From 47041eda24704f52de0c62880e3fa472887aee25 Mon Sep 17 00:00:00 2001 From: Snehal Date: Wed, 29 Sep 2021 10:54:20 +0000 Subject: [PATCH] CAPD v0.4.2 manifests * The current PS adds manifests files to update CAPD components to 0.4.2 version Change-Id: Ie57201a901277eed122052f0a1c75ed21fa77e54 --- .../capd/v0.4.2/certmanager/certificate.yaml | 24 ++ .../v0.4.2/certmanager/kustomization.yaml | 8 + .../v0.4.2/certmanager/kustomizeconfig.yaml | 19 + ...e.cluster.x-k8s.io_dockermachinepools.yaml | 380 ++++++++++++++++++ ...cture.cluster.x-k8s.io_dockerclusters.yaml | 315 +++++++++++++++ ...uster.x-k8s.io_dockerclustertemplates.yaml | 118 ++++++ ...e.cluster.x-k8s.io_dockermachinepools.yaml | 380 ++++++++++++++++++ ...cture.cluster.x-k8s.io_dockermachines.yaml | 308 ++++++++++++++ ...uster.x-k8s.io_dockermachinetemplates.yaml | 188 +++++++++ .../capd/v0.4.2/crd/kustomization.yaml | 34 ++ .../capd/v0.4.2/crd/kustomizeconfig.yaml | 17 + .../cainjection_in_dockerclusters.yaml | 8 + ...cainjection_in_dockerclustertemplates.yaml | 8 + .../cainjection_in_dockermachinepools.yaml | 8 + .../cainjection_in_dockermachines.yaml | 8 + .../patches/webhook_in_dockerclusters.yaml | 19 + .../webhook_in_dockerclustertemplates.yaml | 19 + .../webhook_in_dockermachinepools.yaml | 19 + .../patches/webhook_in_dockermachines.yaml | 19 + .../capd/v0.4.2/data/kustomization.yaml | 2 + .../function/capd/v0.4.2/data/metadata.yaml | 13 + .../capd/v0.4.2/default/kustomization.yaml | 9 + .../capd/v0.4.2/default/namespace.yaml | 6 + .../function/capd/v0.4.2/kustomization.yaml | 11 + .../capd/v0.4.2/manager/kustomization.yaml | 9 + .../function/capd/v0.4.2/manager/manager.yaml | 50 +++ .../manager/manager_auth_proxy_patch.yaml | 26 ++ .../v0.4.2/manager/manager_image_patch.yaml | 12 + .../v0.4.2/manager/manager_pull_policy.yaml | 11 + .../capd/v0.4.2/rbac/auth_proxy_role.yaml | 13 + .../v0.4.2/rbac/auth_proxy_role_binding.yaml | 12 + .../capd/v0.4.2/rbac/auth_proxy_service.yaml | 18 + .../capd/v0.4.2/rbac/kustomization.yaml | 12 + .../v0.4.2/rbac/leader_election_role.yaml | 44 ++ .../rbac/leader_election_role_binding.yaml | 12 + manifests/function/capd/v0.4.2/rbac/role.yaml | 97 +++++ .../capd/v0.4.2/rbac/role_binding.yaml | 12 + .../capd/v0.4.2/rbac/service_account.yaml | 5 + .../capd/v0.4.2/webhook/kustomization.yaml | 44 ++ .../capd/v0.4.2/webhook/kustomizeconfig.yaml | 22 + .../v0.4.2/webhook/manager_webhook_patch.yaml | 23 ++ .../capd/v0.4.2/webhook/manifests.yaml | 126 ++++++ .../function/capd/v0.4.2/webhook/service.yaml | 10 + .../webhook/webhookcainjection_patch.yaml | 15 + 44 files changed, 2513 insertions(+) create mode 100644 manifests/function/capd/v0.4.2/certmanager/certificate.yaml create mode 100644 manifests/function/capd/v0.4.2/certmanager/kustomization.yaml create mode 100644 manifests/function/capd/v0.4.2/certmanager/kustomizeconfig.yaml create mode 100644 manifests/function/capd/v0.4.2/crd/bases/exp.infrastructure.cluster.x-k8s.io_dockermachinepools.yaml create mode 100644 manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockerclusters.yaml create mode 100644 manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockerclustertemplates.yaml create mode 100644 manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockermachinepools.yaml create mode 100644 manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockermachines.yaml create mode 100644 manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockermachinetemplates.yaml create mode 100644 manifests/function/capd/v0.4.2/crd/kustomization.yaml create mode 100644 manifests/function/capd/v0.4.2/crd/kustomizeconfig.yaml create mode 100644 manifests/function/capd/v0.4.2/crd/patches/cainjection_in_dockerclusters.yaml create mode 100644 manifests/function/capd/v0.4.2/crd/patches/cainjection_in_dockerclustertemplates.yaml create mode 100644 manifests/function/capd/v0.4.2/crd/patches/cainjection_in_dockermachinepools.yaml create mode 100644 manifests/function/capd/v0.4.2/crd/patches/cainjection_in_dockermachines.yaml create mode 100644 manifests/function/capd/v0.4.2/crd/patches/webhook_in_dockerclusters.yaml create mode 100644 manifests/function/capd/v0.4.2/crd/patches/webhook_in_dockerclustertemplates.yaml create mode 100644 manifests/function/capd/v0.4.2/crd/patches/webhook_in_dockermachinepools.yaml create mode 100644 manifests/function/capd/v0.4.2/crd/patches/webhook_in_dockermachines.yaml create mode 100644 manifests/function/capd/v0.4.2/data/kustomization.yaml create mode 100644 manifests/function/capd/v0.4.2/data/metadata.yaml create mode 100644 manifests/function/capd/v0.4.2/default/kustomization.yaml create mode 100644 manifests/function/capd/v0.4.2/default/namespace.yaml create mode 100644 manifests/function/capd/v0.4.2/kustomization.yaml create mode 100644 manifests/function/capd/v0.4.2/manager/kustomization.yaml create mode 100644 manifests/function/capd/v0.4.2/manager/manager.yaml create mode 100644 manifests/function/capd/v0.4.2/manager/manager_auth_proxy_patch.yaml create mode 100644 manifests/function/capd/v0.4.2/manager/manager_image_patch.yaml create mode 100644 manifests/function/capd/v0.4.2/manager/manager_pull_policy.yaml create mode 100644 manifests/function/capd/v0.4.2/rbac/auth_proxy_role.yaml create mode 100644 manifests/function/capd/v0.4.2/rbac/auth_proxy_role_binding.yaml create mode 100644 manifests/function/capd/v0.4.2/rbac/auth_proxy_service.yaml create mode 100644 manifests/function/capd/v0.4.2/rbac/kustomization.yaml create mode 100644 manifests/function/capd/v0.4.2/rbac/leader_election_role.yaml create mode 100644 manifests/function/capd/v0.4.2/rbac/leader_election_role_binding.yaml create mode 100644 manifests/function/capd/v0.4.2/rbac/role.yaml create mode 100644 manifests/function/capd/v0.4.2/rbac/role_binding.yaml create mode 100644 manifests/function/capd/v0.4.2/rbac/service_account.yaml create mode 100644 manifests/function/capd/v0.4.2/webhook/kustomization.yaml create mode 100644 manifests/function/capd/v0.4.2/webhook/kustomizeconfig.yaml create mode 100644 manifests/function/capd/v0.4.2/webhook/manager_webhook_patch.yaml create mode 100644 manifests/function/capd/v0.4.2/webhook/manifests.yaml create mode 100644 manifests/function/capd/v0.4.2/webhook/service.yaml create mode 100644 manifests/function/capd/v0.4.2/webhook/webhookcainjection_patch.yaml diff --git a/manifests/function/capd/v0.4.2/certmanager/certificate.yaml b/manifests/function/capd/v0.4.2/certmanager/certificate.yaml new file mode 100644 index 000000000..4079986e8 --- /dev/null +++ b/manifests/function/capd/v0.4.2/certmanager/certificate.yaml @@ -0,0 +1,24 @@ +# The following manifests contain a self-signed issuer CR and a certificate CR. +# More document can be found at https://docs.cert-manager.io +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-issuer + namespace: system +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml + namespace: system +spec: + # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize + dnsNames: + - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc + - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local + issuerRef: + kind: Issuer + name: selfsigned-issuer + secretName: $(SERVICE_NAME)-cert # this secret will not be prefixed, since it's not managed by kustomize diff --git a/manifests/function/capd/v0.4.2/certmanager/kustomization.yaml b/manifests/function/capd/v0.4.2/certmanager/kustomization.yaml new file mode 100644 index 000000000..438e93c2c --- /dev/null +++ b/manifests/function/capd/v0.4.2/certmanager/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- certificate.yaml + +configurations: +- kustomizeconfig.yaml diff --git a/manifests/function/capd/v0.4.2/certmanager/kustomizeconfig.yaml b/manifests/function/capd/v0.4.2/certmanager/kustomizeconfig.yaml new file mode 100644 index 000000000..28a895a40 --- /dev/null +++ b/manifests/function/capd/v0.4.2/certmanager/kustomizeconfig.yaml @@ -0,0 +1,19 @@ +# This configuration is for teaching kustomize how to update name ref and var substitution +nameReference: +- kind: Issuer + group: cert-manager.io + fieldSpecs: + - kind: Certificate + group: cert-manager.io + path: spec/issuerRef/name + +varReference: +- kind: Certificate + group: cert-manager.io + path: spec/commonName +- kind: Certificate + group: cert-manager.io + path: spec/dnsNames +- kind: Certificate + group: cert-manager.io + path: spec/secretName diff --git a/manifests/function/capd/v0.4.2/crd/bases/exp.infrastructure.cluster.x-k8s.io_dockermachinepools.yaml b/manifests/function/capd/v0.4.2/crd/bases/exp.infrastructure.cluster.x-k8s.io_dockermachinepools.yaml new file mode 100644 index 000000000..3972686d4 --- /dev/null +++ b/manifests/function/capd/v0.4.2/crd/bases/exp.infrastructure.cluster.x-k8s.io_dockermachinepools.yaml @@ -0,0 +1,380 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: dockermachinepools.exp.infrastructure.cluster.x-k8s.io +spec: + group: exp.infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: DockerMachinePool + listKind: DockerMachinePoolList + plural: dockermachinepools + singular: dockermachinepool + scope: Namespaced + versions: + - name: v1alpha3 + schema: + openAPIV3Schema: + description: DockerMachinePool is the Schema for the dockermachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachinePoolSpec defines the desired state of DockerMachinePool. + properties: + providerID: + description: ProviderID is the identification ID of the Machine Pool + type: string + providerIDList: + description: ProviderIDList is the list of identification IDs of machine + instances managed by this Machine Pool + items: + type: string + type: array + template: + description: Template contains the details used to build a replica + machine within the Machine Pool + properties: + customImage: + description: CustomImage allows customizing the container image + that is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points for + the node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into a container. + This is a simplified version of kind v1alpha4.Mount types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. If the + hostpath is a symbolic link, runtimes should follow the + symlink and mount the real destination to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a newly + created machine. This can be used to speed up tests by avoiding + e.g. to download CNI images on all the containers. + items: + type: string + type: array + type: object + type: object + status: + description: DockerMachinePoolStatus defines the observed state of DockerMachinePool. + properties: + conditions: + description: Conditions defines current service state of the DockerMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + instances: + description: Instances contains the status for each instance in the + pool + items: + properties: + addresses: + description: Addresses contains the associated addresses for + the docker machine. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine + type: boolean + instanceName: + description: InstanceName is the identification of the Machine + Instance within the Machine Pool + type: string + providerID: + description: ProviderID is the provider identification of the + Machine Pool Instance + type: string + ready: + description: Ready denotes that the machine (docker container) + is ready + type: boolean + version: + description: Version defines the Kubernetes version for the + Machine Instance + type: string + type: object + type: array + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + ready: + description: Ready denotes that the machine pool is ready + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1alpha4 + schema: + openAPIV3Schema: + description: DockerMachinePool is the Schema for the dockermachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachinePoolSpec defines the desired state of DockerMachinePool. + properties: + providerID: + description: ProviderID is the identification ID of the Machine Pool + type: string + providerIDList: + description: ProviderIDList is the list of identification IDs of machine + instances managed by this Machine Pool + items: + type: string + type: array + template: + description: Template contains the details used to build a replica + machine within the Machine Pool + properties: + customImage: + description: CustomImage allows customizing the container image + that is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points for + the node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into a container. + This is a simplified version of kind v1alpha4.Mount types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. If the + hostpath is a symbolic link, runtimes should follow the + symlink and mount the real destination to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a newly + created machine. This can be used to speed up tests by avoiding + e.g. to download CNI images on all the containers. + items: + type: string + type: array + type: object + type: object + status: + description: DockerMachinePoolStatus defines the observed state of DockerMachinePool. + properties: + conditions: + description: Conditions defines current service state of the DockerMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + instances: + description: Instances contains the status for each instance in the + pool + items: + properties: + addresses: + description: Addresses contains the associated addresses for + the docker machine. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine + type: boolean + instanceName: + description: InstanceName is the identification of the Machine + Instance within the Machine Pool + type: string + providerID: + description: ProviderID is the provider identification of the + Machine Pool Instance + type: string + ready: + description: Ready denotes that the machine (docker container) + is ready + type: boolean + version: + description: Version defines the Kubernetes version for the + Machine Instance + type: string + type: object + type: array + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + ready: + description: Ready denotes that the machine pool is ready + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockerclusters.yaml b/manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockerclusters.yaml new file mode 100644 index 000000000..0c9df6ce3 --- /dev/null +++ b/manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockerclusters.yaml @@ -0,0 +1,315 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: dockerclusters.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: DockerCluster + listKind: DockerClusterList + plural: dockerclusters + singular: dockercluster + scope: Namespaced + versions: + - name: v1alpha3 + schema: + openAPIV3Schema: + description: DockerCluster is the Schema for the dockerclusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerClusterSpec defines the desired state of DockerCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server is serving. + type: string + port: + description: Port is the port on which the API server is serving. + type: integer + required: + - host + - port + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains are not usulaly defined on the spec. The + docker provider is special since failure domains don't mean anything + in a local docker environment. Instead, the docker cluster controller + will simply copy these into the Status and allow the Cluster API + controllers to do what they will with the defined failure domains. + type: object + type: object + status: + description: DockerClusterStatus defines the observed state of DockerCluster. + properties: + conditions: + description: Conditions defines current service state of the DockerCluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains don't mean much in CAPD since it's all + local, but we can see how the rest of cluster API will use this + if we populate it. + type: object + ready: + description: Ready denotes that the docker cluster (infrastructure) + is ready. + type: boolean + required: + - ready + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1alpha4 + schema: + openAPIV3Schema: + description: DockerCluster is the Schema for the dockerclusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerClusterSpec defines the desired state of DockerCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server is serving. + type: string + port: + description: Port is the port on which the API server is serving. + type: integer + required: + - host + - port + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains are not usulaly defined on the spec. The + docker provider is special since failure domains don't mean anything + in a local docker environment. Instead, the docker cluster controller + will simply copy these into the Status and allow the Cluster API + controllers to do what they will with the defined failure domains. + type: object + loadBalancer: + description: LoadBalancer allows defining configurations for the cluster + load balancer. + properties: + imageRepository: + description: ImageRepository sets the container registry to pull + the haproxy image from. if not set, "kindest" will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the haproxy + image. if not set, "v20210715-a6da3463" will be used instead. + type: string + type: object + type: object + status: + description: DockerClusterStatus defines the observed state of DockerCluster. + properties: + conditions: + description: Conditions defines current service state of the DockerCluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster API failure + domains. It allows controllers to understand how many failure + domains a cluster can optionally span across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes an + infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure domain + is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains don't mean much in CAPD since it's all + local, but we can see how the rest of cluster API will use this + if we populate it. + type: object + ready: + description: Ready denotes that the docker cluster (infrastructure) + is ready. + type: boolean + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockerclustertemplates.yaml b/manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockerclustertemplates.yaml new file mode 100644 index 000000000..98d5ec6b0 --- /dev/null +++ b/manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockerclustertemplates.yaml @@ -0,0 +1,118 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: dockerclustertemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + kind: DockerClusterTemplate + listKind: DockerClusterTemplateList + plural: dockerclustertemplates + singular: dockerclustertemplate + scope: Namespaced + versions: + - name: v1alpha4 + schema: + openAPIV3Schema: + description: DockerClusterTemplate is the Schema for the dockerclustertemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerClusterTemplateSpec defines the desired state of DockerClusterTemplate. + properties: + template: + description: DockerClusterTemplateResource describes the data needed + to create a DockerCluster from a template. + properties: + spec: + description: DockerClusterSpec defines the desired state of DockerCluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint + used to communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server + is serving. + type: string + port: + description: Port is the port on which the API server + is serving. + type: integer + required: + - host + - port + type: object + failureDomains: + additionalProperties: + description: FailureDomainSpec is the Schema for Cluster + API failure domains. It allows controllers to understand + how many failure domains a cluster can optionally span + across. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a free form map of attributes + an infrastructure provider might use or require. + type: object + controlPlane: + description: ControlPlane determines if this failure + domain is suitable for use by control plane machines. + type: boolean + type: object + description: FailureDomains are not usulaly defined on the + spec. The docker provider is special since failure domains + don't mean anything in a local docker environment. Instead, + the docker cluster controller will simply copy these into + the Status and allow the Cluster API controllers to do what + they will with the defined failure domains. + type: object + loadBalancer: + description: LoadBalancer allows defining configurations for + the cluster load balancer. + properties: + imageRepository: + description: ImageRepository sets the container registry + to pull the haproxy image from. if not set, "kindest" + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the + haproxy image. if not set, "v20210715-a6da3463" will + be used instead. + type: string + type: object + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockermachinepools.yaml b/manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockermachinepools.yaml new file mode 100644 index 000000000..fd3aa5a9c --- /dev/null +++ b/manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockermachinepools.yaml @@ -0,0 +1,380 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0-beta.0 + creationTimestamp: null + name: dockermachinepools.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: DockerMachinePool + listKind: DockerMachinePoolList + plural: dockermachinepools + singular: dockermachinepool + scope: Namespaced + versions: + - name: v1alpha3 + schema: + openAPIV3Schema: + description: DockerMachinePool is the Schema for the dockermachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachinePoolSpec defines the desired state of DockerMachinePool. + properties: + providerID: + description: ProviderID is the identification ID of the Machine Pool + type: string + providerIDList: + description: ProviderIDList is the list of identification IDs of machine + instances managed by this Machine Pool + items: + type: string + type: array + template: + description: Template contains the details used to build a replica + machine within the Machine Pool + properties: + customImage: + description: CustomImage allows customizing the container image + that is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points for + the node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into a container. + This is a simplified version of kind v1alpha4.Mount types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. If the + hostpath is a symbolic link, runtimes should follow the + symlink and mount the real destination to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a newly + created machine. This can be used to speed up tests by avoiding + e.g. to download CNI images on all the containers. + items: + type: string + type: array + type: object + type: object + status: + description: DockerMachinePoolStatus defines the observed state of DockerMachinePool. + properties: + conditions: + description: Conditions defines current service state of the DockerMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + instances: + description: Instances contains the status for each instance in the + pool + items: + properties: + addresses: + description: Addresses contains the associated addresses for + the docker machine. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine + type: boolean + instanceName: + description: InstanceName is the identification of the Machine + Instance within the Machine Pool + type: string + providerID: + description: ProviderID is the provider identification of the + Machine Pool Instance + type: string + ready: + description: Ready denotes that the machine (docker container) + is ready + type: boolean + version: + description: Version defines the Kubernetes version for the + Machine Instance + type: string + type: object + type: array + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + ready: + description: Ready denotes that the machine pool is ready + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1alpha4 + schema: + openAPIV3Schema: + description: DockerMachinePool is the Schema for the dockermachinepools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachinePoolSpec defines the desired state of DockerMachinePool. + properties: + providerID: + description: ProviderID is the identification ID of the Machine Pool + type: string + providerIDList: + description: ProviderIDList is the list of identification IDs of machine + instances managed by this Machine Pool + items: + type: string + type: array + template: + description: Template contains the details used to build a replica + machine within the Machine Pool + properties: + customImage: + description: CustomImage allows customizing the container image + that is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points for + the node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into a container. + This is a simplified version of kind v1alpha4.Mount types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. If the + hostpath is a symbolic link, runtimes should follow the + symlink and mount the real destination to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a newly + created machine. This can be used to speed up tests by avoiding + e.g. to download CNI images on all the containers. + items: + type: string + type: array + type: object + type: object + status: + description: DockerMachinePoolStatus defines the observed state of DockerMachinePool. + properties: + conditions: + description: Conditions defines current service state of the DockerMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + instances: + description: Instances contains the status for each instance in the + pool + items: + properties: + addresses: + description: Addresses contains the associated addresses for + the docker machine. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine + type: boolean + instanceName: + description: InstanceName is the identification of the Machine + Instance within the Machine Pool + type: string + providerID: + description: ProviderID is the provider identification of the + Machine Pool Instance + type: string + ready: + description: Ready denotes that the machine (docker container) + is ready + type: boolean + version: + description: Version defines the Kubernetes version for the + Machine Instance + type: string + type: object + type: array + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + ready: + description: Ready denotes that the machine pool is ready + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockermachines.yaml b/manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockermachines.yaml new file mode 100644 index 000000000..daba54e50 --- /dev/null +++ b/manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockermachines.yaml @@ -0,0 +1,308 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: dockermachines.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: DockerMachine + listKind: DockerMachineList + plural: dockermachines + singular: dockermachine + scope: Namespaced + versions: + - name: v1alpha3 + schema: + openAPIV3Schema: + description: DockerMachine is the Schema for the dockermachines API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachineSpec defines the desired state of DockerMachine. + properties: + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping has + been run against this machine + type: boolean + customImage: + description: CustomImage allows customizing the container image that + is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points for the + node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into a container. + This is a simplified version of kind v1alpha4.Mount types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. If the hostpath + is a symbolic link, runtimes should follow the symlink and + mount the real destination to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a newly created + machine. This can be used to speed up tests by avoiding e.g. to + download CNI images on all the containers. + items: + type: string + type: array + providerID: + description: ProviderID will be the container name in ProviderID format + (docker:////) + type: string + type: object + status: + description: DockerMachineStatus defines the observed state of DockerMachine. + properties: + addresses: + description: Addresses contains the associated addresses for the docker + machine. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the DockerMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + loadBalancerConfigured: + description: LoadBalancerConfigured denotes that the machine has been + added to the load balancer + type: boolean + ready: + description: Ready denotes that the machine (docker container) is + ready + type: boolean + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1alpha4 + schema: + openAPIV3Schema: + description: DockerMachine is the Schema for the dockermachines API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachineSpec defines the desired state of DockerMachine. + properties: + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping has + been run against this machine + type: boolean + customImage: + description: CustomImage allows customizing the container image that + is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points for the + node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into a container. + This is a simplified version of kind v1alpha4.Mount types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. If the hostpath + is a symbolic link, runtimes should follow the symlink and + mount the real destination to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a newly created + machine. This can be used to speed up tests by avoiding e.g. to + download CNI images on all the containers. + items: + type: string + type: array + providerID: + description: ProviderID will be the container name in ProviderID format + (docker:////) + type: string + type: object + status: + description: DockerMachineStatus defines the observed state of DockerMachine. + properties: + addresses: + description: Addresses contains the associated addresses for the docker + machine. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the DockerMachine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + loadBalancerConfigured: + description: LoadBalancerConfigured denotes that the machine has been + added to the load balancer + type: boolean + ready: + description: Ready denotes that the machine (docker container) is + ready + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockermachinetemplates.yaml b/manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockermachinetemplates.yaml new file mode 100644 index 000000000..a3c92328c --- /dev/null +++ b/manifests/function/capd/v0.4.2/crd/bases/infrastructure.cluster.x-k8s.io_dockermachinetemplates.yaml @@ -0,0 +1,188 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: dockermachinetemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: DockerMachineTemplate + listKind: DockerMachineTemplateList + plural: dockermachinetemplates + singular: dockermachinetemplate + scope: Namespaced + versions: + - name: v1alpha3 + schema: + openAPIV3Schema: + description: DockerMachineTemplate is the Schema for the dockermachinetemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachineTemplateSpec defines the desired state of DockerMachineTemplate. + properties: + template: + description: DockerMachineTemplateResource describes the data needed + to create a DockerMachine from a template. + properties: + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine + type: boolean + customImage: + description: CustomImage allows customizing the container + image that is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points + for the node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into + a container. This is a simplified version of kind v1alpha4.Mount + types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. + If the hostpath is a symbolic link, runtimes should + follow the symlink and mount the real destination + to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a + newly created machine. This can be used to speed up tests + by avoiding e.g. to download CNI images on all the containers. + items: + type: string + type: array + providerID: + description: ProviderID will be the container name in ProviderID + format (docker:////) + type: string + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: false + - name: v1alpha4 + schema: + openAPIV3Schema: + description: DockerMachineTemplate is the Schema for the dockermachinetemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DockerMachineTemplateSpec defines the desired state of DockerMachineTemplate. + properties: + template: + description: DockerMachineTemplateResource describes the data needed + to create a DockerMachine from a template. + properties: + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + bootstrapped: + description: Bootstrapped is true when the kubeadm bootstrapping + has been run against this machine + type: boolean + customImage: + description: CustomImage allows customizing the container + image that is used for running the machine + type: string + extraMounts: + description: ExtraMounts describes additional mount points + for the node container These may be used to bind a hostPath + items: + description: Mount specifies a host volume to mount into + a container. This is a simplified version of kind v1alpha4.Mount + types. + properties: + containerPath: + description: Path of the mount within the container. + type: string + hostPath: + description: Path of the mount on the host. If the hostPath + doesn't exist, then runtimes should report error. + If the hostpath is a symbolic link, runtimes should + follow the symlink and mount the real destination + to container. + type: string + readOnly: + description: If set, the mount is read-only. + type: boolean + type: object + type: array + preLoadImages: + description: PreLoadImages allows to pre-load images in a + newly created machine. This can be used to speed up tests + by avoiding e.g. to download CNI images on all the containers. + items: + type: string + type: array + providerID: + description: ProviderID will be the container name in ProviderID + format (docker:////) + type: string + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/capd/v0.4.2/crd/kustomization.yaml b/manifests/function/capd/v0.4.2/crd/kustomization.yaml new file mode 100644 index 000000000..adb833eab --- /dev/null +++ b/manifests/function/capd/v0.4.2/crd/kustomization.yaml @@ -0,0 +1,34 @@ +commonLabels: + cluster.x-k8s.io/v1alpha3: v1alpha3 + cluster.x-k8s.io/v1alpha4: v1alpha4 + +# This kustomization.yaml is not intended to be run by itself, +# since it depends on service name and namespace that are out of this kustomize package. +# It should be run by config/ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - bases/infrastructure.cluster.x-k8s.io_dockermachines.yaml + - bases/infrastructure.cluster.x-k8s.io_dockerclusters.yaml + - bases/infrastructure.cluster.x-k8s.io_dockermachinetemplates.yaml + - bases/infrastructure.cluster.x-k8s.io_dockermachinepools.yaml + - bases/infrastructure.cluster.x-k8s.io_dockerclustertemplates.yaml +# +kubebuilder:scaffold:crdkustomizeresource + +patchesStrategicMerge: + # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. + # patches here are for enabling the conversion webhook for each CRD + #- patches/webhook_in_dockermachines.yaml + - patches/webhook_in_dockerclusters.yaml + - patches/webhook_in_dockerclustertemplates.yaml + # +kubebuilder:scaffold:crdkustomizewebhookpatch + # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. + # patches here are for enabling the CA injection for each CRD + #- patches/cainjection_in_dockermachines.yaml + - patches/cainjection_in_dockerclusters.yaml + - patches/cainjection_in_dockerclustertemplates.yaml +# +kubebuilder:scaffold:crdkustomizecainjectionpatch + +# the following config is for teaching kustomize how to do kustomization for CRDs. +configurations: + - kustomizeconfig.yaml diff --git a/manifests/function/capd/v0.4.2/crd/kustomizeconfig.yaml b/manifests/function/capd/v0.4.2/crd/kustomizeconfig.yaml new file mode 100644 index 000000000..8e2d8d6b1 --- /dev/null +++ b/manifests/function/capd/v0.4.2/crd/kustomizeconfig.yaml @@ -0,0 +1,17 @@ +# This file is for teaching kustomize how to substitute name and namespace reference in CRD +nameReference: +- kind: Service + version: v1 + fieldSpecs: + - kind: CustomResourceDefinition + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/name + +namespace: +- kind: CustomResourceDefinition + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/namespace + create: false + +varReference: +- path: metadata/annotations diff --git a/manifests/function/capd/v0.4.2/crd/patches/cainjection_in_dockerclusters.yaml b/manifests/function/capd/v0.4.2/crd/patches/cainjection_in_dockerclusters.yaml new file mode 100644 index 000000000..588b6d6b2 --- /dev/null +++ b/manifests/function/capd/v0.4.2/crd/patches/cainjection_in_dockerclusters.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: dockerclusters.infrastructure.cluster.x-k8s.io diff --git a/manifests/function/capd/v0.4.2/crd/patches/cainjection_in_dockerclustertemplates.yaml b/manifests/function/capd/v0.4.2/crd/patches/cainjection_in_dockerclustertemplates.yaml new file mode 100644 index 000000000..8ed8240f3 --- /dev/null +++ b/manifests/function/capd/v0.4.2/crd/patches/cainjection_in_dockerclustertemplates.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: dockerclustertemplates.infrastructure.cluster.x-k8s.io diff --git a/manifests/function/capd/v0.4.2/crd/patches/cainjection_in_dockermachinepools.yaml b/manifests/function/capd/v0.4.2/crd/patches/cainjection_in_dockermachinepools.yaml new file mode 100644 index 000000000..14bbeb5ca --- /dev/null +++ b/manifests/function/capd/v0.4.2/crd/patches/cainjection_in_dockermachinepools.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: dockermachinepools.exp.infrastructure.cluster.x-k8s.io diff --git a/manifests/function/capd/v0.4.2/crd/patches/cainjection_in_dockermachines.yaml b/manifests/function/capd/v0.4.2/crd/patches/cainjection_in_dockermachines.yaml new file mode 100644 index 000000000..324733ad3 --- /dev/null +++ b/manifests/function/capd/v0.4.2/crd/patches/cainjection_in_dockermachines.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: dockermachines.infrastructure.cluster.x-k8s.io diff --git a/manifests/function/capd/v0.4.2/crd/patches/webhook_in_dockerclusters.yaml b/manifests/function/capd/v0.4.2/crd/patches/webhook_in_dockerclusters.yaml new file mode 100644 index 000000000..2dfca085a --- /dev/null +++ b/manifests/function/capd/v0.4.2/crd/patches/webhook_in_dockerclusters.yaml @@ -0,0 +1,19 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: dockerclusters.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/manifests/function/capd/v0.4.2/crd/patches/webhook_in_dockerclustertemplates.yaml b/manifests/function/capd/v0.4.2/crd/patches/webhook_in_dockerclustertemplates.yaml new file mode 100644 index 000000000..7c11cf888 --- /dev/null +++ b/manifests/function/capd/v0.4.2/crd/patches/webhook_in_dockerclustertemplates.yaml @@ -0,0 +1,19 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: dockerclustertemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/manifests/function/capd/v0.4.2/crd/patches/webhook_in_dockermachinepools.yaml b/manifests/function/capd/v0.4.2/crd/patches/webhook_in_dockermachinepools.yaml new file mode 100644 index 000000000..6f25a71cd --- /dev/null +++ b/manifests/function/capd/v0.4.2/crd/patches/webhook_in_dockermachinepools.yaml @@ -0,0 +1,19 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: dockermachinepools.exp.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert \ No newline at end of file diff --git a/manifests/function/capd/v0.4.2/crd/patches/webhook_in_dockermachines.yaml b/manifests/function/capd/v0.4.2/crd/patches/webhook_in_dockermachines.yaml new file mode 100644 index 000000000..a9c56366f --- /dev/null +++ b/manifests/function/capd/v0.4.2/crd/patches/webhook_in_dockermachines.yaml @@ -0,0 +1,19 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: dockermachines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/manifests/function/capd/v0.4.2/data/kustomization.yaml b/manifests/function/capd/v0.4.2/data/kustomization.yaml new file mode 100644 index 000000000..65d5b6a21 --- /dev/null +++ b/manifests/function/capd/v0.4.2/data/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - metadata.yaml diff --git a/manifests/function/capd/v0.4.2/data/metadata.yaml b/manifests/function/capd/v0.4.2/data/metadata.yaml new file mode 100644 index 000000000..3700cb2ff --- /dev/null +++ b/manifests/function/capd/v0.4.2/data/metadata.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 +kind: Metadata +metadata: + name: repository-metadata + labels: + airshipit.org/deploy-k8s: "false" +releaseSeries: +- major: 0 + minor: 4 + contract: v1alpha4 + + diff --git a/manifests/function/capd/v0.4.2/default/kustomization.yaml b/manifests/function/capd/v0.4.2/default/kustomization.yaml new file mode 100644 index 000000000..6ff3f0269 --- /dev/null +++ b/manifests/function/capd/v0.4.2/default/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: capd-system + +resources: + - namespace.yaml + +bases: + - ../rbac diff --git a/manifests/function/capd/v0.4.2/default/namespace.yaml b/manifests/function/capd/v0.4.2/default/namespace.yaml new file mode 100644 index 000000000..8b55c3cd8 --- /dev/null +++ b/manifests/function/capd/v0.4.2/default/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + name: system diff --git a/manifests/function/capd/v0.4.2/kustomization.yaml b/manifests/function/capd/v0.4.2/kustomization.yaml new file mode 100644 index 000000000..9d34ac18e --- /dev/null +++ b/manifests/function/capd/v0.4.2/kustomization.yaml @@ -0,0 +1,11 @@ +namePrefix: capd- + +commonLabels: + cluster.x-k8s.io/provider: "infrastructure-docker" + +resources: +- crd +- default +- data +- webhook + diff --git a/manifests/function/capd/v0.4.2/manager/kustomization.yaml b/manifests/function/capd/v0.4.2/manager/kustomization.yaml new file mode 100644 index 000000000..7d8cc4d25 --- /dev/null +++ b/manifests/function/capd/v0.4.2/manager/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- manager.yaml + +patchesStrategicMerge: + - manager_image_patch.yaml + - manager_auth_proxy_patch.yaml + diff --git a/manifests/function/capd/v0.4.2/manager/manager.yaml b/manifests/function/capd/v0.4.2/manager/manager.yaml new file mode 100644 index 000000000..4454c9004 --- /dev/null +++ b/manifests/function/capd/v0.4.2/manager/manager.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system + labels: + control-plane: controller-manager +spec: + selector: + matchLabels: + control-plane: controller-manager + replicas: 1 + template: + metadata: + labels: + control-plane: controller-manager + spec: + containers: + - args: + - "--leader-elect" + - "--metrics-bind-addr=localhost:8080" + - "--feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},ClusterTopology=${CLUSTER_TOPOLOGY:=false}" + image: controller:latest + name: manager + ports: + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + livenessProbe: + httpGet: + path: /healthz + port: healthz + volumeMounts: + - mountPath: /var/run/docker.sock + name: dockersock + securityContext: + privileged: true + terminationGracePeriodSeconds: 10 + serviceAccountName: manager + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + volumes: + - name: dockersock + hostPath: + path: /var/run/docker.sock diff --git a/manifests/function/capd/v0.4.2/manager/manager_auth_proxy_patch.yaml b/manifests/function/capd/v0.4.2/manager/manager_auth_proxy_patch.yaml new file mode 100644 index 000000000..44317f4e7 --- /dev/null +++ b/manifests/function/capd/v0.4.2/manager/manager_auth_proxy_patch.yaml @@ -0,0 +1,26 @@ +# This patch inject a sidecar container which is a HTTP proxy for the controller manager, +# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: kube-rbac-proxy + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8080/" + - "--logtostderr=true" + - "--v=10" + ports: + - containerPort: 8443 + name: https + - name: manager + args: + - "--feature-gates=MachinePool=${EXP_MACHINE_POOL:=false}" + - "-v=4" + diff --git a/manifests/function/capd/v0.4.2/manager/manager_image_patch.yaml b/manifests/function/capd/v0.4.2/manager/manager_image_patch.yaml new file mode 100644 index 000000000..2b0a3fe80 --- /dev/null +++ b/manifests/function/capd/v0.4.2/manager/manager_image_patch.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + # Change the value of image field below to your controller image URL + - image: gcr.io/k8s-staging-cluster-api/capd-manager:master + name: manager diff --git a/manifests/function/capd/v0.4.2/manager/manager_pull_policy.yaml b/manifests/function/capd/v0.4.2/manager/manager_pull_policy.yaml new file mode 100644 index 000000000..74a0879c6 --- /dev/null +++ b/manifests/function/capd/v0.4.2/manager/manager_pull_policy.yaml @@ -0,0 +1,11 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + imagePullPolicy: Always diff --git a/manifests/function/capd/v0.4.2/rbac/auth_proxy_role.yaml b/manifests/function/capd/v0.4.2/rbac/auth_proxy_role.yaml new file mode 100644 index 000000000..618f5e417 --- /dev/null +++ b/manifests/function/capd/v0.4.2/rbac/auth_proxy_role.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: proxy-role +rules: +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: + - subjectaccessreviews + verbs: ["create"] diff --git a/manifests/function/capd/v0.4.2/rbac/auth_proxy_role_binding.yaml b/manifests/function/capd/v0.4.2/rbac/auth_proxy_role_binding.yaml new file mode 100644 index 000000000..48ed1e4b8 --- /dev/null +++ b/manifests/function/capd/v0.4.2/rbac/auth_proxy_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: proxy-role +subjects: +- kind: ServiceAccount + name: default + namespace: system diff --git a/manifests/function/capd/v0.4.2/rbac/auth_proxy_service.yaml b/manifests/function/capd/v0.4.2/rbac/auth_proxy_service.yaml new file mode 100644 index 000000000..d61e5469f --- /dev/null +++ b/manifests/function/capd/v0.4.2/rbac/auth_proxy_service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "8443" + prometheus.io/scheme: https + prometheus.io/scrape: "true" + labels: + control-plane: controller-manager + name: controller-manager-metrics-service + namespace: system +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager diff --git a/manifests/function/capd/v0.4.2/rbac/kustomization.yaml b/manifests/function/capd/v0.4.2/rbac/kustomization.yaml new file mode 100644 index 000000000..e942b7437 --- /dev/null +++ b/manifests/function/capd/v0.4.2/rbac/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- role.yaml +- role_binding.yaml +- service_account.yaml +- leader_election_role.yaml +- leader_election_role_binding.yaml +- auth_proxy_service.yaml +- auth_proxy_role.yaml +- auth_proxy_role_binding.yaml + diff --git a/manifests/function/capd/v0.4.2/rbac/leader_election_role.yaml b/manifests/function/capd/v0.4.2/rbac/leader_election_role.yaml new file mode 100644 index 000000000..86ba4b1ee --- /dev/null +++ b/manifests/function/capd/v0.4.2/rbac/leader_election_role.yaml @@ -0,0 +1,44 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - "coordination.k8s.io" + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete diff --git a/manifests/function/capd/v0.4.2/rbac/leader_election_role_binding.yaml b/manifests/function/capd/v0.4.2/rbac/leader_election_role_binding.yaml new file mode 100644 index 000000000..d5e004467 --- /dev/null +++ b/manifests/function/capd/v0.4.2/rbac/leader_election_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: manager + namespace: system diff --git a/manifests/function/capd/v0.4.2/rbac/role.yaml b/manifests/function/capd/v0.4.2/rbac/role.yaml new file mode 100644 index 000000000..c3401aba5 --- /dev/null +++ b/manifests/function/capd/v0.4.2/rbac/role.yaml @@ -0,0 +1,97 @@ + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: manager-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - machines + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinepools + - machinepools/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - dockerclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - dockerclusters/finalizers + - dockerclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - dockermachinepools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - dockermachinepools/finalizers + - dockermachinepools/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - dockermachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - dockermachines/finalizers + - dockermachines/status + verbs: + - get + - patch + - update diff --git a/manifests/function/capd/v0.4.2/rbac/role_binding.yaml b/manifests/function/capd/v0.4.2/rbac/role_binding.yaml new file mode 100644 index 000000000..5a95f66d6 --- /dev/null +++ b/manifests/function/capd/v0.4.2/rbac/role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: manager + namespace: system diff --git a/manifests/function/capd/v0.4.2/rbac/service_account.yaml b/manifests/function/capd/v0.4.2/rbac/service_account.yaml new file mode 100644 index 000000000..77f747b53 --- /dev/null +++ b/manifests/function/capd/v0.4.2/rbac/service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: manager + namespace: system diff --git a/manifests/function/capd/v0.4.2/webhook/kustomization.yaml b/manifests/function/capd/v0.4.2/webhook/kustomization.yaml new file mode 100644 index 000000000..b0f508d71 --- /dev/null +++ b/manifests/function/capd/v0.4.2/webhook/kustomization.yaml @@ -0,0 +1,44 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: capd-system + +resources: +- manifests.yaml +- service.yaml +- ../certmanager +- ../manager + +patchesStrategicMerge: +- manager_webhook_patch.yaml +- webhookcainjection_patch.yaml + +configurations: +- kustomizeconfig.yaml + +vars: + - name: SERVICE_NAMESPACE # namespace of the service + objref: + kind: Service + version: v1 + name: webhook-service + fieldref: + fieldpath: metadata.namespace + - name: SERVICE_NAME + objref: + kind: Service + version: v1 + name: webhook-service + - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR + objref: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldref: + fieldpath: metadata.namespace + - name: CERTIFICATE_NAME + objref: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert diff --git a/manifests/function/capd/v0.4.2/webhook/kustomizeconfig.yaml b/manifests/function/capd/v0.4.2/webhook/kustomizeconfig.yaml new file mode 100644 index 000000000..9e7be21c5 --- /dev/null +++ b/manifests/function/capd/v0.4.2/webhook/kustomizeconfig.yaml @@ -0,0 +1,22 @@ +# the following config is for teaching kustomize where to look at when substituting vars. +# It requires kustomize v2.1.0 or newer to work properly. +nameReference: +- kind: Service + version: v1 + fieldSpecs: + - kind: ValidatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/name + +namespace: +- kind: ValidatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/namespace + create: true + +varReference: +- path: metadata/annotations + +- path: metadata/annotations +- kind: Deployment + path: spec/template/spec/volumes/secret/secretName diff --git a/manifests/function/capd/v0.4.2/webhook/manager_webhook_patch.yaml b/manifests/function/capd/v0.4.2/webhook/manager_webhook_patch.yaml new file mode 100644 index 000000000..f18fd10f9 --- /dev/null +++ b/manifests/function/capd/v0.4.2/webhook/manager_webhook_patch.yaml @@ -0,0 +1,23 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + volumes: + - name: cert + secret: + secretName: $(SERVICE_NAME)-cert # this secret will not be prefixed, since it's not managed by kustomize + diff --git a/manifests/function/capd/v0.4.2/webhook/manifests.yaml b/manifests/function/capd/v0.4.2/webhook/manifests.yaml new file mode 100644 index 000000000..bc0aa5d9e --- /dev/null +++ b/manifests/function/capd/v0.4.2/webhook/manifests.yaml @@ -0,0 +1,126 @@ + +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + creationTimestamp: null + name: mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha4-dockercluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.dockercluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha4 + operations: + - CREATE + - UPDATE + resources: + - dockerclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha4-dockerclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.dockerclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha4 + operations: + - CREATE + - UPDATE + resources: + - dockerclustertemplates + sideEffects: None + +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + name: validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha4-dockercluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.dockercluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha4 + operations: + - CREATE + - UPDATE + resources: + - dockerclusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha4-dockerclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.dockerclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha4 + operations: + - CREATE + - UPDATE + resources: + - dockerclustertemplates + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha4-dockermachinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.dockermachinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha4 + operations: + - CREATE + - UPDATE + resources: + - dockermachinetemplates + sideEffects: None diff --git a/manifests/function/capd/v0.4.2/webhook/service.yaml b/manifests/function/capd/v0.4.2/webhook/service.yaml new file mode 100644 index 000000000..67b7891bf --- /dev/null +++ b/manifests/function/capd/v0.4.2/webhook/service.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: webhook-service + namespace: system +spec: + ports: + - port: 443 + targetPort: webhook-server + diff --git a/manifests/function/capd/v0.4.2/webhook/webhookcainjection_patch.yaml b/manifests/function/capd/v0.4.2/webhook/webhookcainjection_patch.yaml new file mode 100644 index 000000000..6eb6e71c2 --- /dev/null +++ b/manifests/function/capd/v0.4.2/webhook/webhookcainjection_patch.yaml @@ -0,0 +1,15 @@ +# This patch add annotation to admission webhook config and +# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: mutating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)