diff --git a/manifests/function/baremetal-provider/kustomization.yaml b/manifests/function/baremetal-provider/kustomization.yaml new file mode 100644 index 000000000..28342dde3 --- /dev/null +++ b/manifests/function/baremetal-provider/kustomization.yaml @@ -0,0 +1,18 @@ +resources: + - ../../global/crd/baremetal-provider + - rbac + - provider.yaml + - namespace.yaml + +commonLabels: + # NOTE We can't use airshipit.org/clustertype + # bacause a label can't consists of multiple values + airshipit.org/ephemeral: "true" + airshipit.org/target: "true" + +namespace: capbm + +#vars: +# $(IMAGE_PULL_POLICY) +# The image pull policy by default should be "IfNotPresent", +# it should be globally defined for all images diff --git a/manifests/function/baremetal-provider/namespace.yaml b/manifests/function/baremetal-provider/namespace.yaml new file mode 100644 index 000000000..d10c4650b --- /dev/null +++ b/manifests/function/baremetal-provider/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: capbm diff --git a/manifests/function/baremetal-provider/provider.yaml b/manifests/function/baremetal-provider/provider.yaml new file mode 100644 index 000000000..72f62e07d --- /dev/null +++ b/manifests/function/baremetal-provider/provider.yaml @@ -0,0 +1,108 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: capbm-webhook-server-secret +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "8443" + prometheus.io/scheme: https + prometheus.io/scrape: "true" + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + name: capbm-controller-manager-metrics-svc +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + name: capbm-controller-manager-service +spec: + ports: + - port: 443 + selector: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + name: capbm-controller-manager +spec: + selector: + matchLabels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + serviceName: capbm-controller-manager-service + template: + metadata: + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + - args: + - --metrics-addr=127.0.0.1:8080 + - --enable-leader-election + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SECRET_NAME + value: capbm-webhook-server-secret + image: "quay.io/metal3-io/cluster-api-provider-baremetal:v1alpha2" + imagePullPolicy: $(IMAGE_PULL_POLICY) + name: manager + ports: + - containerPort: 9876 + name: webhook-server + protocol: TCP + resources: + limits: + cpu: 100m + memory: 30Mi + requests: + cpu: 100m + memory: 20Mi + volumeMounts: + - mountPath: /tmp/cert + name: cert + readOnly: true + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: capbm-webhook-server-secret diff --git a/manifests/function/baremetal-provider/rbac/capbm-leader-election-role.yaml b/manifests/function/baremetal-provider/rbac/capbm-leader-election-role.yaml new file mode 100644 index 000000000..e911e9541 --- /dev/null +++ b/manifests/function/baremetal-provider/rbac/capbm-leader-election-role.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: capbm-leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create diff --git a/manifests/function/baremetal-provider/rbac/capbm-leader-election-rolebinding.yaml b/manifests/function/baremetal-provider/rbac/capbm-leader-election-rolebinding.yaml new file mode 100644 index 000000000..57f686a61 --- /dev/null +++ b/manifests/function/baremetal-provider/rbac/capbm-leader-election-rolebinding.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: capbm-leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capbm-leader-election-role +subjects: +- kind: ServiceAccount + name: default diff --git a/manifests/function/baremetal-provider/rbac/capbm-manager-role.yaml b/manifests/function/baremetal-provider/rbac/capbm-manager-role.yaml new file mode 100644 index 000000000..9cd151598 --- /dev/null +++ b/manifests/function/baremetal-provider/rbac/capbm-manager-role.yaml @@ -0,0 +1,108 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: capbm-manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - baremetalclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - baremetalclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - baremetalmachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - baremetalmachines/status + verbs: + - get + - patch + - update +- apiGroups: + - metal3.io + resources: + - baremetalhosts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - metal3.io + resources: + - baremetalhosts/status + verbs: + - get + - patch + - update diff --git a/manifests/function/baremetal-provider/rbac/capbm-manager-rolebinding.yaml b/manifests/function/baremetal-provider/rbac/capbm-manager-rolebinding.yaml new file mode 100644 index 000000000..8b16b65b6 --- /dev/null +++ b/manifests/function/baremetal-provider/rbac/capbm-manager-rolebinding.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + control-plane: capbm-controller-manager + name: capbm-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capbm-manager-role +subjects: +- kind: ServiceAccount + name: default diff --git a/manifests/function/baremetal-provider/rbac/capbm-proxy-role.yaml b/manifests/function/baremetal-provider/rbac/capbm-proxy-role.yaml new file mode 100644 index 000000000..0c2c9a471 --- /dev/null +++ b/manifests/function/baremetal-provider/rbac/capbm-proxy-role.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + control-plane: capbm-controller-manager + name: capbm-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/manifests/function/baremetal-provider/rbac/capbm-proxy-rolebinding.yaml b/manifests/function/baremetal-provider/rbac/capbm-proxy-rolebinding.yaml new file mode 100644 index 000000000..391efe811 --- /dev/null +++ b/manifests/function/baremetal-provider/rbac/capbm-proxy-rolebinding.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + control-plane: capbm-controller-manager + name: capbm-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capbm-proxy-role +subjects: +- kind: ServiceAccount + name: default diff --git a/manifests/function/baremetal-provider/rbac/kustomization.yaml b/manifests/function/baremetal-provider/rbac/kustomization.yaml new file mode 100644 index 000000000..cd533af2a --- /dev/null +++ b/manifests/function/baremetal-provider/rbac/kustomization.yaml @@ -0,0 +1,7 @@ +resources: + - capbm-leader-election-rolebinding.yaml + - capbm-leader-election-role.yaml + - capbm-manager-rolebinding.yaml + - capbm-manager-role.yaml + - capbm-proxy-rolebinding.yaml + - capbm-proxy-role.yaml diff --git a/manifests/global/crd/baremetal-provider/baremetalclusters.infrastructure.cluster.x-k8s.io.yaml b/manifests/global/crd/baremetal-provider/baremetalclusters.infrastructure.cluster.x-k8s.io.yaml new file mode 100644 index 000000000..14842d15e --- /dev/null +++ b/manifests/global/crd/baremetal-provider/baremetalclusters.infrastructure.cluster.x-k8s.io.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + control-plane: capbm-controller-manager + name: baremetalclusters.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: BareMetalCluster + plural: baremetalclusters + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: BareMetalCluster is the Schema for the baremetalclusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BareMetalClusterSpec defines the desired state of BareMetalCluster. + properties: + apiEndpoint: + type: string + required: + - apiEndpoint + type: object + status: + description: BareMetalClusterStatus defines the observed state of BareMetalCluster. + properties: + apiEndpoints: + description: APIEndpoints represents the endpoints to communicate with + the control plane. + items: + description: APIEndpoint represents a reachable Kubernetes API endpoint. + properties: + host: + description: Host is the hostname on which the API server is serving. + type: string + port: + description: Port is the port on which the API server is serving. + type: integer + required: + - host + - port + type: object + type: array + errorMessage: + description: "ErrorMessage will be set in the event that there is a + terminal problem reconciling the BaremetalMachine and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the BaremetalMachine's spec or the configuration of the + controller, and that manual intervention is required. Examples of + terminal errors would be invalid combinations of settings in the spec, + values that are unsupported by the controller, or the responsible + controller itself being critically misconfigured. \n Any transient + errors that occur during the reconciliation of Machines can be added + as events to the BaremetalMachine object and/or logged in the controller's + output." + type: string + errorReason: + description: "ErrorReason will be set in the event that there is a terminal + problem reconciling the BaremetalMachine and will contain a succinct + value suitable for machine interpretation. \n This field should not + be set for transitive errors that a controller faces that are expected + to be fixed automatically over time (like service outages), but instead + indicate that something is fundamentally wrong with the BaremetalMachine's + spec or the configuration of the controller, and that manual intervention + is required. Examples of terminal errors would be invalid combinations + of settings in the spec, values that are unsupported by the controller, + or the responsible controller itself being critically misconfigured. + \n Any transient errors that occur during the reconciliation of Machines + can be added as events to the BaremetalMachine object and/or logged + in the controller's output." + type: string + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + ready: + description: Ready denotes that the baremetal cluster (infrastructure) + is ready. In Baremetal case, it does not mean anything for now as + no infrastructure steps need to be performed. Required by Cluster + API. Set to True by the BaremetalCluster controller after creation. + type: boolean + required: + - ready + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/global/crd/baremetal-provider/baremetalmachines.infrastructure.cluster.x-k8s.io.yaml b/manifests/global/crd/baremetal-provider/baremetalmachines.infrastructure.cluster.x-k8s.io.yaml new file mode 100644 index 000000000..55c6c5946 --- /dev/null +++ b/manifests/global/crd/baremetal-provider/baremetalmachines.infrastructure.cluster.x-k8s.io.yaml @@ -0,0 +1,192 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + control-plane: capbm-controller-manager + name: baremetalmachines.infrastructure.cluster.x-k8s.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.providerID + description: Provider ID + name: ProviderID + type: string + - JSONPath: .status.ready + description: BaremetalMachine is Ready + name: Ready + type: string + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: BareMetalMachine + plural: baremetalmachines + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: BareMetalMachine is the Schema for the baremetalmachines API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BareMetalMachineSpec defines the desired state of BareMetalMachine + properties: + hostSelector: + description: HostSelector specifies matching criteria for labels on + BareMetalHosts. This is used to limit the set of BareMetalHost objects + considered for claiming for a BaremetalMachine. + properties: + matchExpressions: + description: Label match expressions that must be true on a chosen + BareMetalHost + items: + properties: + key: + type: string + operator: + description: Operator represents a key/field's relationship + to value(s). See labels.Requirement and fields.Requirement + for more details. + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: Key/value pairs of labels that must exist on a chosen + BareMetalHost + type: object + type: object + image: + description: Image is the image to be provisioned. + properties: + checksum: + description: Checksum is a md5sum value or a URL to retrieve one. + type: string + url: + description: URL is a location of an image to deploy. + type: string + required: + - checksum + - url + type: object + providerID: + description: ProviderID will be the baremetal machine in ProviderID + format (baremetal:////) + type: string + userData: + description: UserData references the Secret that holds user data needed + by the bare metal operator. The Namespace is optional; it will default + to the BaremetalMachine's namespace if not specified. + properties: + name: + description: Name is unique within a namespace to reference a secret + resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + required: + - image + type: object + status: + description: BareMetalMachineStatus defines the observed state of BareMetalMachine + properties: + addresses: + description: Addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + errorMessage: + description: "ErrorMessage will be set in the event that there is a + terminal problem reconciling the BaremetalMachine and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the BaremetalMachine's spec or the configuration of the + controller, and that manual intervention is required. Examples of + terminal errors would be invalid combinations of settings in the spec, + values that are unsupported by the controller, or the responsible + controller itself being critically misconfigured. \n Any transient + errors that occur during the reconciliation of BaremetalMachines can + be added as events to the BaremetalMachine object and/or logged in + the controller's output." + type: string + errorReason: + description: "ErrorReason will be set in the event that there is a terminal + problem reconciling the BaremetalMachine and will contain a succinct + value suitable for machine interpretation. \n This field should not + be set for transitive errors that a controller faces that are expected + to be fixed automatically over time (like service outages), but instead + indicate that something is fundamentally wrong with the BaremetalMachine's + spec or the configuration of the controller, and that manual intervention + is required. Examples of terminal errors would be invalid combinations + of settings in the spec, values that are unsupported by the controller, + or the responsible controller itself being critically misconfigured. + \n Any transient errors that occur during the reconciliation of BaremetalMachines + can be added as events to the BaremetalMachine object and/or logged + in the controller's output." + type: string + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + phase: + description: Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + ready: + description: 'Ready is the state of the metal3. TODO : Document the + variable : mhrivnak: " it would be good to document what this means, + how to interpret it, under what circumstances the value changes, etc."' + type: boolean + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/global/crd/baremetal-provider/baremetalmachinetemplates.infrastructure.cluster.x-k8s.io.yaml b/manifests/global/crd/baremetal-provider/baremetalmachinetemplates.infrastructure.cluster.x-k8s.io.yaml new file mode 100644 index 000000000..f8f5a6d75 --- /dev/null +++ b/manifests/global/crd/baremetal-provider/baremetalmachinetemplates.infrastructure.cluster.x-k8s.io.yaml @@ -0,0 +1,132 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + control-plane: capbm-controller-manager + name: baremetalmachinetemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: BareMetalMachineTemplate + plural: baremetalmachinetemplates + scope: Namespaced + validation: + openAPIV3Schema: + description: BareMetalMachineTemplate is the Schema for the baremetalmachinetemplates + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BareMetalMachineTemplateSpec defines the desired state of BareMetalMachineTemplate + properties: + template: + description: BareMetalMachineTemplateResource describes the data needed + to create a BareMetalMachine from a template + properties: + spec: + description: Spec is the specification of the desired behavior of + the machine. + properties: + hostSelector: + description: HostSelector specifies matching criteria for labels + on BareMetalHosts. This is used to limit the set of BareMetalHost + objects considered for claiming for a BaremetalMachine. + properties: + matchExpressions: + description: Label match expressions that must be true on + a chosen BareMetalHost + items: + properties: + key: + type: string + operator: + description: Operator represents a key/field's relationship + to value(s). See labels.Requirement and fields.Requirement + for more details. + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: Key/value pairs of labels that must exist on + a chosen BareMetalHost + type: object + type: object + image: + description: Image is the image to be provisioned. + properties: + checksum: + description: Checksum is a md5sum value or a URL to retrieve + one. + type: string + url: + description: URL is a location of an image to deploy. + type: string + required: + - checksum + - url + type: object + providerID: + description: ProviderID will be the baremetal machine in ProviderID + format (baremetal:////) + type: string + userData: + description: UserData references the Secret that holds user + data needed by the bare metal operator. The Namespace is optional; + it will default to the BaremetalMachine's namespace if not + specified. + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which the + secret name must be unique. + type: string + type: object + required: + - image + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + version: v1alpha2 + versions: + - name: v1alpha2 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/global/crd/baremetal-provider/kustomization.yaml b/manifests/global/crd/baremetal-provider/kustomization.yaml new file mode 100644 index 000000000..d5f4adb28 --- /dev/null +++ b/manifests/global/crd/baremetal-provider/kustomization.yaml @@ -0,0 +1,4 @@ +resources: + - baremetalclusters.infrastructure.cluster.x-k8s.io.yaml + - baremetalmachines.infrastructure.cluster.x-k8s.io.yaml + - baremetalmachinetemplates.infrastructure.cluster.x-k8s.io.yaml