vynil/addons
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixing meta

Browse Source
This commit is contained in:
Sébastien Huss
2024-05-12 13:44:20 +02:00
parent ed58ef54e1
commit 988497833f
141 changed files with 9443 additions and 7802 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
virt/bridges/common.tf Normal file
View File

@@ -0,0 +1,12 @@
locals {
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/name" = var.component
"app.kubernetes.io/instance" = var.instance
}
}

103
virt/bridges/index.yaml Normal file
View File

@@ -0,0 +1,103 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: virt
metadata:
name: bridges
description: Bridge CNI plugin and associated devices marker
options:
cni:
default:
bin_dir: /opt/cni/bin
examples:
- bin_dir: /opt/cni/bin
properties:
bin_dir:
default: /opt/cni/bin
description: use /var/lib/rancher/k3s/data/current/bin for k3s
type: string
type: object
images:
default:
marker:
pull_policy: IfNotPresent
registry: quay.io
repository: kubevirt/bridge-marker
tag: 0.11.1
plugin:
pull_policy: IfNotPresent
registry: quay.io
repository: kubevirt/cni-default-plugins
tag: v1.4.0
examples:
- marker:
pull_policy: IfNotPresent
registry: quay.io
repository: kubevirt/bridge-marker
tag: 0.11.1
plugin:
pull_policy: IfNotPresent
registry: quay.io
repository: kubevirt/cni-default-plugins
tag: v1.4.0
properties:
marker:
default:
pull_policy: IfNotPresent
registry: quay.io
repository: kubevirt/bridge-marker
tag: 0.11.1
properties:
pull_policy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: quay.io
type: string
repository:
default: kubevirt/bridge-marker
type: string
tag:
default: 0.11.1
type: string
type: object
plugin:
default:
pull_policy: IfNotPresent
registry: quay.io
repository: kubevirt/cni-default-plugins
tag: v1.4.0
properties:
pull_policy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: quay.io
type: string
repository:
default: kubevirt/cni-default-plugins
type: string
tag:
default: v1.4.0
type: string
type: object
type: object
dependencies: []
providers:
kubernetes: true
authentik: null
kubectl: true
postgresql: null
mysql: null
restapi: null
http: null
gitea: null
tfaddtype: null

56
virt/bridges/marker.tf Normal file
View File

@@ -0,0 +1,56 @@
resource "kubectl_manifest" "marker" {
yaml_body = <<-EOF
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: bridge-marker
namespace: ${var.namespace}
labels: ${jsonencode(local.common-labels)}
ownerReferences: ${jsonencode(var.install_owner)}
spec:
revisionHistoryLimit: 10
selector:
matchLabels:
name: bridge-marker
template:
metadata:
annotations:
description: Bridge marker exposes network bridges available on nodes as node
resources
creationTimestamp: null
labels:
app: bridge-marker
app.kubernetes.io/component: network
name: bridge-marker
tier: node
spec:
containers:
- args:
- -node-name
- $(NODE_NAME)
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: ${var.images.marker.registry}/${var.images.marker.repository}:${var.images.marker.tag}
imagePullPolicy: ${var.images.marker.pull_policy}
name: bridge-marker
resources:
requests:
cpu: 10m
memory: 15Mi
hostNetwork: true
nodeSelector:
kubernetes.io/arch: amd64
priorityClassName: system-node-critical
restartPolicy: Always
serviceAccount: bridge-marker
serviceAccountName: bridge-marker
tolerations:
- effect: NoSchedule
operator: Exists
EOF
}

75
virt/bridges/plugin.tf Normal file
View File

@@ -0,0 +1,75 @@
resource "kubectl_manifest" "plugin" {
yaml_body = <<-EOF
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-cni-linux-bridge-plugin
namespace: ${var.namespace}
labels: ${jsonencode(local.common-labels)}
ownerReferences: ${jsonencode(var.install_owner)}
spec:
selector:
matchLabels:
name: kube-cni-linux-bridge-plugin
template:
metadata:
annotations:
description: LinuxBridge installs 'bridge' CNI on cluster nodes, so it can
be later used to attach Pods/VMs to Linux bridges
labels:
app: cni-plugins
app.kubernetes.io/component: network
name: kube-cni-linux-bridge-plugin
tier: node
spec:
containers:
- command:
- /bin/bash
- -ce
- |
echo 'Installing bridge and tuning CNIs'
cni_mount_dir=/opt/cni/bin
sourcebinpath=/usr/src/github.com/containernetworking/plugins/bin
cp --remove-destination $${sourcebinpath}/bridge $${cni_mount_dir}/cnv-bridge
cp --remove-destination $${sourcebinpath}/tuning $${cni_mount_dir}/cnv-tuning
echo 'Checking bridge and tuning CNIs deployment on node'
printf -v bridgechecksum "%s" "$(<$sourcebinpath/bridge.checksum)"
printf -v tuningchecksum "%s" "$(<$sourcebinpath/tuning.checksum)"
printf "%s %s" "$${bridgechecksum% *}" "$${cni_mount_dir}/cnv-bridge" | sha256sum --check
printf "%s %s" "$${tuningchecksum% *}" "$${cni_mount_dir}/cnv-tuning" | sha256sum --check
# Some projects (e.g. openshift/console) use cnv- prefix to distinguish between
# binaries shipped by OpenShift and those shipped by KubeVirt (D/S matters).
# Following two lines make sure we will provide both names when needed.
find $${cni_mount_dir}/bridge &>/dev/null || ln -s $${cni_mount_dir}/cnv-bridge $${cni_mount_dir}/bridge
find $${cni_mount_dir}/tuning &>/dev/null || ln -s $${cni_mount_dir}/cnv-tuning $${cni_mount_dir}/tuning
echo 'Entering sleep... (success)'
sleep infinity
image: ${var.images.plugin.registry}/${var.images.plugin.repository}:${var.images.plugin.tag}
imagePullPolicy: ${var.images.plugin.pull_policy}
name: cni-plugins
resources:
requests:
cpu: 10m
memory: 15Mi
securityContext:
privileged: true
volumeMounts:
- mountPath: /opt/cni/bin
name: cnibin
nodeSelector:
kubernetes.io/arch: amd64
priorityClassName: system-cluster-critical
restartPolicy: Always
tolerations:
- effect: NoSchedule
operator: Exists
volumes:
- hostPath:
path: "${var.cni.bin_dir}"
type: ""
name: cnibin
EOF
}

50
virt/bridges/rbac.tf Normal file
View File

@@ -0,0 +1,50 @@
resource "kubectl_manifest" "sa" {
yaml_body = <<-EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: bridge-marker
namespace: ${var.namespace}
ownerReferences: ${jsonencode(var.install_owner)}
labels: ${jsonencode(local.common-labels)}
EOF
}
resource "kubectl_manifest" "crb" {
yaml_body = <<-EOF
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: bridge-marker-crb
labels: ${jsonencode(local.common-labels)}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: bridge-marker-cr
subjects:
- kind: ServiceAccount
name: bridge-marker
namespace: ${var.namespace}
EOF
}
resource "kubectl_manifest" "cr" {
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: bridge-marker-cr
labels: ${jsonencode(local.common-labels)}
rules:
- apiGroups:
- ""
resources:
- nodes
- nodes/status
verbs:
- get
- update
- patch
EOF
}