Add Cluster API Provider for Bare Metal Hardware

A Machine actuator implementation for the Kubernetes Cluster API

Change-Id: I5dcc610d3eea89adbd0aef81f11aad56e73bfb99
This commit is contained in:
Nikolay Fedorov 2020-01-31 16:00:30 +04:00
parent d10ad53ef5
commit 0f21921065
14 changed files with 783 additions and 0 deletions

View File

@ -0,0 +1,18 @@
resources:
- ../../global/crd/baremetal-provider
- rbac
- provider.yaml
- namespace.yaml
commonLabels:
# NOTE We can't use airshipit.org/clustertype
# bacause a label can't consists of multiple values
airshipit.org/ephemeral: "true"
airshipit.org/target: "true"
namespace: capbm
#vars:
# $(IMAGE_PULL_POLICY)
# The image pull policy by default should be "IfNotPresent",
# it should be globally defined for all images

View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: capbm

View File

@ -0,0 +1,108 @@
---
apiVersion: v1
kind: Secret
metadata:
name: capbm-webhook-server-secret
---
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/port: "8443"
prometheus.io/scheme: https
prometheus.io/scrape: "true"
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
name: capbm-controller-manager-metrics-svc
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
---
apiVersion: v1
kind: Service
metadata:
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
name: capbm-controller-manager-service
spec:
ports:
- port: 443
selector:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
name: capbm-controller-manager
spec:
selector:
matchLabels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
serviceName: capbm-controller-manager-service
template:
metadata:
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
spec:
containers:
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=10
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
- args:
- --metrics-addr=127.0.0.1:8080
- --enable-leader-election
command:
- /manager
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: SECRET_NAME
value: capbm-webhook-server-secret
image: "quay.io/metal3-io/cluster-api-provider-baremetal:v1alpha2"
imagePullPolicy: $(IMAGE_PULL_POLICY)
name: manager
ports:
- containerPort: 9876
name: webhook-server
protocol: TCP
resources:
limits:
cpu: 100m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
volumeMounts:
- mountPath: /tmp/cert
name: cert
readOnly: true
terminationGracePeriodSeconds: 10
volumes:
- name: cert
secret:
defaultMode: 420
secretName: capbm-webhook-server-secret

View File

@ -0,0 +1,32 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: capbm-leader-election-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create

View File

@ -0,0 +1,12 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: capbm-leader-election-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: capbm-leader-election-role
subjects:
- kind: ServiceAccount
name: default

View File

@ -0,0 +1,108 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: capbm-manager-role
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/status
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machines
- machines/status
verbs:
- get
- list
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- baremetalclusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- baremetalclusters/status
verbs:
- get
- patch
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- baremetalmachines
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- baremetalmachines/status
verbs:
- get
- patch
- update
- apiGroups:
- metal3.io
resources:
- baremetalhosts
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- metal3.io
resources:
- baremetalhosts/status
verbs:
- get
- patch
- update

View File

@ -0,0 +1,14 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
control-plane: capbm-controller-manager
name: capbm-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: capbm-manager-role
subjects:
- kind: ServiceAccount
name: default

View File

@ -0,0 +1,20 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
control-plane: capbm-controller-manager
name: capbm-proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

View File

@ -0,0 +1,14 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
control-plane: capbm-controller-manager
name: capbm-proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: capbm-proxy-role
subjects:
- kind: ServiceAccount
name: default

View File

@ -0,0 +1,7 @@
resources:
- capbm-leader-election-rolebinding.yaml
- capbm-leader-election-role.yaml
- capbm-manager-rolebinding.yaml
- capbm-manager-role.yaml
- capbm-proxy-rolebinding.yaml
- capbm-proxy-role.yaml

View File

@ -0,0 +1,118 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
control-plane: capbm-controller-manager
name: baremetalclusters.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: BareMetalCluster
plural: baremetalclusters
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: BareMetalCluster is the Schema for the baremetalclusters API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: BareMetalClusterSpec defines the desired state of BareMetalCluster.
properties:
apiEndpoint:
type: string
required:
- apiEndpoint
type: object
status:
description: BareMetalClusterStatus defines the observed state of BareMetalCluster.
properties:
apiEndpoints:
description: APIEndpoints represents the endpoints to communicate with
the control plane.
items:
description: APIEndpoint represents a reachable Kubernetes API endpoint.
properties:
host:
description: Host is the hostname on which the API server is serving.
type: string
port:
description: Port is the port on which the API server is serving.
type: integer
required:
- host
- port
type: object
type: array
errorMessage:
description: "ErrorMessage will be set in the event that there is a
terminal problem reconciling the BaremetalMachine and will contain
a more verbose string suitable for logging and human consumption.
\n This field should not be set for transitive errors that a controller
faces that are expected to be fixed automatically over time (like
service outages), but instead indicate that something is fundamentally
wrong with the BaremetalMachine's spec or the configuration of the
controller, and that manual intervention is required. Examples of
terminal errors would be invalid combinations of settings in the spec,
values that are unsupported by the controller, or the responsible
controller itself being critically misconfigured. \n Any transient
errors that occur during the reconciliation of Machines can be added
as events to the BaremetalMachine object and/or logged in the controller's
output."
type: string
errorReason:
description: "ErrorReason will be set in the event that there is a terminal
problem reconciling the BaremetalMachine and will contain a succinct
value suitable for machine interpretation. \n This field should not
be set for transitive errors that a controller faces that are expected
to be fixed automatically over time (like service outages), but instead
indicate that something is fundamentally wrong with the BaremetalMachine's
spec or the configuration of the controller, and that manual intervention
is required. Examples of terminal errors would be invalid combinations
of settings in the spec, values that are unsupported by the controller,
or the responsible controller itself being critically misconfigured.
\n Any transient errors that occur during the reconciliation of Machines
can be added as events to the BaremetalMachine object and/or logged
in the controller's output."
type: string
lastUpdated:
description: LastUpdated identifies when this status was last observed.
format: date-time
type: string
ready:
description: Ready denotes that the baremetal cluster (infrastructure)
is ready. In Baremetal case, it does not mean anything for now as
no infrastructure steps need to be performed. Required by Cluster
API. Set to True by the BaremetalCluster controller after creation.
type: boolean
required:
- ready
type: object
type: object
version: v1alpha2
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,192 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
control-plane: capbm-controller-manager
name: baremetalmachines.infrastructure.cluster.x-k8s.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.providerID
description: Provider ID
name: ProviderID
type: string
- JSONPath: .status.ready
description: BaremetalMachine is Ready
name: Ready
type: string
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: BareMetalMachine
plural: baremetalmachines
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: BareMetalMachine is the Schema for the baremetalmachines API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: BareMetalMachineSpec defines the desired state of BareMetalMachine
properties:
hostSelector:
description: HostSelector specifies matching criteria for labels on
BareMetalHosts. This is used to limit the set of BareMetalHost objects
considered for claiming for a BaremetalMachine.
properties:
matchExpressions:
description: Label match expressions that must be true on a chosen
BareMetalHost
items:
properties:
key:
type: string
operator:
description: Operator represents a key/field's relationship
to value(s). See labels.Requirement and fields.Requirement
for more details.
type: string
values:
items:
type: string
type: array
required:
- key
- operator
- values
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: Key/value pairs of labels that must exist on a chosen
BareMetalHost
type: object
type: object
image:
description: Image is the image to be provisioned.
properties:
checksum:
description: Checksum is a md5sum value or a URL to retrieve one.
type: string
url:
description: URL is a location of an image to deploy.
type: string
required:
- checksum
- url
type: object
providerID:
description: ProviderID will be the baremetal machine in ProviderID
format (baremetal:////<machinename>)
type: string
userData:
description: UserData references the Secret that holds user data needed
by the bare metal operator. The Namespace is optional; it will default
to the BaremetalMachine's namespace if not specified.
properties:
name:
description: Name is unique within a namespace to reference a secret
resource.
type: string
namespace:
description: Namespace defines the space within which the secret
name must be unique.
type: string
type: object
required:
- image
type: object
status:
description: BareMetalMachineStatus defines the observed state of BareMetalMachine
properties:
addresses:
description: Addresses is a list of addresses assigned to the machine.
This field is copied from the infrastructure provider reference.
items:
description: MachineAddress contains information for the node's address.
properties:
address:
description: The machine address.
type: string
type:
description: Machine address type, one of Hostname, ExternalIP
or InternalIP.
type: string
required:
- address
- type
type: object
type: array
errorMessage:
description: "ErrorMessage will be set in the event that there is a
terminal problem reconciling the BaremetalMachine and will contain
a more verbose string suitable for logging and human consumption.
\n This field should not be set for transitive errors that a controller
faces that are expected to be fixed automatically over time (like
service outages), but instead indicate that something is fundamentally
wrong with the BaremetalMachine's spec or the configuration of the
controller, and that manual intervention is required. Examples of
terminal errors would be invalid combinations of settings in the spec,
values that are unsupported by the controller, or the responsible
controller itself being critically misconfigured. \n Any transient
errors that occur during the reconciliation of BaremetalMachines can
be added as events to the BaremetalMachine object and/or logged in
the controller's output."
type: string
errorReason:
description: "ErrorReason will be set in the event that there is a terminal
problem reconciling the BaremetalMachine and will contain a succinct
value suitable for machine interpretation. \n This field should not
be set for transitive errors that a controller faces that are expected
to be fixed automatically over time (like service outages), but instead
indicate that something is fundamentally wrong with the BaremetalMachine's
spec or the configuration of the controller, and that manual intervention
is required. Examples of terminal errors would be invalid combinations
of settings in the spec, values that are unsupported by the controller,
or the responsible controller itself being critically misconfigured.
\n Any transient errors that occur during the reconciliation of BaremetalMachines
can be added as events to the BaremetalMachine object and/or logged
in the controller's output."
type: string
lastUpdated:
description: LastUpdated identifies when this status was last observed.
format: date-time
type: string
phase:
description: Phase represents the current phase of machine actuation.
E.g. Pending, Running, Terminating, Failed etc.
type: string
ready:
description: 'Ready is the state of the metal3. TODO : Document the
variable : mhrivnak: " it would be good to document what this means,
how to interpret it, under what circumstances the value changes, etc."'
type: boolean
type: object
type: object
version: v1alpha2
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,132 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
control-plane: capbm-controller-manager
name: baremetalmachinetemplates.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: BareMetalMachineTemplate
plural: baremetalmachinetemplates
scope: Namespaced
validation:
openAPIV3Schema:
description: BareMetalMachineTemplate is the Schema for the baremetalmachinetemplates
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: BareMetalMachineTemplateSpec defines the desired state of BareMetalMachineTemplate
properties:
template:
description: BareMetalMachineTemplateResource describes the data needed
to create a BareMetalMachine from a template
properties:
spec:
description: Spec is the specification of the desired behavior of
the machine.
properties:
hostSelector:
description: HostSelector specifies matching criteria for labels
on BareMetalHosts. This is used to limit the set of BareMetalHost
objects considered for claiming for a BaremetalMachine.
properties:
matchExpressions:
description: Label match expressions that must be true on
a chosen BareMetalHost
items:
properties:
key:
type: string
operator:
description: Operator represents a key/field's relationship
to value(s). See labels.Requirement and fields.Requirement
for more details.
type: string
values:
items:
type: string
type: array
required:
- key
- operator
- values
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: Key/value pairs of labels that must exist on
a chosen BareMetalHost
type: object
type: object
image:
description: Image is the image to be provisioned.
properties:
checksum:
description: Checksum is a md5sum value or a URL to retrieve
one.
type: string
url:
description: URL is a location of an image to deploy.
type: string
required:
- checksum
- url
type: object
providerID:
description: ProviderID will be the baremetal machine in ProviderID
format (baremetal:////<machinename>)
type: string
userData:
description: UserData references the Secret that holds user
data needed by the bare metal operator. The Namespace is optional;
it will default to the BaremetalMachine's namespace if not
specified.
properties:
name:
description: Name is unique within a namespace to reference
a secret resource.
type: string
namespace:
description: Namespace defines the space within which the
secret name must be unique.
type: string
type: object
required:
- image
type: object
required:
- spec
type: object
required:
- template
type: object
type: object
version: v1alpha2
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,4 @@
resources:
- baremetalclusters.infrastructure.cluster.x-k8s.io.yaml
- baremetalmachines.infrastructure.cluster.x-k8s.io.yaml
- baremetalmachinetemplates.infrastructure.cluster.x-k8s.io.yaml