vynil/addons
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adding initial kubevirt support

Browse Source
This commit is contained in:
Sébastien Huss
2024-04-15 16:18:28 +02:00
parent 05ce097727
commit 32bc211cb6
136 changed files with 42922 additions and 227 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
virt/cdi/admissionregistration.k8s.io_v1_MutatingWebhookConfiguration_cdi-api-datavolume-mutate.yaml.hbs Normal file
View File

@@ -0,0 +1,37 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: "{{ namespace }}/cdi-apiserver-server-cert"
labels:
cdi.kubevirt.io: cdi-api
name: cdi-api-datavolume-mutate
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: cdi-api
namespace: "{{ namespace }}"
path: /datavolume-mutate
port: 443
failurePolicy: Fail
matchPolicy: Exact
name: datavolume-mutate.cdi.kubevirt.io
namespaceSelector: {}
objectSelector: {}
reinvocationPolicy: Never
rules:
- apiGroups:
- cdi.kubevirt.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- datavolumes
scope: '*'
sideEffects: None
timeoutSeconds: 30

36
virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_cdi-api-dataimportcron-validate.yaml.hbs Normal file
View File

@@ -0,0 +1,36 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: "{{ namespace }}/cdi-apiserver-server-cert"
labels:
cdi.kubevirt.io: cdi-api
name: cdi-api-dataimportcron-validate
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: cdi-api
namespace: "{{ namespace }}"
path: /dataimportcron-validate
port: 443
failurePolicy: Fail
matchPolicy: Exact
name: dataimportcron-validate.cdi.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- cdi.kubevirt.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- dataimportcrons
scope: '*'
sideEffects: None
timeoutSeconds: 30

36
virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_cdi-api-datavolume-validate.yaml.hbs Normal file
View File

@@ -0,0 +1,36 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: "{{ namespace }}/cdi-apiserver-server-cert"
labels:
cdi.kubevirt.io: cdi-api
name: cdi-api-datavolume-validate
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: cdi-api
namespace: "{{ namespace }}"
path: /datavolume-validate
port: 443
failurePolicy: Fail
matchPolicy: Exact
name: datavolume-validate.cdi.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- cdi.kubevirt.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- datavolumes
scope: '*'
sideEffects: None
timeoutSeconds: 30

37
virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_cdi-api-populator-validate.yaml.hbs Normal file
View File

@@ -0,0 +1,37 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: "{{ namespace }}/cdi-apiserver-server-cert"
labels:
cdi.kubevirt.io: cdi-api
name: cdi-api-populator-validate
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: cdi-api
namespace: "{{ namespace }}"
path: /populator-validate
port: 443
failurePolicy: Fail
matchPolicy: Exact
name: populator-validate.cdi.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- cdi.kubevirt.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- volumeimportsources
- volumeuploadsources
scope: '*'
sideEffects: None
timeoutSeconds: 30

35
virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_cdi-api-validate.yaml.hbs Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: "{{ namespace }}/cdi-apiserver-server-cert"
labels:
cdi.kubevirt.io: cdi-api
name: cdi-api-validate
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: cdi-api
namespace: "{{ namespace }}"
path: /cdi-validate
port: 443
failurePolicy: Fail
matchPolicy: Exact
name: cdi-validate.cdi.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- cdi.kubevirt.io
apiVersions:
- v1beta1
operations:
- DELETE
resources:
- cdis
scope: '*'
sideEffects: None
timeoutSeconds: 30

36
virt/cdi/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_objecttransfer-api-validate.yaml.hbs Normal file
View File

@@ -0,0 +1,36 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: "{{ namespace }}/cdi-apiserver-server-cert"
labels:
cdi.kubevirt.io: cdi-api
name: objecttransfer-api-validate
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: cdi-api
namespace: "{{ namespace }}"
path: /objecttransfer-validate
port: 443
failurePolicy: Fail
matchPolicy: Exact
name: objecttransfer-validate.cdi.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- cdi.kubevirt.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- objecttransfers
scope: '*'
sideEffects: None
timeoutSeconds: 30

17
virt/cdi/apiregistration.k8s.io_v1_APIService_v1beta1.upload.cdi.kubevirt.io.yaml.hbs Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
annotations:
cert-manager.io/inject-ca-from: "{{ namespace }}/cdi-apiserver-server-cert"
labels:
cdi.kubevirt.io: cdi-api
name: v1beta1.upload.cdi.kubevirt.io
spec:
group: upload.cdi.kubevirt.io
groupPriorityMinimum: 1000
service:
name: cdi-api
namespace: "{{ namespace }}"
port: 443
version: v1beta1
versionPriority: 15

108
virt/cdi/apps_v1_Deployment_cdi-apiserver.yaml.hbs Normal file
View File

@@ -0,0 +1,108 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: cdi-apiserver
name: cdi-apiserver
namespace: "{{ namespace }}"
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
cdi.kubevirt.io: cdi-apiserver
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: cdi-apiserver
spec:
containers:
- args:
- -v=1
env:
- name: INSTALLER_PART_OF_LABEL
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['app.kubernetes.io/part-of']
- name: INSTALLER_VERSION_LABEL
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['app.kubernetes.io/version']
image: quay.io/kubevirt/cdi-apiserver@sha256:e9e39408413b1478d2e98eba68913f9e20c93000558b190b47de73bdfd1d9ac4
imagePullPolicy: IfNotPresent
name: cdi-apiserver
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 8443
scheme: HTTPS
initialDelaySeconds: 2
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 10m
memory: 150Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/certs/cdi-apiserver-signer-bundle
name: ca-bundle
readOnly: true
- mountPath: /var/run/certs/cdi-apiserver-server-cert
name: server-cert
readOnly: true
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
priorityClassName: cdi-cluster-critical
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
runAsNonRoot: true
serviceAccount: cdi-apiserver
serviceAccountName: cdi-apiserver
terminationGracePeriodSeconds: 30
tolerations:
- key: CriticalAddonsOnly
operator: Exists
volumes:
- secret:
defaultMode: 420
items:
- key: ca.crt
path: ca-bundle.crt
secretName: cdi-apiserver-server-cert
name: ca-bundle
- name: server-cert
secret:
defaultMode: 420
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
secretName: cdi-apiserver-server-cert

155
virt/cdi/apps_v1_Deployment_cdi-deployment.yaml.hbs Normal file
View File

@@ -0,0 +1,155 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: containerized-data-importer
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
prometheus.cdi.kubevirt.io: "true"
name: cdi-deployment
namespace: "{{ namespace }}"
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: containerized-data-importer
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: containerized-data-importer
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
prometheus.cdi.kubevirt.io: "true"
spec:
containers:
- args:
- -v=1
env:
- name: IMPORTER_IMAGE
value: quay.io/kubevirt/cdi-importer@sha256:3143bbc67cdc6267eb48b7eaac664b8551ac4c11401dfbf4921efd3f233e6ce9
- name: CLONER_IMAGE
value: quay.io/kubevirt/cdi-cloner@sha256:9d31b14f23259398c5bac636f5ead13ad0afd6fe8eeab4499e8e047b4d85074f
- name: UPLOADSERVER_IMAGE
value: quay.io/kubevirt/cdi-uploadserver@sha256:30f1827d3696cf996b081c22c3267ca78e7219c872fdb54950198fa54359f6ee
- name: UPLOADPROXY_SERVICE
value: cdi-uploadproxy
- name: PULL_POLICY
value: IfNotPresent
- name: INSTALLER_PART_OF_LABEL
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['app.kubernetes.io/part-of']
- name: INSTALLER_VERSION_LABEL
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['app.kubernetes.io/version']
image: quay.io/kubevirt/cdi-controller@sha256:27c47883a08226f83757971d3adafb0cd9bcb26e58fbcf7208236070e0adf37e
imagePullPolicy: IfNotPresent
name: cdi-controller
ports:
- containerPort: 8080
name: metrics
protocol: TCP
readinessProbe:
exec:
command:
- cat
- /tmp/ready
failureThreshold: 3
initialDelaySeconds: 2
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 10m
memory: 150Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/cdi/token/keys
name: cdi-api-signing-key
- mountPath: /var/run/certs/cdi-uploadserver-signer
name: uploadserver-ca-cert
- mountPath: /var/run/certs/cdi-uploadserver-client-signer
name: uploadserver-client-ca-cert
- mountPath: /var/run/ca-bundle/cdi-uploadserver-signer-bundle
name: uploadserver-ca-bundle
- mountPath: /var/run/ca-bundle/cdi-uploadserver-client-signer-bundle
name: uploadserver-client-ca-bundle
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
priorityClassName: cdi-cluster-critical
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
runAsNonRoot: true
serviceAccount: cdi-sa
serviceAccountName: cdi-sa
terminationGracePeriodSeconds: 30
tolerations:
- key: CriticalAddonsOnly
operator: Exists
volumes:
- name: cdi-api-signing-key
secret:
defaultMode: 420
items:
- key: publickey.pem
path: id_rsa.pub
- key: privatekey.pem
path: id_rsa
secretName: cdi-api-signing-key
- name: uploadserver-ca-cert
secret:
defaultMode: 420
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
secretName: cdi-uploadserver-signer
- name: uploadserver-client-ca-cert
secret:
defaultMode: 420
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
secretName: cdi-uploadserver-client-signer
- secret:
defaultMode: 420
items:
- key: tls.crt
path: ca-bundle.crt
secretName: cdi-uploadserver-signer
name: uploadserver-ca-bundle
- secret:
defaultMode: 420
items:
- key: tls.crt
path: ca-bundle.crt
secretName: cdi-uploadserver-client-signer
name: uploadserver-client-ca-bundle

105
virt/cdi/apps_v1_Deployment_cdi-uploadproxy.yaml.hbs Normal file
View File

@@ -0,0 +1,105 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: cdi-uploadproxy
name: cdi-uploadproxy
namespace: "{{ namespace }}"
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
cdi.kubevirt.io: cdi-uploadproxy
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: cdi-uploadproxy
spec:
containers:
- args:
- -v=1
env:
- name: APISERVER_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: publickey.pem
name: cdi-api-signing-key
image: quay.io/kubevirt/cdi-uploadproxy@sha256:551221d79902a5053d1c734b81163d69f087217e2ac13c49bdf6900336ef0786
imagePullPolicy: IfNotPresent
name: cdi-uploadproxy
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 8443
scheme: HTTPS
initialDelaySeconds: 2
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 10m
memory: 150Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/certs/cdi-uploadproxy-server-cert
name: server-cert
readOnly: true
- mountPath: /var/run/certs/cdi-uploadserver-client-cert
name: client-cert
readOnly: true
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
priorityClassName: cdi-cluster-critical
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
runAsNonRoot: true
serviceAccount: cdi-uploadproxy
serviceAccountName: cdi-uploadproxy
terminationGracePeriodSeconds: 30
tolerations:
- key: CriticalAddonsOnly
operator: Exists
volumes:
- name: server-cert
secret:
defaultMode: 420
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
secretName: cdi-uploadproxy-server-cert
- name: client-cert
secret:
defaultMode: 420
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
secretName: cdi-uploadserver-client-cert

7
virt/cdi/cdi.kubevirt.io_v1beta1_CDIConfig_config.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: cdi.kubevirt.io/v1beta1
kind: CDIConfig
metadata:
name: config
spec:
featureGates:
- HonorWaitForFirstConsumer

18
virt/cdi/cdi.kubevirt.io_v1beta1_CDI_cdi.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: cdi.kubevirt.io/v1beta1
kind: CDI
metadata:
name: cdi
spec:
config:
featureGates:
- HonorWaitForFirstConsumer
imagePullPolicy: IfNotPresent
infra:
nodeSelector:
kubernetes.io/os: linux
tolerations:
- key: CriticalAddonsOnly
operator: Exists
workload:
nodeSelector:
kubernetes.io/os: linux

187
virt/cdi/certs.tf Normal file
View File

@@ -0,0 +1,187 @@
resource "kubectl_manifest" "issuer" {
yaml_body = <<-EOF
apiVersion: "cert-manager.io/v1"
kind: "Issuer"
metadata:
name: "cdi-selfsigned"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
selfSigned: {}
EOF
}
resource "kubectl_manifest" "cdi-apiserver-signer-cert" {
yaml_body = <<-EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: cdi-apiserver-signer
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
isCA: true
duration: "${var.duration}"
commonName: "cdi-apiserver-signer"
secretName: cdi-apiserver-signer
issuerRef:
name: cdi-selfsigned
EOF
}
resource "kubectl_manifest" "cdi-uploadproxy-signer-cert" {
yaml_body = <<-EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: cdi-uploadproxy-signer
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
isCA: true
duration: "${var.duration}"
commonName: "cdi-uploadproxy-signer"
secretName: cdi-uploadproxy-signer
issuerRef:
name: cdi-selfsigned
EOF
}
resource "kubectl_manifest" "cdi-uploadserver-client-signer-cert" {
yaml_body = <<-EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: cdi-uploadserver-client-signer
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
isCA: true
duration: "${var.duration}"
commonName: "cdi-uploadserver-client-signer"
secretName: cdi-uploadserver-client-signer
issuerRef:
name: cdi-selfsigned
EOF
}
resource "kubectl_manifest" "cdi-uploadserver-signer-cert" {
yaml_body = <<-EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: cdi-uploadserver-signer
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
isCA: true
duration: "${var.duration}"
commonName: "cdi-uploadserver-signer"
secretName: cdi-uploadserver-signer
issuerRef:
name: cdi-selfsigned
EOF
}
resource "kubectl_manifest" "cdi-uploadproxy-signer" {
yaml_body = <<-EOF
apiVersion: "cert-manager.io/v1"
kind: "Issuer"
metadata:
name: "cdi-uploadproxy-signer"
namespace: ${var.namespace}
labels: ${jsonencode(local.common-labels)}
spec:
ca:
secretName: "cdi-uploadproxy-signer"
EOF
}
resource "kubectl_manifest" "cdi-uploadserver-client-signer" {
yaml_body = <<-EOF
apiVersion: "cert-manager.io/v1"
kind: "Issuer"
metadata:
name: "cdi-uploadserver-client-signer"
namespace: ${var.namespace}
labels: ${jsonencode(local.common-labels)}
spec:
ca:
secretName: "cdi-uploadserver-client-signer"
EOF
}
resource "kubectl_manifest" "cdi-apiserver-signer" {
yaml_body = <<-EOF
apiVersion: "cert-manager.io/v1"
kind: "Issuer"
metadata:
name: "cdi-apiserver-signer"
namespace: ${var.namespace}
labels: ${jsonencode(local.common-labels)}
spec:
ca:
secretName: "cdi-apiserver-signer"
EOF
}
resource "kubectl_manifest" "cdi-apiserver-server-cert" {
yaml_body = <<-EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: "cdi-apiserver-server-cert"
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
dnsNames:
- cdi-api
- cdi-api.${var.namespace}
- cdi-api.${var.namespace}.svc
- cdi-api.${var.namespace}.svc.cluster.local
issuerRef:
kind: Issuer
name: cdi-apiserver-signer
secretName: cdi-apiserver-server-cert
subject:
organizationalUnits:
- cdi-api
EOF
}
resource "kubectl_manifest" "cdi-uploadproxy-server-cert" {
yaml_body = <<-EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: "cdi-uploadproxy-server-cert"
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
dnsNames:
- cdi-uploadproxy
- cdi-uploadproxy.${var.namespace}
- cdi-uploadproxy.${var.namespace}.svc
- cdi-uploadproxy.${var.namespace}.svc.cluster.local
issuerRef:
kind: Issuer
name: cdi-uploadproxy-signer
secretName: cdi-uploadproxy-server-cert
subject:
organizationalUnits:
- cdi-uploadproxy
EOF
}
resource "kubectl_manifest" "cdi-uploadserver-client-cert" {
yaml_body = <<-EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: "cdi-uploadserver-client-cert"
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
usages:
- digital signature
- client auth
commonName: "cdi-uploadserver-client-cert"
issuerRef:
kind: Issuer
name: cdi-uploadserver-client-signer
secretName: cdi-uploadserver-client-cert
subject:
organizationalUnits:
- cdi-uploadserver-client
EOF
}

32
virt/cdi/datas.tf Normal file
View File

@@ -0,0 +1,32 @@
locals {
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/name" = var.component
"app.kubernetes.io/instance" = var.instance
}
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
images {
name = "quay.io/kubevirt/cdi-apiserver"
new_name = "${var.images.apiserver.registry}/${var.images.apiserver.repository}"
new_tag = "${var.images.apiserver.tag}"
}
images {
name = "quay.io/kubevirt/cdi-controller"
new_name = "${var.images.controller.registry}/${var.images.controller.repository}"
new_tag = "${var.images.controller.tag}"
}
images {
name = "quay.io/kubevirt/cdi-uploadproxy"
new_name = "${var.images.uploadproxy.registry}/${var.images.uploadproxy.repository}"
new_tag = "${var.images.uploadproxy.tag}"
}
}

6
virt/cdi/index.rhai Normal file
View File

@@ -0,0 +1,6 @@
const DEST=dest;
fn pre_install() {
shell(`openssl genrsa -out ${global::DEST}/privatekey.pem 4096`);
shell(`openssl rsa -in ${global::DEST}/privatekey.pem -pubout -out ${global::DEST}/publickey.pem`);
shell(`kubectl get secret -n $NAMESPACE cdi-api-signing-key|| kubectl create secret generic -n $NAMESPACE cdi-api-signing-key --from-file=privatekey.pem=${global::DEST}/privatekey.pem --from-file=publickey.pem=${global::DEST}/publickey.pem`);
}

110
virt/cdi/index.yaml Normal file
View File

@@ -0,0 +1,110 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: virt
metadata:
name: cdi
description: Containerized Data Importer
options:
duration:
default: 87660h
examples:
- 87660h
type: string
images:
default:
apiserver:
registry: quay.io
repository: kubevirt/cdi-apiserver
tag: v1.59.0
controller:
registry: quay.io
repository: kubevirt/cdi-controller
tag: v1.59.0
uploadproxy:
registry: quay.io
repository: kubevirt/cdi-uploadproxy
tag: v1.59.0
examples:
- apiserver:
registry: quay.io
repository: kubevirt/cdi-apiserver
tag: v1.59.0
controller:
registry: quay.io
repository: kubevirt/cdi-controller
tag: v1.59.0
uploadproxy:
registry: quay.io
repository: kubevirt/cdi-uploadproxy
tag: v1.59.0
properties:
apiserver:
default:
registry: quay.io
repository: kubevirt/cdi-apiserver
tag: v1.59.0
properties:
registry:
default: quay.io
type: string
repository:
default: kubevirt/cdi-apiserver
type: string
tag:
default: v1.59.0
type: string
type: object
controller:
default:
registry: quay.io
repository: kubevirt/cdi-controller
tag: v1.59.0
properties:
registry:
default: quay.io
type: string
repository:
default: kubevirt/cdi-controller
type: string
tag:
default: v1.59.0
type: string
type: object
uploadproxy:
default:
registry: quay.io
repository: kubevirt/cdi-uploadproxy
tag: v1.59.0
properties:
registry:
default: quay.io
type: string
repository:
default: kubevirt/cdi-uploadproxy
type: string
tag:
default: v1.59.0
type: string
type: object
type: object
dependencies:
- dist: null
category: core
component: cert-manager
- dist: null
category: core
component: secret-generator
- dist: null
category: crd
component: cdi
providers:
kubernetes: true
authentik: null
kubectl: true
postgresql: null
mysql: null
restapi: null
http: null
gitea: null
tfaddtype: null

79
virt/cdi/monitoring.coreos.com_v1_PrometheusRule_prometheus-cdi-rules.yaml.hbs Normal file
View File

@@ -0,0 +1,79 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
prometheus.cdi.kubevirt.io: "true"
name: prometheus-cdi-rules
namespace: "{{ namespace }}"
spec:
groups:
- name: cdi.rules
rules:
- expr: sum(up{namespace='{{ namespace }}', pod=~'cdi-operator-.*'} or vector(0))
record: kubevirt_cdi_operator_up_total
- expr: count(kube_pod_container_status_restarts_total{pod=~'importer-.*', container='importer'} > 3)
record: kubevirt_cdi_import_dv_unusual_restartcount_total
- expr: count(kube_pod_container_status_restarts_total{pod=~'cdi-upload-.*', container='cdi-upload-server'} > 3)
record: kubevirt_cdi_upload_dv_unusual_restartcount_total
- expr: count(kube_pod_container_status_restarts_total{pod=~'.*-source-pod', container='cdi-clone-source'} > 3)
record: kubevirt_cdi_clone_dv_unusual_restartcount_total
- expr: sum(kubevirt_cdi_dataimportcron_outdated or vector(0))
record: kubevirt_cdi_dataimportcron_outdated_total
- alert: CDIOperatorDown
annotations:
runbook_url: https://kubevirt.io/monitoring/runbooks/CDIOperatorDown
summary: CDI operator is down
expr: kubevirt_cdi_operator_up_total == 0
for: 5m
labels:
kubernetes_operator_component: containerized-data-importer
kubernetes_operator_part_of: kubevirt
operator_health_impact: critical
severity: warning
- alert: CDINotReady
annotations:
runbook_url: https://kubevirt.io/monitoring/runbooks/CDINotReady
summary: CDI is not available to use
expr: kubevirt_cdi_cr_ready == 0
for: 5m
labels:
kubernetes_operator_component: containerized-data-importer
kubernetes_operator_part_of: kubevirt
operator_health_impact: critical
severity: warning
- alert: CDIDataVolumeUnusualRestartCount
annotations:
runbook_url: https://kubevirt.io/monitoring/runbooks/CDIDataVolumeUnusualRestartCount
summary: Cluster has DataVolumes (PVC population request) with an unusual restart count, meaning they are probably failing and need to be investigated
expr: kubevirt_cdi_import_dv_unusual_restartcount_total > 0 or kubevirt_cdi_upload_dv_unusual_restartcount_total > 0 or kubevirt_cdi_clone_dv_unusual_restartcount_total > 0
for: 5m
labels:
kubernetes_operator_component: containerized-data-importer
kubernetes_operator_part_of: kubevirt
operator_health_impact: warning
severity: warning
- alert: CDIStorageProfilesIncomplete
annotations:
runbook_url: https://kubevirt.io/monitoring/runbooks/CDIStorageProfilesIncomplete
summary: Incomplete StorageProfiles exist, accessMode/volumeMode cannot be inferred by CDI for PVC population request
expr: kubevirt_cdi_incomplete_storageprofiles_total > 0
for: 5m
labels:
kubernetes_operator_component: containerized-data-importer
kubernetes_operator_part_of: kubevirt
operator_health_impact: warning
severity: info
- alert: CDIDataImportCronOutdated
annotations:
runbook_url: https://kubevirt.io/monitoring/runbooks/CDIDataImportCronOutdated
summary: DataImportCron (recurring polling of VM templates disk image sources, also known as golden images) PVCs are not being updated on the defined schedule
expr: kubevirt_cdi_dataimportcron_outdated_total > 0
for: 15m
labels:
kubernetes_operator_component: containerized-data-importer
kubernetes_operator_part_of: kubevirt
operator_health_impact: warning
severity: info

27
virt/cdi/monitoring.coreos.com_v1_ServiceMonitor_service-monitor-cdi.yaml.hbs Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
openshift.io/cluster-monitoring: ""
prometheus.cdi.kubevirt.io: "true"
name: service-monitor-cdi
namespace: "{{ namespace }}"
spec:
endpoints:
- bearerTokenSecret:
key: ""
port: metrics
scheme: http
tlsConfig:
ca: {}
cert: {}
insecureSkipVerify: true
namespaceSelector:
matchNames:
- "{{ namespace }}"
selector:
matchLabels:
prometheus.cdi.kubevirt.io: "true"

16
virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi-apiserver.yaml.hbs Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi-apiserver
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cdi-apiserver
subjects:
- kind: ServiceAccount
name: cdi-apiserver
namespace: "{{ namespace }}"

16
virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi-cronjob.yaml.hbs Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi-cronjob
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cdi-cronjob
subjects:
- kind: ServiceAccount
name: cdi-cronjob
namespace: "{{ namespace }}"

16
virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi-sa.yaml.hbs Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi-sa
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cdi
subjects:
- kind: ServiceAccount
name: cdi-sa
namespace: "{{ namespace }}"

16
virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi-uploadproxy.yaml.hbs Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi-uploadproxy
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cdi-uploadproxy
subjects:
- kind: ServiceAccount
name: cdi-uploadproxy
namespace: "{{ namespace }}"

19
virt/cdi/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cdi.kubevirt.io:config-reader.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi.kubevirt.io:config-reader
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cdi.kubevirt.io:config-reader
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:authenticated
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccount

67
virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi-apiserver.yaml Normal file
View File

@@ -0,0 +1,67 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi-apiserver
rules:
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- get
- apiGroups:
- cdi.kubevirt.io
resources:
- datavolumes
verbs:
- list
- get
- apiGroups:
- cdi.kubevirt.io
resources:
- datasources
verbs:
- list
- get
- apiGroups:
- cdi.kubevirt.io
resources:
- cdis
verbs:
- get
- apiGroups:
- cdi.kubevirt.io
resources:
- cdis/finalizers
verbs:
- '*'

18
virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi-cronjob.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi-cronjob
rules:
- apiGroups:
- cdi.kubevirt.io
resources:
- dataimportcrons
verbs:
- get
- list
- update

16
virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi-uploadproxy.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi-uploadproxy
rules:
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get

29
virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.kubevirt.io:admin.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: cdi.kubevirt.io:admin
rules:
- apiGroups:
- cdi.kubevirt.io
resources:
- datavolumes
verbs:
- '*'
- apiGroups:
- cdi.kubevirt.io
resources:
- datavolumes/source
verbs:
- create
- apiGroups:
- upload.cdi.kubevirt.io
resources:
- uploadtokenrequests
verbs:
- '*'

18
virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.kubevirt.io:config-reader.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi.kubevirt.io:config-reader
rules:
- apiGroups:
- cdi.kubevirt.io
resources:
- cdiconfigs
- storageprofiles
verbs:
- get
- list
- watch

28
virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.kubevirt.io:edit.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cdi.kubevirt.io:edit
rules:
- apiGroups:
- cdi.kubevirt.io
resources:
- datavolumes
verbs:
- '*'
- apiGroups:
- cdi.kubevirt.io
resources:
- datavolumes/source
verbs:
- create
- apiGroups:
- upload.cdi.kubevirt.io
resources:
- uploadtokenrequests
verbs:
- '*'

32
virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.kubevirt.io:view.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: cdi.kubevirt.io:view
rules:
- apiGroups:
- cdi.kubevirt.io
resources:
- cdiconfigs
- dataimportcrons
- datasources
- datavolumes
- objecttransfers
- storageprofiles
- volumeimportsources
- volumeuploadsources
- volumeclonesources
verbs:
- get
- list
- watch
- apiGroups:
- cdi.kubevirt.io
resources:
- datavolumes/source
verbs:
- create

134
virt/cdi/rbac.authorization.k8s.io_v1_ClusterRole_cdi.yaml Normal file
View File

@@ -0,0 +1,134 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- persistentvolumes
- persistentvolumeclaims
verbs:
- get
- list
- watch
- create
- update
- delete
- deletecollection
- patch
- apiGroups:
- ""
resources:
- persistentvolumeclaims/finalizers
- pods/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
- pods
- services
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- create
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
- csidrivers
verbs:
- get
- list
- watch
- apiGroups:
- config.openshift.io
resources:
- proxies
verbs:
- get
- list
- watch
- apiGroups:
- cdi.kubevirt.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- snapshot.storage.k8s.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- scheduling.k8s.io
resources:
- priorityclasses
verbs:
- get
- list
- watch
- apiGroups:
- image.openshift.io
resources:
- imagestreams
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- list
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- list
- watch
- apiGroups:
- kubevirt.io
resources:
- virtualmachines/finalizers
verbs:
- update

16
virt/cdi/rbac.authorization.k8s.io_v1_RoleBinding_cdi-apiserver.yaml.hbs Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi-apiserver
namespace: "{{ namespace }}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cdi-apiserver
subjects:
- kind: ServiceAccount
name: cdi-apiserver

16
virt/cdi/rbac.authorization.k8s.io_v1_RoleBinding_cdi-deployment.yaml.hbs Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi-deployment
namespace: "{{ namespace }}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cdi-deployment
subjects:
- kind: ServiceAccount
name: cdi-sa

18
virt/cdi/rbac.authorization.k8s.io_v1_RoleBinding_cdi-monitoring.yaml.hbs Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
prometheus.cdi.kubevirt.io: "true"
name: cdi-monitoring
namespace: "{{ namespace }}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cdi-monitoring
subjects:
- kind: ServiceAccount
name: prometheus-k8s
namespace: monitoring

16
virt/cdi/rbac.authorization.k8s.io_v1_RoleBinding_cdi-uploadproxy.yaml.hbs Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi-uploadproxy
namespace: "{{ namespace }}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cdi-uploadproxy
subjects:
- kind: ServiceAccount
name: cdi-uploadproxy

17
virt/cdi/rbac.authorization.k8s.io_v1_Role_cdi-apiserver.yaml.hbs Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi-apiserver
namespace: "{{ namespace }}"
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- '*'

64
virt/cdi/rbac.authorization.k8s.io_v1_Role_cdi-deployment.yaml.hbs Normal file
View File

@@ -0,0 +1,64 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi-deployment
namespace: "{{ namespace }}"
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- '*'
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- get
- list
- watch

21
virt/cdi/rbac.authorization.k8s.io_v1_Role_cdi-monitoring.yaml.hbs Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
prometheus.cdi.kubevirt.io: "true"
name: cdi-monitoring
namespace: "{{ namespace }}"
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- pods
verbs:
- get
- list
- watch

16
virt/cdi/rbac.authorization.k8s.io_v1_Role_cdi-uploadproxy.yaml.hbs Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi-uploadproxy
namespace: "{{ namespace }}"
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get

7
virt/cdi/scheduling.k8s.io_v1_PriorityClass_cdi-cluster-critical.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: scheduling.k8s.io/v1
description: This priority class should be used for KubeVirt core components only.
kind: PriorityClass
metadata:
name: cdi-cluster-critical
preemptionPolicy: PreemptLowerPriority
value: 1000000000

8
virt/cdi/v1_ConfigMap_cdi-config.yaml.hbs Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
name: cdi-config
namespace: "{{ namespace }}"

9
virt/cdi/v1_ServiceAccount_cdi-apiserver.yaml.hbs Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi-apiserver
namespace: "{{ namespace }}"

9
virt/cdi/v1_ServiceAccount_cdi-cronjob.yaml.hbs Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi-cronjob
namespace: "{{ namespace }}"

9
virt/cdi/v1_ServiceAccount_cdi-sa.yaml.hbs Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi-sa
namespace: "{{ namespace }}"

9
virt/cdi/v1_ServiceAccount_cdi-uploadproxy.yaml.hbs Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi-uploadproxy
namespace: "{{ namespace }}"

18
virt/cdi/v1_Service_cdi-api.yaml.hbs Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: cdi-apiserver
name: cdi-api
namespace: "{{ namespace }}"
spec:
ports:
- port: 443
protocol: TCP
targetPort: 8443
selector:
cdi.kubevirt.io: cdi-apiserver
sessionAffinity: None
type: ClusterIP

20
virt/cdi/v1_Service_cdi-prometheus-metrics.yaml.hbs Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
prometheus.cdi.kubevirt.io: "true"
name: cdi-prometheus-metrics
namespace: "{{ namespace }}"
spec:
ports:
- name: metrics
port: 8080
protocol: TCP
targetPort: metrics
selector:
prometheus.cdi.kubevirt.io: "true"
sessionAffinity: None
type: ClusterIP

18
virt/cdi/v1_Service_cdi-uploadproxy.yaml.hbs Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: cdi-uploadproxy
name: cdi-uploadproxy
namespace: "{{ namespace }}"
spec:
ports:
- port: 443
protocol: TCP
targetPort: 8443
selector:
cdi.kubevirt.io: cdi-uploadproxy
sessionAffinity: None
type: ClusterIP