airship/treasuremap
Code Issues Proposed changes

Add ViNO function to target/workload phase

Browse Source 
Change-Id: I1751ad60c05489897aff8b4d578193282acfb9c7
This commit is contained in:
digambar 2021-04-07 05:37:52 +00:00
parent b4e5cb7c24
commit 46c1671f43
45 changed files with 1951 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/function/treasuremap-base-catalogues/versions-treasuremap.yaml
View File

@ -109,3 +109,7 @@ spec:
defaultBackend: defaultBackend:
repository: k8s.gcr.io/defaultbackend-amd64 repository: k8s.gcr.io/defaultbackend-amd64
tag: 1.5 tag: 1.5
vino:
kube-rbac-proxy: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
libvirt: quay.io/airshipit/libvirt
manager: quay.io/airshipit/vino:6480ddc3ba98fba21fd692b8489adb0177abb8b5

23
manifests/function/vino/Kptfile Normal file
View File

@ -0,0 +1,23 @@
apiVersion: kpt.dev/v1alpha1
kind: Kptfile
dependencies:
- name: upstream/crd
git:
repo: "https://opendev.org/airship/vino"
directory: "config/crd"
ref: "3dc0698a85f618a24c40bd7862d1dd807fc73ae3"
- name: upstream/default
git:
repo: "https://opendev.org/airship/vino"
directory: "config/default"
ref: "3dc0698a85f618a24c40bd7862d1dd807fc73ae3"
- name: upstream/manager
git:
repo: "https://opendev.org/airship/vino"
directory: "config/manager"
ref: "3dc0698a85f618a24c40bd7862d1dd807fc73ae3"
- name: upstream/rbac
git:
repo: "https://opendev.org/airship/vino"
directory: "config/rbac"
ref: "3dc0698a85f618a24c40bd7862d1dd807fc73ae3"

4
manifests/function/vino/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- upstream/default

2
manifests/function/vino/replacements/kustomization.yaml Normal file
View File

@ -0,0 +1,2 @@
resources:
- versions.yaml

38
manifests/function/vino/replacements/versions.yaml Normal file
View File

@ -0,0 +1,38 @@
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: vino-versions-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:latest
replacements:
- source:
objref:
kind: VariableCatalogue
name: versions-treasuremap
fieldref: "{.spec.images.vino.manager}"
target:
objref:
kind: Deployment
name: vino-controller-manager
fieldrefs: ["{.spec.template.spec.containers[?(.name == 'manager')].image}"]
- source:
objref:
kind: VariableCatalogue
name: versions-treasuremap
fieldref: "{.spec.images.vino.kube-rbac-proxy}"
target:
objref:
kind: Deployment
name: vino-controller-manager
fieldrefs: ["{.spec.template.spec.containers[?(.name == 'kube-rbac-proxy')].image}"]
- source:
objref:
kind: VariableCatalogue
name: versions-treasuremap
fieldref: "{.spec.images.vino.libvirt}"
target:
objref:
kind: ConfigMap
name: vino-daemonset-template

18
manifests/function/vino/upstream/crd/Kptfile Normal file
View File

@ -0,0 +1,18 @@
apiVersion: kpt.dev/v1alpha1
kind: Kptfile
metadata:
name: upstream/crd
upstream:
type: git
git:
commit: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3
repo: https://github.com/airshipit/vino
directory: config/crd
ref: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3
openAPI:
definitions:
io.k8s.cli.setters.replicas:
x-k8s-cli:
setter:
name: replicas
value: "3"

86
manifests/function/vino/upstream/crd/bases/airship.airshipit.org_ippools.yaml Normal file
View File

@ -0,0 +1,86 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: ippools.airship.airshipit.org
spec:
group: airship.airshipit.org
names:
kind: IPPool
listKind: IPPoolList
plural: ippools
singular: ippool
scope: Namespaced
validation:
openAPIV3Schema:
description: IPPool is the Schema for the ippools API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: IPPoolSpec tracks allocation ranges and statuses within a specific
subnet IPv4 or IPv6 subnet. It has a set of ranges of IPs within the
subnet from which IPs can be allocated by IPAM, and a set of IPs that
are currently allocated already.
properties:
allocatedIPs:
items:
description: AllocatedIP Allocates an IP to an entity
properties:
allocatedTo:
type: string
ip:
type: string
required:
- allocatedTo
- ip
type: object
type: array
ranges:
items:
description: Range has (inclusive) bounds within a subnet from which
IPs can be allocated
properties:
start:
type: string
stop:
type: string
required:
- start
- stop
type: object
type: array
subnet:
type: string
required:
- allocatedIPs
- ranges
- subnet
type: object
status:
description: IPPoolStatus defines the observed state of IPPool
type: object
type: object
version: v1
versions:
- name: v1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

346
manifests/function/vino/upstream/crd/bases/airship.airshipit.org_vinoes.yaml Normal file
View File

@ -0,0 +1,346 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: vinoes.airship.airshipit.org
spec:
group: airship.airshipit.org
names:
kind: Vino
listKind: VinoList
plural: vinoes
singular: vino
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: Vino is the Schema for the vinoes API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: VinoSpec defines the desired state of Vino
properties:
bmcCredentials:
description: BMCCredentials contain credentials that will be used to
create BMH nodes sushy tools will use these credentials as well, to
set up authentication
properties:
password:
type: string
username:
type: string
required:
- password
- username
type: object
configuration:
description: Define CPU configuration
properties:
cpuExclude:
description: Exclude CPU example 0-4,54-60
type: string
type: object
daemonSetOptions:
description: DaemonSetOptions defines how vino will spawn daemonset
on nodes
properties:
libvirtImage:
type: string
namespacedName:
description: NamespacedName to be used to spawn VMs
properties:
name:
type: string
namespace:
type: string
type: object
nodeAnnotatorImage:
type: string
sushyImage:
type: string
vinoBuilderImage:
type: string
type: object
networks:
description: Define network parameters
items:
description: Network defines libvirt networks
properties:
allocationStart:
type: string
allocationStop:
type: string
dns_servers:
items:
type: string
type: array
name:
description: Network Parameter defined
type: string
routes:
items:
description: VMRoutes defined
properties:
gateway:
type: string
netmask:
type: string
network:
type: string
type: object
type: array
subnet:
type: string
type:
type: string
type: object
type: array
nodeSelector:
description: Define nodelabel parameters
properties:
matchLabels:
additionalProperties:
type: string
description: Node type needs to specified
type: object
required:
- matchLabels
type: object
nodes:
description: Define node details
items:
description: NodeSet node definitions
properties:
count:
type: integer
diskDrives:
description: DiskDrivesTemplate defines disks on the VM
properties:
name:
type: string
options:
description: DiskOptions disk options
properties:
sizeGb:
type: integer
sparse:
type: boolean
type: object
path:
type: string
type:
type: string
type: object
labels:
description: VMNodeFlavor labels for node to be annotated
properties:
vmFlavor:
additionalProperties:
type: string
type: object
type: object
libvirtTemplate:
description: NamespacedName to be used to spawn VMs
properties:
name:
type: string
namespace:
type: string
type: object
name:
description: Parameter for Node master or worker-standard
type: string
networkDataTemplate:
description: NetworkDataTemplate must have a template key
properties:
name:
type: string
namespace:
type: string
type: object
networkInterfaces:
items:
description: NetworkInterface define interface on the VM
properties:
mtu:
type: integer
name:
description: Define parameter for network interfaces
type: string
network:
type: string
options:
additionalProperties:
type: string
type: object
type:
type: string
type: object
type: array
type: object
type: array
vmBridge:
description: VMBridge defines the single interface name to be used as
a bridge for VMs
type: string
required:
- bmcCredentials
- vmBridge
type: object
status:
description: VinoStatus defines the observed state of Vino
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a foo's
current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type //
+patchStrategy=merge // +listType=map // +listMapKey=type
\ Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
\n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating details
about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers of
specific condition types may define expected values and meanings
for this field, and whether the values are considered a guaranteed
API. The value should be a CamelCase string. This field may
not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
configMapRef:
description: 'ObjectReference contains enough information to let you
inspect or modify the referred object. --- New uses of this type are
discouraged because of difficulty describing its usage when embedded
in APIs. 1. Ignored fields. It includes many fields which are not
generally honored. For instance, ResourceVersion and FieldPath are
both very rarely valid in actual usage. 2. Invalid usage help. It
is impossible to add specific help for individual usage. In most
embedded usages, there are particular restrictions like, "must
refer only to types A and B" or "UID not honored" or "name must be
restricted". Those cannot be well described when embedded. 3.
Inconsistent validation. Because the usages are different, the validation
rules are different by usage, which makes it hard for users to predict
what will happen. 4. The fields are both imprecise and overly precise. Kind
is not a precise mapping to a URL. This can produce ambiguity during
interpretation and require a REST mapping. In most cases, the dependency
is on the group,resource tuple and the version of the actual struct
is irrelevant. 5. We cannot easily change it. Because this type
is embedded in many locations, updates to this type will affect
numerous schemas. Don''t make new APIs embed an underspecified API
type they do not control. Instead of using this type, create a locally
provided and used type that is well-focused on your reference. For
example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
.'
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead of an
entire object, this string should contain a valid JSON/Go field
access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within
a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]"
(container with index 2 in this pod). This syntax is chosen only
to have some well-defined way of referencing a part of an object.
TODO: this design is not final and this field is subject to change
in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference is
made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
type: object
type: object
version: v1
versions:
- name: v1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

570
manifests/function/vino/upstream/crd/bases/bmh.yaml Normal file
View File

@ -0,0 +1,570 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
clusterctl.cluster.x-k8s.io: ""
name: baremetalhosts.metal3.io
spec:
additionalPrinterColumns:
- JSONPath: .status.operationalStatus
description: Operational status
name: Status
type: string
- JSONPath: .status.provisioning.state
description: Provisioning status
name: Provisioning Status
type: string
- JSONPath: .spec.consumerRef.name
description: Consumer using this host
name: Consumer
type: string
- JSONPath: .spec.bmc.address
description: Address of management controller
name: BMC
type: string
- JSONPath: .status.hardwareProfile
description: The type of hardware detected
name: Hardware Profile
type: string
- JSONPath: .spec.online
description: Whether the host is online or not
name: Online
type: string
- JSONPath: .status.errorMessage
description: Most recent error
name: Error
type: string
group: metal3.io
names:
kind: BareMetalHost
listKind: BareMetalHostList
plural: baremetalhosts
shortNames:
- bmh
- bmhost
singular: baremetalhost
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: BareMetalHost is the Schema for the baremetalhosts API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: BareMetalHostSpec defines the desired state of BareMetalHost
properties:
bmc:
description: How do we connect to the BMC?
properties:
address:
description: Address holds the URL for accessing the controller
on the network.
type: string
credentialsName:
description: The name of the secret containing the BMC credentials
(requires keys "username" and "password").
type: string
disableCertificateVerification:
description: DisableCertificateVerification disables verification
of server certificates when using HTTPS to connect to the BMC.
This is required when the server certificate is self-signed, but
is insecure because it allows a man-in-the-middle to intercept
the connection.
type: boolean
required:
- address
- credentialsName
type: object
bootMACAddress:
description: Which MAC address will PXE boot? This is optional for some
types, but required for libvirt VMs driven by vbmc.
pattern: '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}'
type: string
bootMode:
description: Select the method of initializing the hardware during boot.
enum:
- UEFI
- legacy
type: string
consumerRef:
description: ConsumerRef can be used to store information about something
that is using a host. When it is not empty, the host is considered
"in use".
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead of an
entire object, this string should contain a valid JSON/Go field
access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within
a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]"
(container with index 2 in this pod). This syntax is chosen only
to have some well-defined way of referencing a part of an object.
TODO: this design is not final and this field is subject to change
in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference is
made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
description:
description: Description is a human-entered text used to help identify
the host
type: string
externallyProvisioned:
description: ExternallyProvisioned means something else is managing
the image running on the host and the operator should only manage
the power status and hardware inventory inspection. If the Image field
is filled in, this field is ignored.
type: boolean
hardwareProfile:
description: What is the name of the hardware profile for this host?
It should only be necessary to set this when inspection cannot automatically
determine the profile.
type: string
image:
description: Image holds the details of the image to be provisioned.
properties:
checksum:
description: Checksum is the checksum for the image.
type: string
url:
description: URL is a location of an image to deploy.
type: string
required:
- checksum
- url
type: object
networkData:
description: NetworkData holds the reference to the Secret containing
content of network_data.json which is passed to Config Drive
properties:
name:
description: Name is unique within a namespace to reference a secret
resource.
type: string
namespace:
description: Namespace defines the space within which the secret
name must be unique.
type: string
type: object
online:
description: Should the server be online?
type: boolean
taints:
description: Taints is the full, authoritative list of taints to apply
to the corresponding Machine. This list will overwrite any modifications
made to the Machine on an ongoing basis.
items:
description: The node this Taint is attached to has the "effect" on
any pod that does not tolerate the Taint.
properties:
effect:
description: Required. The effect of the taint on pods that do
not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule
and NoExecute.
type: string
key:
description: Required. The taint key to be applied to a node.
type: string
timeAdded:
description: TimeAdded represents the time at which the taint
was added. It is only written for NoExecute taints.
format: date-time
type: string
value:
description: Required. The taint value corresponding to the taint
key.
type: string
required:
- effect
- key
type: object
type: array
userData:
description: UserData holds the reference to the Secret containing the
user data to be passed to the host before it boots.
properties:
name:
description: Name is unique within a namespace to reference a secret
resource.
type: string
namespace:
description: Namespace defines the space within which the secret
name must be unique.
type: string
type: object
required:
- online
type: object
status:
description: BareMetalHostStatus defines the observed state of BareMetalHost
properties:
errorMessage:
description: the last error message reported by the provisioning subsystem
type: string
errorType:
description: ErrorType indicates the type of failure encountered when
the OperationalStatus is OperationalStatusError
enum:
- registration error
- inspection error
- provisioning error
- power management error
type: string
goodCredentials:
description: the last credentials we were able to validate as working
properties:
credentials:
description: SecretReference represents a Secret Reference. It has
enough information to retrieve secret in any namespace
properties:
name:
description: Name is unique within a namespace to reference
a secret resource.
type: string
namespace:
description: Namespace defines the space within which the secret
name must be unique.
type: string
type: object
credentialsVersion:
type: string
type: object
hardware:
description: The hardware discovered to exist on the host.
properties:
cpu:
description: CPU describes one processor on the host.
properties:
arch:
type: string
clockMegahertz:
description: ClockSpeed is a clock speed in MHz
count:
type: integer
flags:
items:
type: string
type: array
model:
type: string
required:
- arch
- clockMegahertz
- count
- flags
- model
type: object
firmware:
description: Firmware describes the firmware on the host.
properties:
bios:
description: The BIOS for this firmware
properties:
date:
description: The release/build date for this BIOS
type: string
vendor:
description: The vendor name for this BIOS
type: string
version:
description: The version of the BIOS
type: string
required:
- date
- vendor
- version
type: object
required:
- bios
type: object
hostname:
type: string
nics:
items:
description: NIC describes one network interface on the host.
properties:
ip:
description: The IP address of the device
type: string
mac:
description: The device MAC addr
pattern: '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}'
type: string
model:
description: The name of the model, e.g. "virt-io"
type: string
name:
description: The name of the NIC, e.g. "nic-1"
type: string
pxe:
description: Whether the NIC is PXE Bootable
type: boolean
speedGbps:
description: The speed of the device
type: integer
vlanId:
description: The untagged VLAN ID
format: int32
type: integer
vlans:
description: The VLANs available
items:
description: VLAN represents the name and ID of a VLAN
properties:
id:
description: VLANID is a 12-bit 802.1Q VLAN identifier
format: int32
type: integer
name:
type: string
required:
- id
type: object
type: array
required:
- ip
- mac
- model
- name
- pxe
- speedGbps
- vlanId
type: object
type: array
ramMebibytes:
type: integer
storage:
items:
description: Storage describes one storage device (disk, SSD,
etc.) on the host.
properties:
hctl:
description: The SCSI location of the device
type: string
model:
description: Hardware model
type: string
name:
description: A name for the disk, e.g. "disk 1 (boot)"
type: string
rotational:
description: Whether this disk represents rotational storage
type: boolean
serialNumber:
description: The serial number of the device
type: string
sizeBytes:
description: The size of the disk in Bytes
format: int64
type: integer
vendor:
description: The name of the vendor of the device
type: string
wwn:
description: The WWN of the device
type: string
wwnVendorExtension:
description: The WWN Vendor extension of the device
type: string
wwnWithExtension:
description: The WWN with the extension
type: string
required:
- name
- rotational
- serialNumber
- sizeBytes
type: object
type: array
systemVendor:
description: HardwareSystemVendor stores details about the whole
hardware system.
properties:
manufacturer:
type: string
productName:
type: string
serialNumber:
type: string
required:
- manufacturer
- productName
- serialNumber
type: object
required:
- cpu
- firmware
- hostname
- nics
- ramMebibytes
- storage
- systemVendor
type: object
hardwareProfile:
description: The name of the profile matching the hardware details.
type: string
lastUpdated:
description: LastUpdated identifies when this status was last observed.
format: date-time
type: string
operationHistory:
description: OperationHistory holds information about operations performed
on this host.
properties:
deprovision:
description: OperationMetric contains metadata about an operation
(inspection, provisioning, etc.) used for tracking metrics.
properties:
end:
format: date-time
nullable: true
type: string
start:
format: date-time
nullable: true
type: string
type: object
inspect:
description: OperationMetric contains metadata about an operation
(inspection, provisioning, etc.) used for tracking metrics.
properties:
end:
format: date-time
nullable: true
type: string
start:
format: date-time
nullable: true
type: string
type: object
provision:
description: OperationMetric contains metadata about an operation
(inspection, provisioning, etc.) used for tracking metrics.
properties:
end:
format: date-time
nullable: true
type: string
start:
format: date-time
nullable: true
type: string
type: object
register:
description: OperationMetric contains metadata about an operation
(inspection, provisioning, etc.) used for tracking metrics.
properties:
end:
format: date-time
nullable: true
type: string
start:
format: date-time
nullable: true
type: string
type: object
type: object
operationalStatus:
description: OperationalStatus holds the status of the host
enum:
- ""
- OK
- discovered
- error
type: string
poweredOn:
description: indicator for whether or not the host is powered on
type: boolean
provisioning:
description: Information tracked by the provisioner.
properties:
ID:
description: The machine's UUID from the underlying provisioning
tool
type: string
image:
description: Image holds the details of the last image successfully
provisioned to the host.
properties:
checksum:
description: Checksum is the checksum for the image.
type: string
url:
description: URL is a location of an image to deploy.
type: string
required:
- checksum
- url
type: object
state:
description: An indiciator for what the provisioner is doing with
the host.
type: string
required:
- ID
- state
type: object
triedCredentials:
description: the last credentials we sent to the provisioning backend
properties:
credentials:
description: SecretReference represents a Secret Reference. It has
enough information to retrieve secret in any namespace
properties:
name:
description: Name is unique within a namespace to reference
a secret resource.
type: string
namespace:
description: Namespace defines the space within which the secret
name must be unique.
type: string
type: object
credentialsVersion:
type: string
type: object
required:
- errorMessage
- hardwareProfile
- operationHistory
- operationalStatus
- poweredOn
- provisioning
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true

25
manifests/function/vino/upstream/crd/kustomization.yaml Normal file
View File

@ -0,0 +1,25 @@
# This kustomization.yaml is not intended to be run by itself,
# since it depends on service name and namespace that are out of this kustomize package.
# It should be run by config/default
resources:
- bases/airship.airshipit.org_vinoes.yaml
- bases/airship.airshipit.org_ippools.yaml
- bases/bmh.yaml
# +kubebuilder:scaffold:crdkustomizeresource
patchesStrategicMerge:
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
# patches here are for enabling the conversion webhook for each CRD
#- patches/webhook_in_vinoes.yaml
#- patches/webhook_in_ippools.yaml
# +kubebuilder:scaffold:crdkustomizewebhookpatch
# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
# patches here are for enabling the CA injection for each CRD
#- patches/cainjection_in_vinoes.yaml
#- patches/cainjection_in_ippools.yaml
# +kubebuilder:scaffold:crdkustomizecainjectionpatch
# the following config is for teaching kustomize how to do kustomization for CRDs.
configurations:
- kustomizeconfig.yaml

15
manifests/function/vino/upstream/crd/kustomizeconfig.yaml Normal file
View File

@ -0,0 +1,15 @@
# This file is for teaching kustomize how to substitute name and namespace reference in CRD
nameReference:
- kind: Service
version: v1
fieldSpecs:
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhookClientConfig/service/name
namespace:
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhookClientConfig/service/namespace
create: false
varReference:
- path: metadata/annotations

8
manifests/function/vino/upstream/crd/patches/cainjection_in_ippools.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: ippools.airship.airshipit.org

8
manifests/function/vino/upstream/crd/patches/cainjection_in_vinoes.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: vinoes.airship.airshipit.org

17
manifests/function/vino/upstream/crd/patches/webhook_in_ippools.yaml Normal file
View File

@ -0,0 +1,17 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ippools.airship.airshipit.org
spec:
conversion:
strategy: Webhook
webhookClientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

17
manifests/function/vino/upstream/crd/patches/webhook_in_vinoes.yaml Normal file
View File

@ -0,0 +1,17 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: vinoes.airship.airshipit.org
spec:
conversion:
strategy: Webhook
webhookClientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

12
manifests/function/vino/upstream/default/Kptfile Normal file
View File

@ -0,0 +1,12 @@
apiVersion: kpt.dev/v1alpha1
kind: Kptfile
metadata:
name: upstream/default
upstream:
type: git
git:
commit: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3
repo: https://github.com/airshipit/vino
directory: config/default
ref: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3

70
manifests/function/vino/upstream/default/kustomization.yaml Normal file
View File

@ -0,0 +1,70 @@
# Adds namespace to all resources.
namespace: vino-system
# Value of this field is prepended to the
# names of all resources, e.g. a deployment named
# "wordpress" becomes "alices-wordpress".
# Note that it should also match with the prefix (text before '-') of the namespace
# field above.
namePrefix: vino-
# Labels to add to all resources and selectors.
#commonLabels:
# someName: someValue
bases:
- ../crd
- ../rbac
- ../manager
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
# crd/kustomization.yaml
#- ../webhook
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
#- ../certmanager
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
#- ../prometheus
patchesStrategicMerge:
# Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line.
- manager_auth_proxy_patch.yaml
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
# crd/kustomization.yaml
#- manager_webhook_patch.yaml
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
# 'CERTMANAGER' needs to be enabled to use ca injection
#- webhookcainjection_patch.yaml
# the following config is for teaching kustomize how to do var substitution
vars:
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
# objref:
# kind: Certificate
# group: cert-manager.io
# version: v1alpha2
# name: serving-cert # this name should match the one in certificate.yaml
# fieldref:
# fieldpath: metadata.namespace
#- name: CERTIFICATE_NAME
# objref:
# kind: Certificate
# group: cert-manager.io
# version: v1alpha2
# name: serving-cert # this name should match the one in certificate.yaml
#- name: SERVICE_NAMESPACE # namespace of the service
# objref:
# kind: Service
# version: v1
# name: webhook-service
# fieldref:
# fieldpath: metadata.namespace
#- name: SERVICE_NAME
# objref:
# kind: Service
# version: v1
# name: webhook-service

25
manifests/function/vino/upstream/default/manager_auth_proxy_patch.yaml Normal file
View File

@ -0,0 +1,25 @@
# This patch inject a sidecar container which is a HTTP proxy for the
# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: kube-rbac-proxy
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8443
name: https
- name: manager
args:
- "--metrics-addr=127.0.0.1:8080"
- "--enable-leader-election"

23
manifests/function/vino/upstream/default/manager_webhook_patch.yaml Normal file
View File

@ -0,0 +1,23 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
volumes:
- name: cert
secret:
defaultMode: 420
secretName: webhook-server-cert

15
manifests/function/vino/upstream/default/webhookcainjection_patch.yaml Normal file
View File

@ -0,0 +1,15 @@
# This patch add annotation to admission webhook config and
# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: mutating-webhook-configuration
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: validating-webhook-configuration
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)

19
manifests/function/vino/upstream/manager/Kptfile Normal file
View File

@ -0,0 +1,19 @@
apiVersion: kpt.dev/v1alpha1
kind: Kptfile
metadata:
name: upstream/manager
upstream:
type: git
git:
commit: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3
repo: https://github.com/airshipit/vino
directory: config/manager
ref: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3
openAPI:
definitions:
io.k8s.cli.setters.replicas:
x-k8s-cli:
setter:
name: replicas
value: "3"
isSet: true

86
manifests/function/vino/upstream/manager/daemonset-template.yaml Normal file
View File

@ -0,0 +1,86 @@
apiVersion: apps/v1
kind: DaemonSet
spec:
selector:
matchLabels:
vino-role: vino-builder
template:
metadata:
labels:
vino-role: vino-builder
spec:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
hostNetwork: true
hostPID: true
hostIPC: true
containers:
- name: libvirt
command:
- /tmp/libvirt.sh
image: quay.io/airshipit/libvirt
securityContext:
privileged: true
runAsUser: 0
readOnlyRootFilesystem: false
volumeMounts:
- mountPath: /lib/modules
name: libmodules
readOnly: true
- name: var-lib-libvirt
mountPath: /var/lib/libvirt
mountPropagation: Bidirectional
- name: var-lib-libvirt-images
mountPath: /var/lib/libvirt/images
- name: run
mountPath: /run
- name: dev
mountPath: /dev
- name: cgroup
mountPath: /sys/fs/cgroup
- name: logs
mountPath: /var/log/libvirt
- name: sushy
ports:
- containerPort: 8000
hostPort: 8000
image: quay.io/metal3-io/sushy-tools
imagePullPolicy: IfNotPresent
command: ["/usr/local/bin/sushy-emulator"]
volumeMounts:
- name: var-run-libvirt
mountPath: /var/run/libvirt
- name: labeler
image: quay.io/airshipit/nodelabeler
imagePullPolicy: IfNotPresent
env:
- name: NODE
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumes:
- name: libmodules
hostPath:
path: /lib/modules
- name: var-lib-libvirt
hostPath:
path: /var/lib/libvirt
- name: var-lib-libvirt-images
hostPath:
path: /var/lib/libvirt/images
- name: run
hostPath:
path: /run
- name: dev
hostPath:
path: /dev
- name: logs
hostPath:
path: /var/log/libvirt
- name: cgroup
hostPath:
path: /sys/fs/cgroup
- name: var-run-libvirt
hostPath:
path: /var/run/libvirt

34
manifests/function/vino/upstream/manager/inventory-template.yaml Normal file
View File

@ -0,0 +1,34 @@
# NOTE: auto-generated. Some fields should NOT be modified.
# Date: 2021-03-16 10:05:35 UTC
#
# Contains the "inventory object" template ConfigMap.
# When this object is applied, it is handled specially,
# storing the metadata of all the other objects applied.
# This object and its stored inventory is subsequently
# used to calculate the set of objects to automatically
# delete (prune), when an object is omitted from further
# applies. When applied, this "inventory object" is also
# used to identify the entire set of objects to delete.
#
# NOTE: The name of this inventory template file
# does NOT have any impact on group-related functionality
# such as deletion or pruning.
#
apiVersion: v1
kind: ConfigMap
metadata:
# DANGER: Do not change the inventory object namespace.
# Changing the namespace will cause a loss of continuity
# with previously applied grouped objects. Set deletion
# and pruning functionality will be impaired.
namespace: default
# NOTE: The name of the inventory object does NOT have
# any impact on group-related functionality such as
# deletion or pruning.
name: inventory-15862452
labels:
# DANGER: Do not change the value of this label.
# Changing this value will cause a loss of continuity
# with previously applied grouped objects. Set deletion
# and pruning functionality will be impaired.
cli-utils.sigs.k8s.io/inventory-id: 6e088520-63c2-4b5d-82ea-4f2cb089920f

9
manifests/function/vino/upstream/manager/kustomization.yaml Normal file
View File

@ -0,0 +1,9 @@
resources:
- manager.yaml
configMapGenerator:
- name: daemonset-template
options:
disableNameSuffixHash: true
files:
- template=daemonset-template.yaml

45
manifests/function/vino/upstream/manager/manager.yaml Normal file
View File

@ -0,0 +1,45 @@
apiVersion: v1
kind: Namespace
metadata:
labels:
control-plane: controller-manager
name: system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
labels:
control-plane: controller-manager
spec:
selector:
matchLabels:
control-plane: controller-manager
replicas: 1
template:
metadata:
labels:
control-plane: controller-manager
spec:
containers:
- command:
- /manager
args:
- --enable-leader-election
image: quay.io/airshipit/vino
imagePullPolicy: IfNotPresent
name: manager
resources:
limits:
cpu: 100m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
terminationGracePeriodSeconds: 10

12
manifests/function/vino/upstream/rbac/Kptfile Normal file
View File

@ -0,0 +1,12 @@
apiVersion: kpt.dev/v1alpha1
kind: Kptfile
metadata:
name: upstream/rbac
upstream:
type: git
git:
commit: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3
repo: https://github.com/airshipit/vino
directory: config/rbac
ref: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3

7
manifests/function/vino/upstream/rbac/auth_proxy_client_clusterrole.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: metrics-reader
rules:
- nonResourceURLs: ["/metrics"]
verbs: ["get"]

13
manifests/function/vino/upstream/rbac/auth_proxy_role.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: proxy-role
rules:
- apiGroups: ["authentication.k8s.io"]
resources:
- tokenreviews
verbs: ["create"]
- apiGroups: ["authorization.k8s.io"]
resources:
- subjectaccessreviews
verbs: ["create"]

12
manifests/function/vino/upstream/rbac/auth_proxy_role_binding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: proxy-role
subjects:
- kind: ServiceAccount
name: default
namespace: system

14
manifests/function/vino/upstream/rbac/auth_proxy_service.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
labels:
control-plane: controller-manager
name: controller-manager-metrics-service
namespace: system
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
control-plane: controller-manager

24
manifests/function/vino/upstream/rbac/ippool_editor_role.yaml Normal file
View File

@ -0,0 +1,24 @@
# permissions for end users to edit ippools.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ippool-editor-role
rules:
- apiGroups:
- airship.airshipit.org
resources:
- ippools
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- airship.airshipit.org
resources:
- ippools/status
verbs:
- get

20
manifests/function/vino/upstream/rbac/ippool_viewer_role.yaml Normal file
View File

@ -0,0 +1,20 @@
# permissions for end users to view ippools.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ippool-viewer-role
rules:
- apiGroups:
- airship.airshipit.org
resources:
- ippools
verbs:
- get
- list
- watch
- apiGroups:
- airship.airshipit.org
resources:
- ippools/status
verbs:
- get

16
manifests/function/vino/upstream/rbac/kustomization.yaml Normal file
View File

@ -0,0 +1,16 @@
resources:
- role.yaml
- role_binding.yaml
- leader_election_role.yaml
- leader_election_role_binding.yaml
- vino_daemonset_controller_role.yaml
- vino_daemonset_controller_role_binding.yaml
# Comment the following 4 lines if you want to disable
# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
# which protects your /metrics endpoint.
- auth_proxy_service.yaml
- auth_proxy_role.yaml
- auth_proxy_role_binding.yaml
- auth_proxy_client_clusterrole.yaml
- vino_manager_role.yaml
- vino_manager_role_binding.yaml

44
manifests/function/vino/upstream/rbac/leader_election_role.yaml Normal file
View File

@ -0,0 +1,44 @@
# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: leader-election-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- "coordination.k8s.io"
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete

12
manifests/function/vino/upstream/rbac/leader_election_role_binding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: leader-election-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: leader-election-role
subjects:
- kind: ServiceAccount
name: default
namespace: system

66
manifests/function/vino/upstream/rbac/role.yaml Normal file
View File

@ -0,0 +1,66 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: manager-role
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- airship.airshipit.org
resources:
- ippools
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- airship.airshipit.org
resources:
- vinoes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- airship.airshipit.org
resources:
- vinoes/status
verbs:
- get
- patch
- update

12
manifests/function/vino/upstream/rbac/role_binding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: manager-role
subjects:
- kind: ServiceAccount
name: default
namespace: system

63
manifests/function/vino/upstream/rbac/vino_daemonset_controller_role.yaml Normal file
View File

@ -0,0 +1,63 @@
# permissions for end users to edit vinoes.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: daemonset-controller-role
rules:
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- daemonsets/status
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- patch

12
manifests/function/vino/upstream/rbac/vino_daemonset_controller_role_binding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: daemonset-controller-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: daemonset-controller-role
subjects:
- kind: ServiceAccount
name: default
namespace: vino-system

24
manifests/function/vino/upstream/rbac/vino_editor_role.yaml Normal file
View File

@ -0,0 +1,24 @@
# permissions for end users to edit vinoes.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: vino-editor-role
rules:
- apiGroups:
- airship.airshipit.org
resources:
- vinoes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- airship.airshipit.org
resources:
- vinoes/status
verbs:
- get

47
manifests/function/vino/upstream/rbac/vino_manager_role.yaml Normal file
View File

@ -0,0 +1,47 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cluster-manager-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- watch
- list
- delete
- update
- apiGroups:
- airship.airshipit.org
resources:
- vinoes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- airship.airshipit.org
resources:
- vinoes/status
verbs:
- get
- patch
- update
- apiGroups:
- metal3.io
resources:
- baremetalhosts
verbs:
- create
- get
- list
- patch
- update

12
manifests/function/vino/upstream/rbac/vino_manager_role_binding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cluster-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-manager-role
subjects:
- kind: ServiceAccount
name: default
namespace: vino-system

20
manifests/function/vino/upstream/rbac/vino_viewer_role.yaml Normal file
View File

@ -0,0 +1,20 @@
# permissions for end users to view vinoes.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: vino-viewer-role
rules:
- apiGroups:
- airship.airshipit.org
resources:
- vinoes
verbs:
- get
- list
- watch
- apiGroups:
- airship.airshipit.org
resources:
- vinoes/status
verbs:
- get

2
manifests/site/virtual-network-cloud/target/workload/kustomization.yaml
View File

@ -4,4 +4,4 @@ resources:
transformers: transformers:
- ../../../../function/ingress/replacements - ../../../../function/ingress/replacements
- ../../../../function/sip/replacements - ../../../../function/sip/replacements
- ../../../../function/vino/replacements

1
manifests/type/multi-tenant/target/workload/kustomization.yaml
View File

@ -1,4 +1,5 @@
resources: resources:
- ../../../airship-core/target/workload - ../../../airship-core/target/workload
- ../../../../function/sip - ../../../../function/sip
- ../../../../function/vino
#- network-policy #- network-policy