.medium}"
 export NODE_MACHINE_TYPE="${CONTROL_PLANE_MACHINE_TYPE:-t2.medium}"
+export CONTROL_PLANE_MAXPODS="${CONTROL_PLANE_MAXPODS:-\"110\"}"
+export NODE_MACHINE_MAXPODS="${NODE_MACHINE_MAXPODS:-\"110\"}"
 export SSH_KEY_NAME="${SSH_KEY_NAME:-default}"
 
 # Outputs.
@@ -46,6 +53,9 @@ CLUSTER_GENERATED_FILE=${OUTPUT_DIR}/cluster.yaml
 CONTROLPLANE_GENERATED_FILE=${OUTPUT_DIR}/controlplane.yaml
 MACHINEDEPLOYMENT_GENERATED_FILE=${OUTPUT_DIR}/machinedeployment.yaml
 
+# ADDONS
+ADDONS_GENERATED_FILE=${OUTPUT_DIR}/addons.yaml
+
 # Overwrite flag.
 OVERWRITE=0
 
@@ -83,6 +93,18 @@ fi
 
 mkdir -p "${OUTPUT_DIR}"
 
+# Generate ADDONS.
+if [ ${NETWORK} == "AmazonVPC" ]; then
+    cat "${SOURCE_DIR}/amazon-k8s-cni-addons.yaml" | envsubst > "${ADDONS_GENERATED_FILE}"
+    source ${SOURCE_DIR}/vpc_ip_resource_limit.sh
+    CONTROL_PLANE_MAXPODS=$(getMaxPods $CONTROL_PLANE_MACHINE_TYPE)
+    NODE_MACHINE_MAXPODS=$(getMaxPods $NODE_MACHINE_TYPE)
+    PODCIDR="10.0.0.0/16"
+else
+    cat "${SOURCE_DIR}/calico-addons.yaml" | envsubst > "${ADDONS_GENERATED_FILE}"
+fi
+echo "Generated ${ADDONS_GENERATED_FILE}"
+
 # Generate AWS Credentials.
 AWS_B64ENCODED_CREDENTIALS="$(${CLUSTERAWSADM} alpha bootstrap encode-aws-credentials)"
 export AWS_B64ENCODED_CREDENTIALS

examples/machinedeployment/machinedeployment.yaml

@@ -51,3 +51,5 @@ spec:
           name: '{{ ds.meta_data.hostname }}'
           kubeletExtraArgs:
             cloud-provider: aws
+            node-ip: '{{ ds.meta_data.local_ipv4 }}'
+            max-pods: ${NODE_MACHINE_MAXPODS}