vynil/addons
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adding initial kubevirt support

Browse Source
This commit is contained in:
Sébastien Huss
2024-04-15 16:18:28 +02:00
parent 05ce097727
commit 32bc211cb6
136 changed files with 42922 additions and 227 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
virt/kubevirt/admissionregistration.k8s.io_v1_MutatingWebhookConfiguration_virt-api-mutator.yaml.hbs Normal file
View File

@@ -0,0 +1,124 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: "{{ namespace }}/kubevirt-virt-api-certs"
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: virt-api-mutator
name: virt-api-mutator
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /virtualmachines-mutate
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: virtualmachines-mutator.kubevirt.io
namespaceSelector: {}
objectSelector: {}
reinvocationPolicy: Never
rules:
- apiGroups:
- kubevirt.io
apiVersions:
- v1alpha3
- v1
operations:
- CREATE
- UPDATE
resources:
- virtualmachines
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /virtualmachineinstances-mutate
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: virtualmachineinstances-mutator.kubevirt.io
namespaceSelector: {}
objectSelector: {}
reinvocationPolicy: Never
rules:
- apiGroups:
- kubevirt.io
apiVersions:
- v1alpha3
- v1
operations:
- CREATE
- UPDATE
resources:
- virtualmachineinstances
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /migration-mutate-create
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: migrations-mutator.kubevirt.io
namespaceSelector: {}
objectSelector: {}
reinvocationPolicy: Never
rules:
- apiGroups:
- kubevirt.io
apiVersions:
- v1alpha3
- v1
operations:
- CREATE
resources:
- virtualmachineinstancemigrations
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /vm-clone-mutate-create
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: virtualmachineclones-mutator.kubevirt.io
namespaceSelector: {}
objectSelector: {}
reinvocationPolicy: Never
rules:
- apiGroups:
- clone.kubevirt.io
apiVersions:
- v1alpha1
operations:
- CREATE
resources:
- virtualmachineclones
scope: '*'
sideEffects: None
timeoutSeconds: 10

537
virt/kubevirt/admissionregistration.k8s.io_v1_ValidatingWebhookConfiguration_virt-api-validator.yaml.hbs Normal file
View File

@@ -0,0 +1,537 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: "{{ namespace }}/kubevirt-virt-api-certs"
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: virt-api-validator
name: virt-api-validator
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /launcher-eviction-validate
port: 443
failurePolicy: Ignore
matchPolicy: Equivalent
name: virt-launcher-eviction-interceptor.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- '*'
resources:
- pods/eviction
scope: '*'
sideEffects: NoneOnDryRun
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /virtualmachineinstances-validate-create
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: virtualmachineinstances-create-validator.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- kubevirt.io
apiVersions:
- v1alpha3
- v1
operations:
- CREATE
resources:
- virtualmachineinstances
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /virtualmachineinstances-validate-update
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: virtualmachineinstances-update-validator.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- kubevirt.io
apiVersions:
- v1alpha3
- v1
operations:
- UPDATE
resources:
- virtualmachineinstances
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /virtualmachines-validate
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: virtualmachine-validator.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- kubevirt.io
apiVersions:
- v1alpha3
- v1
operations:
- CREATE
- UPDATE
resources:
- virtualmachines
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /virtualmachinereplicaset-validate
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: virtualmachinereplicaset-validator.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- kubevirt.io
apiVersions:
- v1alpha3
- v1
operations:
- CREATE
- UPDATE
resources:
- virtualmachineinstancereplicasets
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /virtualmachinepool-validate
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: virtualmachinepool-validator.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- pool.kubevirt.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- virtualmachinepools
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /vmipreset-validate
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: virtualmachinepreset-validator.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- kubevirt.io
apiVersions:
- v1alpha3
- v1
operations:
- CREATE
- UPDATE
resources:
- virtualmachineinstancepresets
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /migration-validate-create
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: migration-create-validator.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- kubevirt.io
apiVersions:
- v1alpha3
- v1
operations:
- CREATE
resources:
- virtualmachineinstancemigrations
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /migration-validate-update
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: migration-update-validator.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- kubevirt.io
apiVersions:
- v1alpha3
- v1
operations:
- UPDATE
resources:
- virtualmachineinstancemigrations
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /virtualmachinesnapshots-validate
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: virtualmachinesnapshot-validator.snapshot.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- snapshot.kubevirt.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- virtualmachinesnapshots
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /virtualmachinerestores-validate
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: virtualmachinerestore-validator.snapshot.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- snapshot.kubevirt.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- virtualmachinerestores
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /virtualmachineexports-validate
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: virtualmachineexport-validator.export.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- export.kubevirt.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- virtualmachineexports
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /virtualmachineinstancetypes-validate
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: virtualmachineinstancetype-validator.instancetype.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- instancetype.kubevirt.io
apiVersions:
- v1alpha1
- v1alpha2
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- virtualmachineinstancetypes
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /virtualmachineclusterinstancetypes-validate
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: virtualmachineclusterinstancetype-validator.instancetype.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- instancetype.kubevirt.io
apiVersions:
- v1alpha1
- v1alpha2
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- virtualmachineclusterinstancetypes
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /virtualmachinepreferences-validate
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: virtualmachinepreference-validator.instancetype.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- instancetype.kubevirt.io
apiVersions:
- v1alpha1
- v1alpha2
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- virtualmachinepreferences
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /virtualmachineclusterpreferences-validate
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: virtualmachineclusterpreference-validator.instancetype.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- instancetype.kubevirt.io
apiVersions:
- v1alpha1
- v1alpha2
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- virtualmachineclusterpreferences
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /status-validate
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: kubevirt-crd-status-validator.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- kubevirt.io
apiVersions:
- v1alpha3
- v1
operations:
- CREATE
- UPDATE
resources:
- virtualmachines/status
- virtualmachineinstancereplicasets/status
- virtualmachineinstancemigrations/status
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /migration-policy-validate-create
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: migration-policy-validator.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- migrations.kubevirt.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- migrationpolicies
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: virt-api
namespace: "{{ namespace }}"
path: /vm-clone-validate-create
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: vm-clone-validator.kubevirt.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- clone.kubevirt.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- virtualmachineclones
scope: '*'
sideEffects: None
timeoutSeconds: 10

19
virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1.subresources.kubevirt.io.yaml.hbs Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
annotations:
cert-manager.io/inject-ca-from: "{{ namespace }}/kubevirt-virt-api-certs"
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: virt-api-aggregator
name: v1.subresources.kubevirt.io
spec:
group: subresources.kubevirt.io
groupPriorityMinimum: 1000
service:
name: virt-api
namespace: "{{ namespace }}"
port: 443
version: v1
versionPriority: 15

11
virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.clone.kubevirt.io.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
kube-aggregator.kubernetes.io/automanaged: "true"
name: v1alpha1.clone.kubevirt.io
spec:
group: clone.kubevirt.io
groupPriorityMinimum: 1000
version: v1alpha1
versionPriority: 100

11
virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.export.kubevirt.io.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
kube-aggregator.kubernetes.io/automanaged: "true"
name: v1alpha1.export.kubevirt.io
spec:
group: export.kubevirt.io
groupPriorityMinimum: 1000
version: v1alpha1
versionPriority: 100

11
virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.instancetype.kubevirt.io.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
kube-aggregator.kubernetes.io/automanaged: "true"
name: v1alpha1.instancetype.kubevirt.io
spec:
group: instancetype.kubevirt.io
groupPriorityMinimum: 1000
version: v1alpha1
versionPriority: 100

11
virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.migrations.kubevirt.io.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
kube-aggregator.kubernetes.io/automanaged: "true"
name: v1alpha1.migrations.kubevirt.io
spec:
group: migrations.kubevirt.io
groupPriorityMinimum: 1000
version: v1alpha1
versionPriority: 100

11
virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.pool.kubevirt.io.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
kube-aggregator.kubernetes.io/automanaged: "true"
name: v1alpha1.pool.kubevirt.io
spec:
group: pool.kubevirt.io
groupPriorityMinimum: 1000
version: v1alpha1
versionPriority: 100

11
virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha1.snapshot.kubevirt.io.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
kube-aggregator.kubernetes.io/automanaged: "true"
name: v1alpha1.snapshot.kubevirt.io
spec:
group: snapshot.kubevirt.io
groupPriorityMinimum: 1000
version: v1alpha1
versionPriority: 100

11
virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha2.instancetype.kubevirt.io.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
kube-aggregator.kubernetes.io/automanaged: "true"
name: v1alpha2.instancetype.kubevirt.io
spec:
group: instancetype.kubevirt.io
groupPriorityMinimum: 1000
version: v1alpha2
versionPriority: 100

19
virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1alpha3.subresources.kubevirt.io.yaml.hbs Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
annotations:
cert-manager.io/inject-ca-from: "{{ namespace }}/kubevirt-virt-api-certs"
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: virt-api-aggregator
name: v1alpha3.subresources.kubevirt.io
spec:
group: subresources.kubevirt.io
groupPriorityMinimum: 1000
service:
name: virt-api
namespace: "{{ namespace }}"
port: 443
version: v1alpha3
versionPriority: 15

11
virt/kubevirt/apiregistration.k8s.io_v1_APIService_v1beta1.instancetype.kubevirt.io.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
kube-aggregator.kubernetes.io/automanaged: "true"
name: v1beta1.instancetype.kubevirt.io
spec:
group: instancetype.kubevirt.io
groupPriorityMinimum: 1000
version: v1beta1
versionPriority: 100

209
virt/kubevirt/apps_v1_DaemonSet_virt-handler.yaml.hbs Normal file
View File

@@ -0,0 +1,209 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
app.kubernetes.io/version: v1.0.1
kubevirt.io: virt-handler
name: virt-handler
namespace: "{{ namespace }}"
spec:
revisionHistoryLimit: 10
selector:
matchLabels:
kubevirt.io: virt-handler
template:
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
app.kubernetes.io/version: v1.0.1
kubevirt.io: virt-handler
prometheus.kubevirt.io: "true"
name: virt-handler
spec:
containers:
- args:
- --port
- "8443"
- --hostname-override
- $(NODE_NAME)
- --pod-ip-address
- $(MY_POD_IP)
- --max-metric-requests
- "3"
- --console-server-port
- "8186"
- --graceful-shutdown-seconds
- "315"
- -v
- "2"
command:
- virt-handler
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: MY_POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
image: quay.io/kubevirt/virt-handler@sha256:138dfda5fea8622f3da0d6413fe214fef80c2fd6a6f9533592a0dbfa7e1865b5
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 8443
scheme: HTTPS
initialDelaySeconds: 15
periodSeconds: 45
successThreshold: 1
timeoutSeconds: 10
name: virt-handler
ports:
- containerPort: 8443
name: metrics
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 8443
scheme: HTTPS
initialDelaySeconds: 15
periodSeconds: 20
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 325Mi
securityContext:
privileged: true
seLinuxOptions:
level: s0
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/virt-handler/clientcertificates
name: kubevirt-virt-handler-certs
readOnly: true
- mountPath: /etc/virt-handler/servercertificates
name: kubevirt-virt-handler-server-certs
readOnly: true
- mountPath: /profile-data
name: profile-data
- mountPath: /var/run/kubevirt-libvirt-runtimes
name: libvirt-runtimes
- mountPath: /var/run/kubevirt
mountPropagation: Bidirectional
name: virt-share-dir
- mountPath: /var/lib/kubevirt
name: virt-lib-dir
- mountPath: /var/run/kubevirt-private
name: virt-private-dir
- mountPath: /var/lib/kubelet/device-plugins
name: device-plugin
- mountPath: /pods
name: kubelet-pods-shortened
- mountPath: /var/lib/kubelet/pods
mountPropagation: Bidirectional
name: kubelet-pods
- mountPath: /var/lib/kubevirt-node-labeller
name: node-labeller
- mountPath: /etc/podinfo
name: podinfo
dnsPolicy: ClusterFirst
hostPID: true
initContainers:
- args:
- node-labeller.sh
command:
- /bin/sh
- -c
image: quay.io/kubevirt/virt-launcher@sha256:4c5fce3de2e2589197de72fb0c9436490ea318aca952c05a622c43e067023f35
imagePullPolicy: IfNotPresent
name: virt-launcher
resources: {}
securityContext:
privileged: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/lib/kubevirt-node-labeller
name: node-labeller
nodeSelector:
kubernetes.io/os: linux
priorityClassName: kubevirt-cluster-critical
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: kubevirt-handler
serviceAccountName: kubevirt-handler
terminationGracePeriodSeconds: 30
tolerations:
- key: CriticalAddonsOnly
operator: Exists
volumes:
- name: kubevirt-virt-handler-certs
secret:
defaultMode: 420
optional: true
secretName: kubevirt-virt-handler-certs
- name: kubevirt-virt-handler-server-certs
secret:
defaultMode: 420
optional: true
secretName: kubevirt-virt-handler-server-certs
- emptyDir: {}
name: profile-data
- hostPath:
path: /var/run/kubevirt-libvirt-runtimes
type: ""
name: libvirt-runtimes
- hostPath:
path: /var/run/kubevirt
type: ""
name: virt-share-dir
- hostPath:
path: /var/lib/kubevirt
type: ""
name: virt-lib-dir
- hostPath:
path: /var/run/kubevirt-private
type: ""
name: virt-private-dir
- hostPath:
path: /var/lib/kubelet/device-plugins
type: ""
name: device-plugin
- hostPath:
path: /var/lib/kubelet/pods
type: ""
name: kubelet-pods-shortened
- hostPath:
path: /var/lib/kubelet/pods
type: ""
name: kubelet-pods
- hostPath:
path: /var/lib/kubevirt-node-labeller
type: ""
name: node-labeller
- downwardAPI:
defaultMode: 420
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.annotations['k8s.v1.cni.cncf.io/network-status']
path: network-status
name: podinfo
updateStrategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
type: RollingUpdate

127
virt/kubevirt/apps_v1_Deployment_virt-api.yaml.hbs Normal file
View File

@@ -0,0 +1,127 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
app.kubernetes.io/name: virt-api
app.kubernetes.io/version: v1.0.1
kubevirt.io: virt-api
name: virt-api
namespace: "{{ namespace }}"
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
kubevirt.io: virt-api
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
app.kubernetes.io/version: v1.0.1
kubevirt.io: virt-api
prometheus.kubevirt.io: "true"
name: virt-api
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: kubevirt.io
operator: In
values:
- virt-api
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- args:
- --port
- "8443"
- --console-server-port
- "8186"
- --subresources-only
- -v
- "2"
command:
- virt-api
image: quay.io/kubevirt/virt-api@sha256:707003b221496b4432da2f507d1e36e528b45888b5d321e06d460f0678da44ae
imagePullPolicy: IfNotPresent
name: virt-api
ports:
- containerPort: 8443
name: virt-api
protocol: TCP
- containerPort: 8443
name: metrics
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /apis/subresources.kubevirt.io/v1/healthz
port: 8443
scheme: HTTPS
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 5m
memory: 500Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/virt-api/certificates
name: kubevirt-virt-api-certs
readOnly: true
- mountPath: /etc/virt-handler/clientcertificates
name: kubevirt-virt-handler-certs
readOnly: true
- mountPath: /profile-data
name: profile-data
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
priorityClassName: kubevirt-cluster-critical
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccount: kubevirt-apiserver
serviceAccountName: kubevirt-apiserver
terminationGracePeriodSeconds: 30
tolerations:
- key: CriticalAddonsOnly
operator: Exists
volumes:
- name: kubevirt-virt-api-certs
secret:
defaultMode: 420
optional: true
secretName: kubevirt-virt-api-certs
- name: kubevirt-virt-handler-certs
secret:
defaultMode: 420
optional: true
secretName: kubevirt-virt-handler-certs
- emptyDir: {}
name: profile-data

135
virt/kubevirt/apps_v1_Deployment_virt-controller.yaml.hbs Normal file
View File

@@ -0,0 +1,135 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
app.kubernetes.io/name: virt-controller
app.kubernetes.io/version: v1.0.1
kubevirt.io: virt-controller
name: virt-controller
namespace: "{{ namespace }}"
spec:
progressDeadlineSeconds: 600
replicas: 2
revisionHistoryLimit: 10
selector:
matchLabels:
kubevirt.io: virt-controller
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
app.kubernetes.io/version: v1.0.1
kubevirt.io: virt-controller
prometheus.kubevirt.io: "true"
name: virt-controller
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: kubevirt.io
operator: In
values:
- virt-controller
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- args:
- --launcher-image
- quay.io/kubevirt/virt-launcher@sha256:4c5fce3de2e2589197de72fb0c9436490ea318aca952c05a622c43e067023f35
- --exporter-image
- quay.io/kubevirt/virt-exportserver@sha256:73311f79a9c71007f8572b3cc40cd6f6da404c7ef0a9c6509fb717d979546582
- --port
- "8443"
- -v
- "2"
command:
- virt-controller
image: quay.io/kubevirt/virt-controller@sha256:0789fafed2913b35a771e3db882748502b3250be04ece86d97f30201779b4e54
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 8
httpGet:
path: /healthz
port: 8443
scheme: HTTPS
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
name: virt-controller
ports:
- containerPort: 8443
name: metrics
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /leader
port: 8443
scheme: HTTPS
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 275Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/virt-controller/certificates
name: kubevirt-controller-certs
readOnly: true
- mountPath: /etc/virt-controller/exportca
name: kubevirt-export-ca
readOnly: true
- mountPath: /profile-data
name: profile-data
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
priorityClassName: kubevirt-cluster-critical
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccount: kubevirt-controller
serviceAccountName: kubevirt-controller
terminationGracePeriodSeconds: 30
tolerations:
- key: CriticalAddonsOnly
operator: Exists
volumes:
- name: kubevirt-controller-certs
secret:
defaultMode: 420
optional: true
secretName: kubevirt-controller-certs
- name: kubevirt-export-ca
secret:
defaultMode: 420
optional: true
secretName: kubevirt-export-ca
- emptyDir: {}
name: profile-data

209
virt/kubevirt/certs.tf Normal file
View File

@@ -0,0 +1,209 @@
resource "kubectl_manifest" "issuer" {
yaml_body = <<-EOF
apiVersion: "cert-manager.io/v1"
kind: "Issuer"
metadata:
name: "kubevirt-selfsigned"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
selfSigned: {}
EOF
}
resource "kubectl_manifest" "kubevirt-ca-cert" {
yaml_body = <<-EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kubevirt-ca
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
isCA: true
duration: "${var.duration}"
commonName: "kubevirt-ca"
secretName: kubevirt-ca
issuerRef:
name: kubevirt-selfsigned
EOF
}
resource "kubectl_manifest" "kubevirt-export-ca-cert" {
yaml_body = <<-EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kubevirt-export-ca
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
isCA: true
duration: "${var.duration}"
commonName: "kubevirt-export-ca"
secretName: kubevirt-export-ca
issuerRef:
name: kubevirt-selfsigned
EOF
}
resource "kubectl_manifest" "kubevirt-export-ca" {
yaml_body = <<-EOF
apiVersion: "cert-manager.io/v1"
kind: "Issuer"
metadata:
name: "kubevirt-export-ca"
namespace: ${var.namespace}
labels: ${jsonencode(local.common-labels)}
spec:
ca:
secretName: "kubevirt-export-ca"
EOF
}
resource "kubectl_manifest" "kubevirt-ca" {
yaml_body = <<-EOF
apiVersion: "cert-manager.io/v1"
kind: "Issuer"
metadata:
name: "kubevirt-ca"
namespace: ${var.namespace}
labels: ${jsonencode(local.common-labels)}
spec:
ca:
secretName: "kubevirt-ca"
EOF
}
resource "kubectl_manifest" "kubevirt-virt-api-certs" {
yaml_body = <<-EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: "kubevirt-virt-api-certs"
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
dnsNames:
- virt-api
- virt-api.${var.namespace}
- virt-api.${var.namespace}.svc
- virt-api.${var.namespace}.svc.cluster.local
issuerRef:
kind: Issuer
name: kubevirt-ca
secretName: kubevirt-virt-api-certs
subject:
organizationalUnits:
- kubevirt-virt-api
EOF
}
resource "kubectl_manifest" "kubevirt-controller-certs" {
yaml_body = <<-EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: "kubevirt-controller-certs"
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
dnsNames:
- virt-controller
- virt-controller.${var.namespace}
- virt-controller.${var.namespace}.svc
- virt-controller.${var.namespace}.svc.cluster.local
issuerRef:
kind: Issuer
name: kubevirt-ca
secretName: kubevirt-controller-certs
subject:
organizationalUnits:
- kubevirt-virt-controller
EOF
}
resource "kubectl_manifest" "kubevirt-exportproxy-certs" {
yaml_body = <<-EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: "kubevirt-exportproxy-certs"
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
dnsNames:
- virt-exportproxy
- virt-exportproxy.${var.namespace}
- virt-exportproxy.${var.namespace}.svc
- virt-exportproxy.${var.namespace}.svc.cluster.local
issuerRef:
kind: Issuer
name: kubevirt-ca
secretName: kubevirt-exportproxy-certs
subject:
organizationalUnits:
- kubevirt-virt-controller
EOF
}
resource "kubectl_manifest" "kubevirt-operator-certs" {
yaml_body = <<-EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: "kubevirt-operator-certs"
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
dnsNames:
- kubevirt-operator-webhook
- kubevirt-operator-webhook.${var.namespace}
- kubevirt-operator-webhook.${var.namespace}.svc
- kubevirt-operator-webhook.${var.namespace}.svc.cluster.local
issuerRef:
kind: Issuer
name: kubevirt-ca
secretName: kubevirt-operator-certs
subject:
organizationalUnits:
- kubevirt-operator-webhook
EOF
}
resource "kubectl_manifest" "kubevirt-virt-handler-server-certs" {
yaml_body = <<-EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: "kubevirt-virt-handler-server-certs"
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
dnsNames:
- virt-handler
- virt-handler.${var.namespace}
- virt-handler.${var.namespace}.svc
- virt-handler.${var.namespace}.svc.cluster.local
issuerRef:
kind: Issuer
name: kubevirt-ca
secretName: kubevirt-virt-handler-server-certs
subject:
organizationalUnits:
- kubevirt-virt-handler
EOF
}
resource "kubectl_manifest" "kubevirt-virt-handler-certs" {
yaml_body = <<-EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: "kubevirt-virt-handler-certs"
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
usages:
- digital signature
- client auth
commonName: "kubevirt-virt-handler-certs"
issuerRef:
kind: Issuer
name: kubevirt-ca
secretName: kubevirt-virt-handler-certs
subject:
organizationalUnits:
- kubevirt-virt-handler-certs
EOF
}

52
virt/kubevirt/datas.tf Normal file
View File

@@ -0,0 +1,52 @@
locals {
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/name" = var.component
"app.kubernetes.io/instance" = var.instance
}
}
data "kustomization_overlay" "data" {
common_labels = local.common-labels
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
images {
name = "quay.io/kubevirt/virt-handler"
new_name = "${var.images.handler.registry}/${var.images.handler.repository}"
new_tag = "${var.images.handler.tag}"
}
images {
name = "quay.io/kubevirt/virt-api"
new_name = "${var.images.api.registry}/${var.images.api.repository}"
new_tag = "${var.images.api.tag}"
}
images {
name = "quay.io/kubevirt/virt-controller"
new_name = "${var.images.controller.registry}/${var.images.controller.repository}"
new_tag = "${var.images.controller.tag}"
}
patches {
target {
kind = "Deployment"
name = "virt-controller"
}
patch = <<-EOF
- op: replace
path: /spec/template/spec/containers/0/imagePullPolicy
value: "${var.images.controller.pull_policy}"
- op: replace
path: /spec/template/spec/containers/0/image
value: "${var.images.controller.registry}/${var.images.controller.repository}:${var.images.controller.tag}"
- op: replace
path: /spec/template/spec/containers/0/args/1
value: "${var.images.launcher.registry}/${var.images.launcher.repository}:${var.images.launcher.tag}"
- op: replace
path: /spec/template/spec/containers/0/args/3
value: "${var.images.exportserver.registry}/${var.images.exportserver.repository}:${var.images.exportserver.tag}"
EOF
}
}

165
virt/kubevirt/index.yaml Normal file
View File

@@ -0,0 +1,165 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: virt
metadata:
name: kubevirt
description: null
options:
duration:
default: 87660h
examples:
- 87660h
type: string
images:
default:
api:
registry: quay.io
repository: kubevirt/virt-api
tag: v1.2.0
controller:
pull_policy: IfNotPresent
registry: quay.io
repository: kubevirt/virt-controller
tag: v1.2.0
exportserver:
registry: quay.io
repository: kubevirt/virt-exportserver
tag: v1.2.0
handler:
registry: quay.io
repository: kubevirt/virt-handler
tag: v1.2.0
launcher:
registry: quay.io
repository: kubevirt/virt-launcher
tag: v1.2.0
examples:
- api:
registry: quay.io
repository: kubevirt/virt-api
tag: v1.2.0
controller:
pull_policy: IfNotPresent
registry: quay.io
repository: kubevirt/virt-controller
tag: v1.2.0
exportserver:
registry: quay.io
repository: kubevirt/virt-exportserver
tag: v1.2.0
handler:
registry: quay.io
repository: kubevirt/virt-handler
tag: v1.2.0
launcher:
registry: quay.io
repository: kubevirt/virt-launcher
tag: v1.2.0
properties:
api:
default:
registry: quay.io
repository: kubevirt/virt-api
tag: v1.2.0
properties:
registry:
default: quay.io
type: string
repository:
default: kubevirt/virt-api
type: string
tag:
default: v1.2.0
type: string
type: object
controller:
default:
pull_policy: IfNotPresent
registry: quay.io
repository: kubevirt/virt-controller
tag: v1.2.0
properties:
pull_policy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: quay.io
type: string
repository:
default: kubevirt/virt-controller
type: string
tag:
default: v1.2.0
type: string
type: object
exportserver:
default:
registry: quay.io
repository: kubevirt/virt-exportserver
tag: v1.2.0
properties:
registry:
default: quay.io
type: string
repository:
default: kubevirt/virt-exportserver
type: string
tag:
default: v1.2.0
type: string
type: object
handler:
default:
registry: quay.io
repository: kubevirt/virt-handler
tag: v1.2.0
properties:
registry:
default: quay.io
type: string
repository:
default: kubevirt/virt-handler
type: string
tag:
default: v1.2.0
type: string
type: object
launcher:
default:
registry: quay.io
repository: kubevirt/virt-launcher
tag: v1.2.0
properties:
registry:
default: quay.io
type: string
repository:
default: kubevirt/virt-launcher
type: string
tag:
default: v1.2.0
type: string
type: object
type: object
dependencies:
- dist: null
category: core
component: cert-manager
- dist: null
category: crd
component: kubevirt
providers:
kubernetes: true
authentik: null
kubectl: true
postgresql: null
mysql: null
restapi: null
http: null
gitea: null
tfaddtype: null

14
virt/kubevirt/policy_v1_PodDisruptionBudget_virt-controller-pdb.yaml.hbs Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: virt-controller-pdb
name: virt-controller-pdb
namespace: "{{ namespace }}"
spec:
minAvailable: 1
selector:
matchLabels:
kubevirt.io: virt-controller

16
virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-apiserver-auth-delegator.yaml.hbs Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-apiserver-auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: kubevirt-apiserver
namespace: "{{ namespace }}"

16
virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-apiserver.yaml.hbs Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-apiserver
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt-apiserver
subjects:
- kind: ServiceAccount
name: kubevirt-apiserver
namespace: "{{ namespace }}"

16
virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-controller.yaml.hbs Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt-controller
subjects:
- kind: ServiceAccount
name: kubevirt-controller
namespace: "{{ namespace }}"

16
virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-exportproxy.yaml.hbs Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-exportproxy
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt-exportproxy
subjects:
- kind: ServiceAccount
name: kubevirt-exportproxy
namespace: "{{ namespace }}"

16
virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt-handler.yaml.hbs Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-handler
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt-handler
subjects:
- kind: ServiceAccount
name: kubevirt-handler
namespace: "{{ namespace }}"

21
virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRoleBinding_kubevirt.io:default.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt.io:default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt.io:default
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:authenticated
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:unauthenticated

17
virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_instancetype.kubevirt.io:view.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
name: instancetype.kubevirt.io:view
rules:
- apiGroups:
- instancetype.kubevirt.io
resources:
- virtualmachineclusterinstancetypes
- virtualmachineclusterpreferences
verbs:
- get
- list
- watch

143
virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt-apiserver.yaml Normal file
View File

@@ -0,0 +1,143 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-apiserver
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- delete
- patch
- apiGroups:
- kubevirt.io
resources:
- virtualmachines
- virtualmachineinstances
verbs:
- get
- list
- watch
- patch
- update
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- apiGroups:
- kubevirt.io
resources:
- virtualmachines/status
verbs:
- patch
- apiGroups:
- kubevirt.io
resources:
- virtualmachineinstancemigrations
verbs:
- create
- get
- list
- watch
- patch
- apiGroups:
- kubevirt.io
resources:
- virtualmachineinstancepresets
verbs:
- watch
- list
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- limitranges
verbs:
- watch
- list
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- kubevirt.io
resources:
- kubevirts
verbs:
- get
- list
- watch
- apiGroups:
- snapshot.kubevirt.io
resources:
- virtualmachinesnapshots
- virtualmachinerestores
- virtualmachinesnapshotcontents
verbs:
- get
- list
- watch
- apiGroups:
- cdi.kubevirt.io
resources:
- datasources
- datavolumes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- instancetype.kubevirt.io
resources:
- virtualmachineinstancetypes
- virtualmachineclusterinstancetypes
- virtualmachinepreferences
- virtualmachineclusterpreferences
verbs:
- get
- list
- watch
- apiGroups:
- migrations.kubevirt.io
resources:
- migrationpolicies
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- controllerrevisions
verbs:
- create
- list
- get

258
virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt-controller.yaml Normal file
View File

@@ -0,0 +1,258 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-controller
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- patch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- get
- list
- watch
- delete
- create
- patch
- apiGroups:
- ""
resources:
- pods
- configmaps
- endpoints
- services
verbs:
- get
- list
- watch
- delete
- update
- create
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- update
- create
- patch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- apiGroups:
- ""
resources:
- pods/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
- pods/eviction
verbs:
- create
- apiGroups:
- ""
resources:
- pods/status
verbs:
- patch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- list
- apiGroups:
- apps
resources:
- controllerrevisions
verbs:
- watch
- list
- create
- delete
- get
- update
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- create
- update
- delete
- patch
- apiGroups:
- snapshot.kubevirt.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- export.kubevirt.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- pool.kubevirt.io
resources:
- virtualmachinepools
- virtualmachinepools/finalizers
- virtualmachinepools/status
- virtualmachinepools/scale
verbs:
- watch
- list
- create
- delete
- update
- patch
- get
- apiGroups:
- kubevirt.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/addvolume
- virtualmachineinstances/removevolume
- virtualmachineinstances/freeze
- virtualmachineinstances/unfreeze
- virtualmachineinstances/softreboot
verbs:
- update
- apiGroups:
- cdi.kubevirt.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- k8s.cni.cncf.io
resources:
- network-attachment-definitions
verbs:
- get
- list
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotclasses
verbs:
- get
- list
- watch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- instancetype.kubevirt.io
resources:
- virtualmachineinstancetypes
- virtualmachineclusterinstancetypes
- virtualmachinepreferences
- virtualmachineclusterpreferences
verbs:
- get
- list
- watch
- apiGroups:
- migrations.kubevirt.io
resources:
- migrationpolicies
verbs:
- get
- list
- watch
- apiGroups:
- clone.kubevirt.io
resources:
- virtualmachineclones
- virtualmachineclones/status
- virtualmachineclones/finalizers
verbs:
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- resourcequotas
verbs:
- list
- watch

24
virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt-exportproxy.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-exportproxy
rules:
- apiGroups:
- export.kubevirt.io
resources:
- virtualmachineexports
verbs:
- get
- list
- watch
- apiGroups:
- kubevirt.io
resources:
- kubevirts
verbs:
- list
- watch

65
virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt-handler.yaml Normal file
View File

@@ -0,0 +1,65 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-handler
rules:
- apiGroups:
- kubevirt.io
resources:
- virtualmachineinstances
verbs:
- update
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- patch
- list
- watch
- get
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- kubevirt.io
resources:
- kubevirts
verbs:
- get
- list
- watch
- apiGroups:
- migrations.kubevirt.io
resources:
- migrationpolicies
verbs:
- get
- list
- watch

155
virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt.io:admin.yaml Normal file
View File

@@ -0,0 +1,155 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kubevirt.io:admin
rules:
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/console
- virtualmachineinstances/vnc
- virtualmachineinstances/vnc/screenshot
- virtualmachineinstances/portforward
- virtualmachineinstances/guestosinfo
- virtualmachineinstances/filesystemlist
- virtualmachineinstances/userlist
verbs:
- get
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/pause
- virtualmachineinstances/unpause
- virtualmachineinstances/addvolume
- virtualmachineinstances/removevolume
- virtualmachineinstances/freeze
- virtualmachineinstances/unfreeze
- virtualmachineinstances/softreboot
verbs:
- update
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachines/expand-spec
- virtualmachines/portforward
verbs:
- get
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachines/start
- virtualmachines/stop
- virtualmachines/restart
- virtualmachines/addvolume
- virtualmachines/removevolume
- virtualmachines/migrate
- virtualmachines/memorydump
- virtualmachines/addinterface
verbs:
- update
- apiGroups:
- subresources.kubevirt.io
resources:
- expand-vm-spec
verbs:
- update
- apiGroups:
- kubevirt.io
resources:
- virtualmachines
- virtualmachineinstances
- virtualmachineinstancepresets
- virtualmachineinstancereplicasets
- virtualmachineinstancemigrations
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection
- apiGroups:
- snapshot.kubevirt.io
resources:
- virtualmachinesnapshots
- virtualmachinesnapshotcontents
- virtualmachinerestores
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection
- apiGroups:
- export.kubevirt.io
resources:
- virtualmachineexports
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection
- apiGroups:
- clone.kubevirt.io
resources:
- virtualmachineclones
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection
- apiGroups:
- instancetype.kubevirt.io
resources:
- virtualmachineinstancetypes
- virtualmachineclusterinstancetypes
- virtualmachinepreferences
- virtualmachineclusterpreferences
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection
- apiGroups:
- pool.kubevirt.io
resources:
- virtualmachinepools
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection
- apiGroups:
- migrations.kubevirt.io
resources:
- migrationpolicies
verbs:
- get
- list
- watch

20
virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt.io:default.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubernetes.io/bootstrapping: rbac-defaults
kubevirt.io: ""
name: kubevirt.io:default
rules:
- apiGroups:
- subresources.kubevirt.io
resources:
- version
- guestfs
verbs:
- get
- list

156
virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt.io:edit.yaml Normal file
View File

@@ -0,0 +1,156 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: kubevirt.io:edit
rules:
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/console
- virtualmachineinstances/vnc
- virtualmachineinstances/vnc/screenshot
- virtualmachineinstances/portforward
- virtualmachineinstances/guestosinfo
- virtualmachineinstances/filesystemlist
- virtualmachineinstances/userlist
verbs:
- get
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/pause
- virtualmachineinstances/unpause
- virtualmachineinstances/addvolume
- virtualmachineinstances/removevolume
- virtualmachineinstances/freeze
- virtualmachineinstances/unfreeze
- virtualmachineinstances/softreboot
verbs:
- update
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachines/expand-spec
- virtualmachines/portforward
verbs:
- get
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachines/start
- virtualmachines/stop
- virtualmachines/restart
- virtualmachines/addvolume
- virtualmachines/removevolume
- virtualmachines/migrate
- virtualmachines/memorydump
- virtualmachines/addinterface
verbs:
- update
- apiGroups:
- subresources.kubevirt.io
resources:
- expand-vm-spec
verbs:
- update
- apiGroups:
- kubevirt.io
resources:
- virtualmachines
- virtualmachineinstances
- virtualmachineinstancepresets
- virtualmachineinstancereplicasets
- virtualmachineinstancemigrations
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- apiGroups:
- snapshot.kubevirt.io
resources:
- virtualmachinesnapshots
- virtualmachinesnapshotcontents
- virtualmachinerestores
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- apiGroups:
- export.kubevirt.io
resources:
- virtualmachineexports
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- apiGroups:
- clone.kubevirt.io
resources:
- virtualmachineclones
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- apiGroups:
- instancetype.kubevirt.io
resources:
- virtualmachineinstancetypes
- virtualmachineclusterinstancetypes
- virtualmachinepreferences
- virtualmachineclusterpreferences
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- apiGroups:
- pool.kubevirt.io
resources:
- virtualmachinepools
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- apiGroups:
- kubevirt.io
resources:
- kubevirts
verbs:
- get
- list
- apiGroups:
- migrations.kubevirt.io
resources:
- migrationpolicies
verbs:
- get
- list
- watch

90
virt/kubevirt/rbac.authorization.k8s.io_v1_ClusterRole_kubevirt.io:view.yaml Normal file
View File

@@ -0,0 +1,90 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: kubevirt.io:view
rules:
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachines/expand-spec
- virtualmachineinstances/guestosinfo
- virtualmachineinstances/filesystemlist
- virtualmachineinstances/userlist
verbs:
- get
- apiGroups:
- subresources.kubevirt.io
resources:
- expand-vm-spec
verbs:
- update
- apiGroups:
- kubevirt.io
resources:
- virtualmachines
- virtualmachineinstances
- virtualmachineinstancepresets
- virtualmachineinstancereplicasets
- virtualmachineinstancemigrations
verbs:
- get
- list
- watch
- apiGroups:
- snapshot.kubevirt.io
resources:
- virtualmachinesnapshots
- virtualmachinesnapshotcontents
- virtualmachinerestores
verbs:
- get
- list
- watch
- apiGroups:
- export.kubevirt.io
resources:
- virtualmachineexports
verbs:
- get
- list
- watch
- apiGroups:
- clone.kubevirt.io
resources:
- virtualmachineclones
verbs:
- get
- list
- watch
- apiGroups:
- instancetype.kubevirt.io
resources:
- virtualmachineinstancetypes
- virtualmachineclusterinstancetypes
- virtualmachinepreferences
- virtualmachineclusterpreferences
verbs:
- get
- list
- watch
- apiGroups:
- pool.kubevirt.io
resources:
- virtualmachinepools
verbs:
- get
- list
- watch
- apiGroups:
- migrations.kubevirt.io
resources:
- migrationpolicies
verbs:
- get
- list
- watch

17
virt/kubevirt/rbac.authorization.k8s.io_v1_RoleBinding_kubevirt-apiserver.yaml.hbs Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-apiserver
namespace: "{{ namespace }}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubevirt-apiserver
subjects:
- kind: ServiceAccount
name: kubevirt-apiserver
namespace: "{{ namespace }}"

17
virt/kubevirt/rbac.authorization.k8s.io_v1_RoleBinding_kubevirt-controller.yaml.hbs Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-controller
namespace: "{{ namespace }}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubevirt-controller
subjects:
- kind: ServiceAccount
name: kubevirt-controller
namespace: "{{ namespace }}"

17
virt/kubevirt/rbac.authorization.k8s.io_v1_RoleBinding_kubevirt-exportproxy.yaml.hbs Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-exportproxy
namespace: "{{ namespace }}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubevirt-exportproxy
subjects:
- kind: ServiceAccount
name: kubevirt-exportproxy
namespace: "{{ namespace }}"

17
virt/kubevirt/rbac.authorization.k8s.io_v1_RoleBinding_kubevirt-handler.yaml.hbs Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-handler
namespace: "{{ namespace }}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubevirt-handler
subjects:
- kind: ServiceAccount
name: kubevirt-handler
namespace: "{{ namespace }}"

18
virt/kubevirt/rbac.authorization.k8s.io_v1_Role_kubevirt-apiserver.yaml.hbs Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-apiserver
namespace: "{{ namespace }}"
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch

46
virt/kubevirt/rbac.authorization.k8s.io_v1_Role_kubevirt-controller.yaml.hbs Normal file
View File

@@ -0,0 +1,46 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-controller
namespace: "{{ namespace }}"
rules:
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- list
- get
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- list
- get
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- list
- get
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- delete
- update
- create
- patch

20
virt/kubevirt/rbac.authorization.k8s.io_v1_Role_kubevirt-exportproxy.yaml.hbs Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-exportproxy
namespace: "{{ namespace }}"
rules:
- apiGroups:
- ""
resourceNames:
- kubevirt-export-ca
resources:
- configmaps
verbs:
- get
- list
- watch

18
virt/kubevirt/rbac.authorization.k8s.io_v1_Role_kubevirt-handler.yaml.hbs Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-handler
namespace: "{{ namespace }}"
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch

7
virt/kubevirt/scheduling.k8s.io_v1_PriorityClass_kubevirt-cluster-critical.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: scheduling.k8s.io/v1
description: This priority class should be used for KubeVirt core components only.
kind: PriorityClass
metadata:
name: kubevirt-cluster-critical
preemptionPolicy: PreemptLowerPriority
value: 1000000000

9
virt/kubevirt/v1_ServiceAccount_kubevirt-apiserver.yaml.hbs Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-apiserver
namespace: "{{ namespace }}"

9
virt/kubevirt/v1_ServiceAccount_kubevirt-controller.yaml.hbs Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-controller
namespace: "{{ namespace }}"

9
virt/kubevirt/v1_ServiceAccount_kubevirt-exportproxy.yaml.hbs Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-exportproxy
namespace: "{{ namespace }}"

9
virt/kubevirt/v1_ServiceAccount_kubevirt-handler.yaml.hbs Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
name: kubevirt-handler
namespace: "{{ namespace }}"

20
virt/kubevirt/v1_Service_kubevirt-operator-webhook.yaml.hbs Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
prometheus.kubevirt.io: "true"
name: kubevirt-operator-webhook
namespace: "{{ namespace }}"
spec:
ports:
- name: webhooks
port: 443
protocol: TCP
targetPort: webhooks
selector:
kubevirt.io: virt-operator
sessionAffinity: None
type: ClusterIP

20
virt/kubevirt/v1_Service_kubevirt-prometheus-metrics.yaml.hbs Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: ""
prometheus.kubevirt.io: "true"
name: kubevirt-prometheus-metrics
namespace: "{{ namespace }}"
spec:
ports:
- name: metrics
port: 443
protocol: TCP
targetPort: metrics
selector:
prometheus.kubevirt.io: "true"
sessionAffinity: None
type: ClusterIP

18
virt/kubevirt/v1_Service_virt-api.yaml.hbs Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: virt-api
name: virt-api
namespace: "{{ namespace }}"
spec:
ports:
- port: 443
protocol: TCP
targetPort: 8443
selector:
kubevirt.io: virt-api
sessionAffinity: None
type: ClusterIP

18
virt/kubevirt/v1_Service_virt-exportproxy.yaml.hbs Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: kubevirt
app.kubernetes.io/managed-by: virt-operator
kubevirt.io: virt-exportproxy
name: virt-exportproxy
namespace: "{{ namespace }}"
spec:
ports:
- port: 443
protocol: TCP
targetPort: 8443
selector:
kubevirt.io: virt-exportproxy
sessionAffinity: None
type: ClusterIP