add placement group docs and update firewall docs

linode · Sep 6, 2024 · a6ff16b · a6ff16b
1 parent 77f7986
commit a6ff16b
Show file tree

Hide file tree

Showing 3 changed files with 97 additions and 15 deletions.
diff --git a/docs/src/SUMMARY.md b/docs/src/SUMMARY.md
@@ -29,6 +29,7 @@
     - [Autoscaling](./topics/autoscaling.md)
     - [VPC](./topics/vpc.md)
     - [Firewalling](./topics/firewalling.md)
+    - [Placement Groups](./topics/placement-groups.md)
 - [Development](./developers/development.md)
     - [Releasing](./developers/releasing.md)
     - [Testing](./developers/testing.md)

diff --git a/docs/src/topics/firewalling.md b/docs/src/topics/firewalling.md
@@ -81,17 +81,14 @@ spec:
 ```
 
 ## Cloud Firewalls
+Cloud firewalls are provisioned with all flavors that use VPCs. They are provisioned in disabled mode but can be enabled
+with the environment variable `LINODE_FIREWALL_ENABLED=true`. The default rules allow for all intra-cluster VPC traffic 
+along with any traffic going to the API server. 
 
+### Creating Cloud Firewalls
 For controlling firewalls via Linode resources, a [Cloud Firewall](https://www.linode.com/products/cloud-firewall/) can
-be defined and provisioned via the `LinodeFirewall` resource in CAPL.
-
-The created Cloud Firewall can be used on a `LinodeMachine` or a `LinodeMachineTemplate` by setting the `firewallRef` field.
-Alternatively, the provisioned Cloud Firewall's ID can be used in the `firewallID` field.
-
-```admonish note
-The `firewallRef` and `firewallID` fields are currently immutable for `LinodeMachines` and `LinodeMachineTemplates`. This will
-be addressed in a later release. 
-```
+be defined and provisioned via the `LinodeFirewall` resource in CAPL. Any updates to the cloud firewall CAPL resource
+will be updated in the cloud firewall and overwrite any changes made outside the CAPL resource.
 
 Example `LinodeFirewall`:
 ```yaml
@@ -104,14 +101,49 @@ spec:
   inboundPolicy: DROP
   inboundRules:
     - action: ACCEPT
-      label: k8s-api
-      ports: "6443"
+      label: intra-cluster
+      ports: "1-65535"
       protocol: "TCP"
       addresses:
         ipv4:
-          - "10.0.0.0/24"
-  # outboundPolicy: ACCEPT
-  # outboundRules: []
+          - "10.0.0.0/8"
+    - action: ACCEPT
+      addresses:
+        ipv4:
+          - 0.0.0.0/0
+        ipv6:
+          - ::/0
+      ports: "6443"
+      protocol: TCP
+      label: inbound-api-server
 ```
 
-Cloud Firewalls are not automatically created for any CAPL flavor at this time.
+### Cloud Firewall Machine Integration
+The created Cloud Firewall can be used on a `LinodeMachine` or a `LinodeMachineTemplate` by setting the `firewallRef` field.
+Alternatively, the provisioned Cloud Firewall's ID can be used in the `firewallID` field.
+
+```admonish note
+The `firewallRef` and `firewallID` fields are currently immutable for `LinodeMachines` and `LinodeMachineTemplates`. This will
+be addressed in a later release. 
+```
+
+Example `LinodeMachineTemplate`:
+```yaml
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
+kind: LinodeMachineTemplate
+metadata:
+  name: test-cluster-control-plane
+  namespace: default
+spec:
+  template:
+    spec:
+      firewallRef:
+        apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
+        kind: LinodeFirewall
+        name: sample-fw
+      image: linode/ubuntu22.04
+      interfaces:
+        - purpose: public
+      region: us-ord
+      type: g6-standard-4
+```
diff --git a/docs/src/topics/placement-groups.md b/docs/src/topics/placement-groups.md
@@ -0,0 +1,49 @@
+# Placement Groups
+
+This guide covers how configure [placement groups](https://techdocs.akamai.com/cloud-computing/docs/work-with-placement-groups) within a CAPL cluster. 
+Placement groups are currently provisioned with any of the `*-full` flavors in the `LinodeMachineTemplate` for the control plane machines only.
+```admonish note
+Currently only 5 nodes are allowed in a single placement group
+```
+
+## Placement Group Creation
+
+For controlling placement groups via Linode resources, a [placement groups](https://techdocs.akamai.com/cloud-computing/docs/work-with-placement-groups) can
+be defined and provisioned via the `PlacementGroup` resource in CAPL.
+
+
+Example `PlacementGroup`:
+```yaml
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
+kind: LinodePlacementGroup
+metadata:
+  name: test-cluster
+spec:
+  region: us-ord
+```
+
+## PlacementGroup Machine Integration
+In order to use a placement group with a machine, a `PlacementGroupRef` can be used in the `LinodeMachineTemplate` spec
+to assign any nodes used in that template to the placement group. Due to the limited size of the placement group our templates
+currently only integrate with this for control plane nodes
+
+Example `LinodeMachineTemplate`:
+```yaml
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
+kind: LinodeMachineTemplate
+metadata:
+  name: test-cluster-control-plane
+  namespace: default
+spec:
+  template:
+    spec:
+      image: linode/ubuntu22.04
+      interfaces:
+        - purpose: public
+      placementGroupRef:
+        apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
+        kind: LinodePlacementGroup
+        name: test-cluster
+      region: us-ord
+      type: g6-standard-4
+```