airship
/
treasuremap
Code Issues Proposed changes

Update vino 

Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Change-Id: I907c2b86fea75446e3e4cb7af45404a7ce2d4881
This commit is contained in:
Andrii Ostapenko 2021-06-12 20:25:55 -05:00
parent c9847c4aaa
commit 68e0c7d8fc
No known key found for this signature in database
GPG Key ID: F3E83668DBB223B3
27 changed files with 618 additions and 473 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/function/treasuremap-base-catalogues/versions-treasuremap.yaml
View File

@ -110,9 +110,9 @@ spec:
sushy-tools: sushy-tools:
image: quay.io/metal3-io/sushy-tools:latest image: quay.io/metal3-io/sushy-tools:latest
manager: manager:
image: quay.io/airshipit/vino:6480ddc3ba98fba21fd692b8489adb0177abb8b5 image: quay.io/airshipit/vino:0e709c0d27b2052a5198f8d27d39bd25ed122dae
vino-builder: vino-builder:
image: quay.io/airshipit/vino-builder:6480ddc3ba98fba21fd692b8489adb0177abb8b5 image: quay.io/airshipit/vino-builder:0e709c0d27b2052a5198f8d27d39bd25ed122dae
nodelabeler: nodelabeler:
image: quay.io/airshipit/nodelabeler:latest image: quay.io/airshipit/nodelabeler:latest
synclabeller: synclabeller:

8
manifests/function/vino/Kptfile
View File

@ -5,19 +5,19 @@ dependencies:
git: git:
repo: "https://opendev.org/airship/vino" repo: "https://opendev.org/airship/vino"
directory: "config/crd" directory: "config/crd"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a" ref: "0e709c0d27b2052a5198f8d27d39bd25ed122dae"
- name: upstream/default - name: upstream/default
git: git:
repo: "https://opendev.org/airship/vino" repo: "https://opendev.org/airship/vino"
directory: "config/default" directory: "config/default"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a" ref: "0e709c0d27b2052a5198f8d27d39bd25ed122dae"
- name: upstream/manager - name: upstream/manager
git: git:
repo: "https://opendev.org/airship/vino" repo: "https://opendev.org/airship/vino"
directory: "config/manager" directory: "config/manager"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a" ref: "0e709c0d27b2052a5198f8d27d39bd25ed122dae"
- name: upstream/rbac - name: upstream/rbac
git: git:
repo: "https://opendev.org/airship/vino" repo: "https://opendev.org/airship/vino"
directory: "config/rbac" directory: "config/rbac"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a" ref: "0e709c0d27b2052a5198f8d27d39bd25ed122dae"

11
manifests/function/vino/upstream/crd/Kptfile
View File

@ -5,14 +5,7 @@ metadata:
upstream: upstream:
type: git type: git
git: git:
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a commit: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
repo: https://opendev.org/airship/vino repo: https://opendev.org/airship/vino
directory: config/crd directory: config/crd
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a ref: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
openAPI:
definitions:
io.k8s.cli.setters.replicas:
x-k8s-cli:
setter:
name: replicas
value: "3"

2
manifests/function/vino/upstream/crd/bases/airship.airshipit.org_ippools.yaml
View File

@ -1,3 +1,5 @@
---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:

33
manifests/function/vino/upstream/crd/bases/airship.airshipit.org_vinoes.yaml
View File

@ -1,3 +1,5 @@
---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
@ -88,6 +90,12 @@ spec:
items: items:
type: string type: string
type: array type: array
instanceSubnet:
type: string
libvirtTemplate:
description: LibvirtTemplate identifies which libvirt template
to be used to create a network
type: string
macPrefix: macPrefix:
description: MACPrefix defines the zero-padded MAC prefix to description: MACPrefix defines the zero-padded MAC prefix to
use for VM mac addresses, and is the first address that will use for VM mac addresses, and is the first address that will
@ -98,6 +106,10 @@ spec:
name: name:
description: Network Parameter defined description: Network Parameter defined
type: string type: string
physicalInterface:
description: PhysicalInterface identifies interface into which
to plug in libvirt network
type: string
routes: routes:
items: items:
description: VMRoutes defined description: VMRoutes defined
@ -146,9 +158,8 @@ spec:
k8s node, that are specified in vino.NodeLabelKeysToCopy k8s node, that are specified in vino.NodeLabelKeysToCopy
type: object type: object
bootInterfaceName: bootInterfaceName:
description: BootInterfaceName references the interface name description: BootInterfaceName interface name to use to boot
in the list of NetworkInterfaces Vino will take this interface virtual machines
find its mac address and use it as bootMACAddress for BMH
type: string type: string
count: count:
type: integer type: integer
@ -172,6 +183,10 @@ spec:
type: string type: string
type: object type: object
type: array type: array
enableVNC:
description: EnableVNC create VNC for graphical interaction
with the VM that will be created.
type: boolean
libvirtTemplate: libvirtTemplate:
description: NamespacedName to be used to spawn VMs description: NamespacedName to be used to spawn VMs
properties: properties:
@ -210,8 +225,20 @@ spec:
type: string type: string
type: object type: object
type: array type: array
rootDeviceName:
description: RootDeviceName is the root device for underlying
VM, /dev/vda for example default is /dev/vda
type: string
type: object type: object
type: array type: array
pxeBootImageHost:
description: PXEBootImageHost will be used to download the PXE boot
image
type: string
pxeBootImageHostPort:
description: PXEBootImageHostPort will be used to download the PXE
boot image
type: integer
vmBridge: vmBridge:
description: VMBridge defines the single interface name to be used description: VMBridge defines the single interface name to be used
as a bridge for VMs as a bridge for VMs

182
manifests/function/vino/upstream/crd/bases/bmh.yaml
View File

@ -6,42 +6,42 @@ metadata:
name: baremetalhosts.metal3.io name: baremetalhosts.metal3.io
spec: spec:
additionalPrinterColumns: additionalPrinterColumns:
- JSONPath: .status.operationalStatus - JSONPath: .status.operationalStatus
description: Operational status description: Operational status
name: Status name: Status
type: string type: string
- JSONPath: .status.provisioning.state - JSONPath: .status.provisioning.state
description: Provisioning status description: Provisioning status
name: Provisioning Status name: Provisioning Status
type: string type: string
- JSONPath: .spec.consumerRef.name - JSONPath: .spec.consumerRef.name
description: Consumer using this host description: Consumer using this host
name: Consumer name: Consumer
type: string type: string
- JSONPath: .spec.bmc.address - JSONPath: .spec.bmc.address
description: Address of management controller description: Address of management controller
name: BMC name: BMC
type: string type: string
- JSONPath: .status.hardwareProfile - JSONPath: .status.hardwareProfile
description: The type of hardware detected description: The type of hardware detected
name: Hardware Profile name: Hardware Profile
type: string type: string
- JSONPath: .spec.online - JSONPath: .spec.online
description: Whether the host is online or not description: Whether the host is online or not
name: Online name: Online
type: string type: string
- JSONPath: .status.errorMessage - JSONPath: .status.errorMessage
description: Most recent error description: Most recent error
name: Error name: Error
type: string type: string
group: metal3.io group: metal3.io
names: names:
kind: BareMetalHost kind: BareMetalHost
listKind: BareMetalHostList listKind: BareMetalHostList
plural: baremetalhosts plural: baremetalhosts
shortNames: shortNames:
- bmh - bmh
- bmhost - bmhost
singular: baremetalhost singular: baremetalhost
scope: Namespaced scope: Namespaced
subresources: subresources:
@ -84,8 +84,8 @@ spec:
the connection. the connection.
type: boolean type: boolean
required: required:
- address - address
- credentialsName - credentialsName
type: object type: object
bootMACAddress: bootMACAddress:
description: Which MAC address will PXE boot? This is optional for some description: Which MAC address will PXE boot? This is optional for some
@ -95,8 +95,8 @@ spec:
bootMode: bootMode:
description: Select the method of initializing the hardware during boot. description: Select the method of initializing the hardware during boot.
enum: enum:
- UEFI - UEFI
- legacy - legacy
type: string type: string
consumerRef: consumerRef:
description: ConsumerRef can be used to store information about something description: ConsumerRef can be used to store information about something
@ -161,8 +161,8 @@ spec:
description: URL is a location of an image to deploy. description: URL is a location of an image to deploy.
type: string type: string
required: required:
- checksum - checksum
- url - url
type: object type: object
networkData: networkData:
description: NetworkData holds the reference to the Secret containing description: NetworkData holds the reference to the Secret containing
@ -206,8 +206,8 @@ spec:
key. key.
type: string type: string
required: required:
- effect - effect
- key - key
type: object type: object
type: array type: array
userData: userData:
@ -224,7 +224,7 @@ spec:
type: string type: string
type: object type: object
required: required:
- online - online
type: object type: object
status: status:
description: BareMetalHostStatus defines the observed state of BareMetalHost description: BareMetalHostStatus defines the observed state of BareMetalHost
@ -236,10 +236,10 @@ spec:
description: ErrorType indicates the type of failure encountered when description: ErrorType indicates the type of failure encountered when
the OperationalStatus is OperationalStatusError the OperationalStatus is OperationalStatusError
enum: enum:
- registration error - registration error
- inspection error - inspection error
- provisioning error - provisioning error
- power management error - power management error
type: string type: string
goodCredentials: goodCredentials:
description: the last credentials we were able to validate as working description: the last credentials we were able to validate as working
@ -279,11 +279,11 @@ spec:
model: model:
type: string type: string
required: required:
- arch - arch
- clockMegahertz - clockMegahertz
- count - count
- flags - flags
- model - model
type: object type: object
firmware: firmware:
description: Firmware describes the firmware on the host. description: Firmware describes the firmware on the host.
@ -301,12 +301,12 @@ spec:
description: The version of the BIOS description: The version of the BIOS
type: string type: string
required: required:
- date - date
- vendor - vendor
- version - version
type: object type: object
required: required:
- bios - bios
type: object type: object
hostname: hostname:
type: string type: string
@ -349,17 +349,17 @@ spec:
name: name:
type: string type: string
required: required:
- id - id
type: object type: object
type: array type: array
required: required:
- ip - ip
- mac - mac
- model - model
- name - name
- pxe - pxe
- speedGbps - speedGbps
- vlanId - vlanId
type: object type: object
type: array type: array
ramMebibytes: ramMebibytes:
@ -401,10 +401,10 @@ spec:
description: The WWN with the extension description: The WWN with the extension
type: string type: string
required: required:
- name - name
- rotational - rotational
- serialNumber - serialNumber
- sizeBytes - sizeBytes
type: object type: object
type: array type: array
systemVendor: systemVendor:
@ -418,18 +418,18 @@ spec:
serialNumber: serialNumber:
type: string type: string
required: required:
- manufacturer - manufacturer
- productName - productName
- serialNumber - serialNumber
type: object type: object
required: required:
- cpu - cpu
- firmware - firmware
- hostname - hostname
- nics - nics
- ramMebibytes - ramMebibytes
- storage - storage
- systemVendor - systemVendor
type: object type: object
hardwareProfile: hardwareProfile:
description: The name of the profile matching the hardware details. description: The name of the profile matching the hardware details.
@ -498,10 +498,10 @@ spec:
operationalStatus: operationalStatus:
description: OperationalStatus holds the status of the host description: OperationalStatus holds the status of the host
enum: enum:
- "" - ""
- OK - OK
- discovered - discovered
- error - error
type: string type: string
poweredOn: poweredOn:
description: indicator for whether or not the host is powered on description: indicator for whether or not the host is powered on
@ -524,16 +524,16 @@ spec:
description: URL is a location of an image to deploy. description: URL is a location of an image to deploy.
type: string type: string
required: required:
- checksum - checksum
- url - url
type: object type: object
state: state:
description: An indiciator for what the provisioner is doing with description: An indiciator for what the provisioner is doing with
the host. the host.
type: string type: string
required: required:
- ID - ID
- state - state
type: object type: object
triedCredentials: triedCredentials:
description: the last credentials we sent to the provisioning backend description: the last credentials we sent to the provisioning backend
@ -555,16 +555,16 @@ spec:
type: string type: string
type: object type: object
required: required:
- errorMessage - errorMessage
- hardwareProfile - hardwareProfile
- operationHistory - operationHistory
- operationalStatus - operationalStatus
- poweredOn - poweredOn
- provisioning - provisioning
type: object type: object
type: object type: object
version: v1alpha1 version: v1alpha1
versions: versions:
- name: v1alpha1 - name: v1alpha1
served: true served: true
storage: true storage: true

7
manifests/function/vino/upstream/crd/kustomization.yaml
View File

@ -7,6 +7,13 @@ resources:
- bases/bmh.yaml - bases/bmh.yaml
# +kubebuilder:scaffold:crdkustomizeresource # +kubebuilder:scaffold:crdkustomizeresource
patchesStrategicMerge:
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
# patches here are for enabling the conversion webhook for each CRD
#- patches/webhook_in_vinoes.yaml
#- patches/webhook_in_ippools.yaml
# +kubebuilder:scaffold:crdkustomizewebhookpatch
# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
# patches here are for enabling the CA injection for each CRD # patches here are for enabling the CA injection for each CRD
#- patches/cainjection_in_vinoes.yaml #- patches/cainjection_in_vinoes.yaml

2
manifests/function/vino/upstream/crd/kustomizeconfig.yaml
View File

@ -6,10 +6,12 @@ nameReference:
- kind: CustomResourceDefinition - kind: CustomResourceDefinition
group: apiextensions.k8s.io group: apiextensions.k8s.io
path: spec/conversion/webhookClientConfig/service/name path: spec/conversion/webhookClientConfig/service/name
namespace: namespace:
- kind: CustomResourceDefinition - kind: CustomResourceDefinition
group: apiextensions.k8s.io group: apiextensions.k8s.io
path: spec/conversion/webhookClientConfig/service/namespace path: spec/conversion/webhookClientConfig/service/namespace
create: false create: false
varReference: varReference:
- path: metadata/annotations - path: metadata/annotations

4
manifests/function/vino/upstream/default/Kptfile
View File

@ -5,7 +5,7 @@ metadata:
upstream: upstream:
type: git type: git
git: git:
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a commit: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
repo: https://opendev.org/airship/vino repo: https://opendev.org/airship/vino
directory: config/default directory: config/default
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a ref: 0e709c0d27b2052a5198f8d27d39bd25ed122dae

48
manifests/function/vino/upstream/default/kustomization.yaml
View File

@ -1,14 +1,17 @@
# Adds namespace to all resources. # Adds namespace to all resources.
namespace: vino-system namespace: vino-system
# Value of this field is prepended to the # Value of this field is prepended to the
# names of all resources, e.g. a deployment named # names of all resources, e.g. a deployment named
# "wordpress" becomes "alices-wordpress". # "wordpress" becomes "alices-wordpress".
# Note that it should also match with the prefix (text before '-') of the namespace # Note that it should also match with the prefix (text before '-') of the namespace
# field above. # field above.
namePrefix: vino- namePrefix: vino-
# Labels to add to all resources and selectors. # Labels to add to all resources and selectors.
#commonLabels: #commonLabels:
# someName: someValue # someName: someValue
bases: bases:
- ../crd - ../crd
- ../rbac - ../rbac
@ -22,7 +25,46 @@ bases:
#- ../prometheus #- ../prometheus
patchesStrategicMerge: patchesStrategicMerge:
# Protect the /metrics endpoint by putting it behind auth. # Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics # If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line. # endpoint w/o any authn/z, please comment the following line.
- manager_auth_proxy_patch.yaml - manager_auth_proxy_patch.yaml
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
# crd/kustomization.yaml
#- manager_webhook_patch.yaml
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
# 'CERTMANAGER' needs to be enabled to use ca injection
#- webhookcainjection_patch.yaml
# the following config is for teaching kustomize how to do var substitution
vars:
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
# objref:
# kind: Certificate
# group: cert-manager.io
# version: v1alpha2
# name: serving-cert # this name should match the one in certificate.yaml
# fieldref:
# fieldpath: metadata.namespace
#- name: CERTIFICATE_NAME
# objref:
# kind: Certificate
# group: cert-manager.io
# version: v1alpha2
# name: serving-cert # this name should match the one in certificate.yaml
#- name: SERVICE_NAMESPACE # namespace of the service
# objref:
# kind: Service
# version: v1
# name: webhook-service
# fieldref:
# fieldpath: metadata.namespace
#- name: SERVICE_NAME
# objref:
# kind: Service
# version: v1
# name: webhook-service

12
manifests/function/vino/upstream/manager/Kptfile
View File

@ -5,15 +5,7 @@ metadata:
upstream: upstream:
type: git type: git
git: git:
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a commit: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
repo: https://opendev.org/airship/vino repo: https://opendev.org/airship/vino
directory: config/manager directory: config/manager
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a ref: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
openAPI:
definitions:
io.k8s.cli.setters.replicas:
x-k8s-cli:
setter:
isSet: true
name: replicas
value: "3"

70
manifests/function/vino/upstream/manager/create_tls_cert.sh Executable file
View File

@ -0,0 +1,70 @@
#!/bin/bash
set -xe
set -o pipefail
echo "Target directory location = $1"
# check if certificates are already present
# TBD should validity of existing certs be checked.
if [ -f $1/ca-cert.pem ] && [ -f $1/server-cert.pem ] && [ -f $1/server-key.pem ]
then
echo "ca-cert.pem, server-cert.pem and server-key.pem already present"
exit 0
else
# create a temp dir
TMP=$(mktemp -d)
cd ${TMP}
# create ca certificate
echo ' cn = airshipit.org
ca
cert_signing_key' > ca-template.info
(umask 277 && certtool --generate-privkey > ca-key.pem)
certtool --generate-self-signed \
--template ca-template.info \
--load-privkey ca-key.pem \
--outfile ca-cert.pem
rm ca-template.info
echo ' organization = airshipit.org
cn = server
tls_www_server
encryption_key
signing_key' > server-template.info
(umask 277 && certtool --generate-privkey > server-key.pem)
# create server certificate
certtool --generate-certificate \
--template server-template.info \
--load-privkey server-key.pem \
--load-ca-certificate ca-cert.pem \
--load-ca-privkey ca-key.pem \
--outfile server-cert.pem
rm server-template.info
# copy the required certs in the target location
echo "Copy the required certs to target location : $1"
cp *.pem $1
#echo ' country = Country
# state = State
# locality = City
# organization = Name of your organization
# cn = Client Host Name
# tls_www_client
# encryption_key
# signing_key' > client-template.info
#(umask 277 && certtool --generate-privkey > client-key.pem)
#certtool --generate-certificate
# --template client-template.info
# --load-privkey client-key.pem
# --load-ca-certificate ca-cert.pem
# --load-ca-privkey ca_key.pem
# --outfile client-cert.pem
fi
exit 0

413
manifests/function/vino/upstream/manager/daemonset-template.yaml
View File

@ -15,199 +15,224 @@ spec:
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
hostIPC: true hostIPC: true
initContainers:
- name: create-libvirt-vnc-certs
image: quay.io/airshipit/gnu-tls:latest-minideb
imagePullPolicy: IfNotPresent
command: ["/usr/local/bin/create_tls_cert.sh"]
args: [ "/etc/pki/libvirt-vnc"]
volumeMounts:
- name: etc-pki-libvirt-vnc
mountPath: "/etc/pki/libvirt-vnc"
- name: usr-local-bin
mountPath: "/usr/local/bin"
containers: containers:
- name: libvirt - name: libvirt
command: command:
- /tmp/libvirt.sh - /tmp/libvirt.sh
image: quay.io/airshipit/libvirt:latest-ubuntu_bionic image: quay.io/airshipit/libvirt:latest-ubuntu_bionic
securityContext: securityContext:
privileged: true privileged: true
runAsUser: 0 runAsUser: 0
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
volumeMounts: volumeMounts:
- mountPath: /lib/modules - mountPath: /lib/modules
name: libmodules name: libmodules
readOnly: true readOnly: true
- name: var-lib-libvirt - name: var-lib-libvirt
mountPath: /var/lib/libvirt mountPath: /var/lib/libvirt
mountPropagation: Bidirectional mountPropagation: Bidirectional
- name: run - name: run
mountPath: /run mountPath: /run
- name: dev - name: dev
mountPath: /dev mountPath: /dev
- name: cgroup - name: cgroup
mountPath: /sys/fs/cgroup mountPath: /sys/fs/cgroup
- name: logs - name: logs
mountPath: /var/log/libvirt mountPath: /var/log/libvirt
- mountPath: /var/lib/libvirt/vino-pool - name: var-lib-vino-pool
name: var-lib-vino-pool mountPath: /var/lib/libvirt/vino-pool
- mountPath: /etc/libvirt/qemu - name: etc-qemu
name: etc-qemu mountPath: /etc/libvirt/qemu
- mountPath: /etc/libvirt/nwfilter - name: etc-nwfilter
name: etc-nwfilter mountPath: /etc/libvirt/nwfilter
- mountPath: /etc/libvirt/hooks - name: etc-hooks
name: etc-hooks mountPath: /etc/libvirt/hooks
- mountPath: /etc/libvirt/storage - name: etc-storage
name: etc-storage mountPath: /etc/libvirt/storage
- mountPath: /var/lib/vino - name: var-lib-vino
name: var-lib-vino mountPath: /var/lib/vino
- name: sushy - name: etc-libvirt
image: quay.io/metal3-io/sushy-tools mountPath: /etc/libvirt
imagePullPolicy: IfNotPresent - name: etc-pki-libvirt-vnc
command: ["/usr/local/bin/sushy-emulator", "-i", "::", "--debug", "--port", mountPath: /etc/pki/libvirt-vnc
"8000"]
volumeMounts: - name: sushy
- name: var-run-libvirt image: quay.io/metal3-io/sushy-tools
mountPath: /var/run/libvirt imagePullPolicy: IfNotPresent
- mountPath: /var/lib/libvirt command: ["/usr/local/bin/sushy-emulator", "-i", "::", "--debug", "--port", "8000"]
name: var-lib-libvirt volumeMounts:
livenessProbe: - name: var-run-libvirt
httpGet: mountPath: /var/run/libvirt
host: 127.0.0.1 - name: var-lib-libvirt
path: /redfish/v1/Systems mountPath: /var/lib/libvirt
port: 8000 readinessProbe:
initialDelaySeconds: 10 httpGet:
periodSeconds: 20 path: /redfish/v1/Systems
readinessProbe: host: 127.0.0.1
httpGet: port: 8000
host: 127.0.0.1 initialDelaySeconds: 5
path: /redfish/v1/Systems periodSeconds: 10
port: 8000 livenessProbe:
initialDelaySeconds: 5 httpGet:
periodSeconds: 10 path: /redfish/v1/Systems
# - name: vino-reverse-proxy host: 127.0.0.1
# image: quay.io/airshipit/vino-reverse-proxy port: 8000
# ports: initialDelaySeconds: 10
# - containerPort: 8000 periodSeconds: 20
# hostPort: 8000 # - name: vino-reverse-proxy
# readinessProbe: # image: quay.io/airshipit/vino-reverse-proxy
# tcpSocket: # ports:
# port: 8000 # - containerPort: 8000
# host: 127.0.0.1 # hostPort: 8000
# initialDelaySeconds: 10 # readinessProbe:
# periodSeconds: 5 # tcpSocket:
# livenessProbe: # port: 8000
# tcpSocket: # host: 127.0.0.1
# port: 8000 # initialDelaySeconds: 10
# host: 127.0.0.1 # periodSeconds: 5
# initialDelaySeconds: 30 # livenessProbe:
# periodSeconds: 30 # tcpSocket:
- name: labeler # port: 8000
image: quay.io/airshipit/nodelabeler # host: 127.0.0.1
imagePullPolicy: IfNotPresent # initialDelaySeconds: 30
env: # periodSeconds: 30
- name: NODE - name: labeler
valueFrom: image: quay.io/airshipit/nodelabeler
fieldRef: imagePullPolicy: IfNotPresent
fieldPath: spec.nodeName env:
- image: quay.io/airshipit/vino-builder - name: NODE
imagePullPolicy: IfNotPresent valueFrom:
name: vino-builder fieldRef:
ports: fieldPath: spec.nodeName
- containerPort: 8001 - name: vino-builder
hostPort: 8001 readinessProbe:
readinessProbe: initialDelaySeconds: 20
exec: periodSeconds: 5
command: exec:
- cat command:
- /tmp/healthy - cat
initialDelaySeconds: 20 - /tmp/healthy
periodSeconds: 5 securityContext:
securityContext: privileged: true
privileged: true runAsUser: 0
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
runAsUser: 0 ports:
volumeMounts: - containerPort: 8001
- mountPath: /var/lib/vino-builder/flavors hostPort: 8001
name: flavors image: quay.io/airshipit/vino-builder
- mountPath: /var/lib/vino-builder/flavor-templates imagePullPolicy: IfNotPresent
name: flavor-templates volumeMounts:
- mountPath: /var/lib/vino-builder/network-templates - name: flavors
name: network-templates mountPath: /var/lib/vino-builder/flavors
- mountPath: /var/lib/vino-builder/storage-templates - name: flavor-templates
name: storage-templates mountPath: /var/lib/vino-builder/flavor-templates
- mountPath: /tmp - name: network-templates
name: pod-tmp mountPath: /var/lib/vino-builder/network-templates
- mountPath: /lib/modules - name: storage-templates
name: libmodules mountPath: /var/lib/vino-builder/storage-templates
readOnly: true - name: pod-tmp
- mountPath: /var/lib/libvirt mountPath: /tmp
name: var-lib-libvirt - mountPath: /lib/modules
- mountPath: /var/run/libvirt name: libmodules
name: var-run-libvirt readOnly: true
- mountPath: /var/lib/libvirt/vino-pool - name: var-lib-libvirt
name: var-lib-vino-pool mountPath: /var/lib/libvirt
- mountPath: /run - name: var-run-libvirt
name: run mountPath: /var/run/libvirt
- mountPath: /dev - name: var-lib-vino-pool
name: dev mountPath: /var/lib/libvirt/vino-pool
- mountPath: /sys/fs/cgroup - name: run
name: cgroup mountPath: /run
- mountPath: /var/log/libvirt - name: dev
name: logs mountPath: /dev
- name: cgroup
mountPath: /sys/fs/cgroup
- name: logs
mountPath: /var/log/libvirt
volumes: volumes:
- name: libmodules - name: libmodules
hostPath: hostPath:
path: /lib/modules path: /lib/modules
- name: var-lib-libvirt - name: var-lib-libvirt
hostPath: hostPath:
path: /var/lib/libvirt path: /var/lib/libvirt
- hostPath: {} - name: run
name: var-lib-libvirt-images hostPath:
- name: run path: /run
hostPath: - name: dev
path: /run hostPath:
- name: dev path: /dev
hostPath: - name: logs
path: /dev hostPath:
- name: logs path: /var/log/libvirt
hostPath: - name: cgroup
path: /var/log/libvirt hostPath:
- name: cgroup path: /sys/fs/cgroup
hostPath: - name: var-run-libvirt
path: /sys/fs/cgroup hostPath:
- name: var-run-libvirt path: /var/run/libvirt
hostPath: - name: flavors
path: /var/run/libvirt configMap:
- configMap: name: vino-flavors
defaultMode: 0555 defaultMode: 0555
name: vino-flavors - name: flavor-templates
name: flavors configMap:
- configMap: name: vino-flavor-templates
defaultMode: 0555 defaultMode: 0555
name: vino-flavor-templates - name: network-templates
name: flavor-templates configMap:
- configMap: name: vino-network-templates
defaultMode: 0555 defaultMode: 0555
name: vino-network-templates - name: storage-templates
name: network-templates configMap:
- configMap: name: vino-storage-templates
defaultMode: 0555 defaultMode: 0555
name: vino-storage-templates - name: pod-tmp
name: storage-templates emptyDir: {}
- emptyDir: {} - name: var-lib-vino-pool
name: pod-tmp hostPath:
- hostPath: path: /var/lib/vino-pool
path: /var/lib/vino-pool type: DirectoryOrCreate
type: DirectoryOrCreate - name: etc-qemu
name: var-lib-vino-pool hostPath:
- hostPath: path: /etc/vino-qemu
path: /etc/vino-qemu type: DirectoryOrCreate
type: DirectoryOrCreate - name: etc-storage
name: etc-qemu hostPath:
- hostPath: path: /etc/vino-storage
path: /etc/vino-storage type: DirectoryOrCreate
type: DirectoryOrCreate - name: etc-nwfilter
name: etc-storage hostPath:
- hostPath: path: /etc/vino-nwfilter
path: /etc/vino-nwfilter type: DirectoryOrCreate
type: DirectoryOrCreate - name: etc-hooks
name: etc-nwfilter hostPath:
- hostPath: path: /etc/vino-hooks
path: /etc/vino-hooks type: DirectoryOrCreate
type: DirectoryOrCreate - name: var-lib-vino
name: etc-hooks hostPath:
- hostPath: path: /var/lib/vino
path: /var/lib/vino type: DirectoryOrCreate
type: DirectoryOrCreate - name: etc-libvirt
name: var-lib-vino configMap:
name: vino-libvirt-qemu-conf
defaultMode: 0555
- name: etc-pki-libvirt-vnc
hostPath:
path: /etc/pki/libvirt-vnc
- name: usr-local-bin
configMap:
name: vino-create-libvirt-vnc-cert
defaultMode: 0777

74
manifests/function/vino/upstream/manager/flavor-templates.yaml
View File

@ -1,18 +1,16 @@
flavorTemplates: flavorTemplates:
master: master:
domainTemplate: | domainTemplate: |
{% set nodename = 'master-' + item|string %} {% if domain is defined %}
{% if domains[nodename] is defined %}
{% set domain = domains[nodename] %}
<domain type="kvm"> <domain type="kvm">
<name>{{ nodename }}</name> <name>{{ domain.name }}</name>
<uuid>{{ nodename | hash('md5') }}</uuid> <uuid>{{ domain.name | hash('md5') }}</uuid>
<metadata> <metadata>
<vino:flavor>master</vino:flavor> <vino:flavor>master</vino:flavor>
<vino:creationTime>{{ ansible_date_time.date }}</vino:creationTime> <vino:creationTime>{{ ansible_date_time.date }}</vino:creationTime>
</metadata> </metadata>
<memory unit="GiB">{{ flavors.master.memory }}</memory> <memory unit="GiB">{{ flavors.master.memory }}</memory>
{% if flavors.worker.hugepages is defined and flavors.worker.hugepages == true %} {% if flavors.master.hugepages is defined and flavors.master.hugepages == true %}
<memoryBacking> <memoryBacking>
<hugepages> <hugepages>
<page size='1' unit='GiB' /> <page size='1' unit='GiB' />
@ -20,14 +18,14 @@ flavorTemplates:
</memoryBacking> </memoryBacking>
{% endif %} {% endif %}
<vcpu placement="static">{{ flavors.master.vcpus }}</vcpu> <vcpu placement="static">{{ flavors.master.vcpus }}</vcpu>
{% if node_core_map[nodename] is defined %} {% if domain.name in node_core_map %}
# function to produce list of cpus, in same numa (controled by bool), state will need to be tracked via file on hypervisor host. gotpl psudo: # function to produce list of cpus, in same numa (controled by bool), state will need to be tracked via file on hypervisor host. gotpl psudo:
<cputune> <cputune>
<shares>8192</shares> <shares>8192</shares>
{% for core in node_core_map[nodename] %} {% for core in node_core_map[domain.name] %}
<vcpupin vcpu="{{ loop.index0 }}" cpuset="{{ core }}"/> <vcpupin vcpu="{{ loop.index0 }}" cpuset="{{ core }}"/>
{% endfor %} {% endfor %}
<emulatorpin cpuset="{{ node_core_map[nodename]|join(',') }}"/> <emulatorpin cpuset="{{ node_core_map[domain.name]|join(',') }}"/>
</cputune> </cputune>
{% endif %} {% endif %}
<resource> <resource>
@ -56,7 +54,7 @@ flavorTemplates:
# for each disk requested # for each disk requested
<disk type='volume' device='disk'> <disk type='volume' device='disk'>
<driver name="qemu" type="qcow2" cache="none" discard="unmap"/> <driver name="qemu" type="qcow2" cache="none" discard="unmap"/>
<source pool='vino-default' volume='{{ nodename }}'/> <source pool='vino-default' volume='{{ domain.name }}'/>
<target dev='vde' bus='virtio'/> <target dev='vde' bus='virtio'/>
</disk> </disk>
@ -71,26 +69,26 @@ flavorTemplates:
</controller> </controller>
# for each interface defined in vino, e.g. # for each interface defined in vino, e.g.
{% for if_name, if_values in domain.interfaces.items() %} {% for interface in domain.interfaces %}
<interface type='bridge'> <interface type='{{ interface.type }}'>
<mac address='{{ if_values.macAddress }}'/> <mac address='{{ interface.macAddress }}'/>
<source bridge='{{ if_name }}'/> <source {{ interface.type }}='{{ interface.network }}'/>
<model type='virtio'/> <model type='virtio'/>
</interface> </interface>
{% endfor %} {% endfor %}
<serial type='file'> <serial type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/> <source path='/var/lib/libvirt/{{ domain.name }}-console.log'/>
</serial> </serial>
<serial type='pty'/> <serial type='pty'/>
<console type='file'> <console type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/> <source path='/var/lib/libvirt/{{ domain.name }}-console.log'/>
<target type='serial'/> <target type='serial'/>
</console> </console>
{% if domain.enable_vnc | default(false) %} {% if domain.enableVNC | default(false) %}
<graphics type='vnc' autoport='yes' listen='0.0.0.0'> <graphics type='vnc' autoport='yes' passwd='{{ domain.vncPassword }}' listen='0.0.0.0'>
<listen type='address' address='0.0.0.0'/> <listen type='address' address='0.0.0.0'/>
</graphics> </graphics>
{% endif %} {% endif %}
@ -107,9 +105,8 @@ flavorTemplates:
</domain> </domain>
{% endif %} {% endif %}
volumeTemplate: | volumeTemplate: |
{% set nodename = 'master-' + item|string %}
<volume> <volume>
<name>{{ nodename }}</name> <name>{{ domain.name }}</name>
<allocation>0</allocation> <allocation>0</allocation>
<capacity unit='G'>{{ flavors.master.rootSize }}</capacity> <capacity unit='G'>{{ flavors.master.rootSize }}</capacity>
<target> <target>
@ -118,12 +115,10 @@ flavorTemplates:
</volume> </volume>
worker: worker:
domainTemplate: | domainTemplate: |
{% set nodename = 'worker-' + item|string %} {% if domain is defined %}
{% if domains[nodename] is defined %}
{% set domain = domains[nodename] %}
<domain type="kvm"> <domain type="kvm">
<name>{{ nodename }}</name> <name>{{ domain.name }}</name>
<uuid>{{ nodename | hash('md5') }}</uuid> <uuid>{{ domain.name | hash('md5') }}</uuid>
<metadata> <metadata>
<vino:flavor>worker</vino:flavor> <vino:flavor>worker</vino:flavor>
<vino:creationTime>{{ ansible_date_time.date }}</vino:creationTime> <vino:creationTime>{{ ansible_date_time.date }}</vino:creationTime>
@ -137,14 +132,14 @@ flavorTemplates:
</memoryBacking> </memoryBacking>
{% endif %} {% endif %}
<vcpu placement="static">{{ flavors.worker.vcpus }}</vcpu> <vcpu placement="static">{{ flavors.worker.vcpus }}</vcpu>
{% if node_core_map[nodename] is defined %} {% if domain.name in node_core_map %}
# function to produce list of cpus, in same numa (controled by bool), state will need to be tracked via file on hypervisor host. gotpl psudo: # function to produce list of cpus, in same numa (controled by bool), state will need to be tracked via file on hypervisor host. gotpl psudo:
<cputune> <cputune>
<shares>8192</shares> <shares>8192</shares>
{% for core in node_core_map[nodename] %} {% for core in node_core_map[domain.name] %}
<vcpupin vcpu="{{ loop.index0 }}" cpuset="{{ core }}"/> <vcpupin vcpu="{{ loop.index0 }}" cpuset="{{ core }}"/>
{% endfor %} {% endfor %}
<emulatorpin cpuset="{{ node_core_map[nodename]|join(',') }}"/> <emulatorpin cpuset="{{ node_core_map[domain.name]|join(',') }}"/>
</cputune> </cputune>
{% endif %} {% endif %}
<resource> <resource>
@ -173,7 +168,7 @@ flavorTemplates:
# for each disk requested # for each disk requested
<disk type='volume' device='disk'> <disk type='volume' device='disk'>
<driver name="qemu" type="qcow2" cache="none" discard="unmap"/> <driver name="qemu" type="qcow2" cache="none" discard="unmap"/>
<source pool='vino-default' volume='{{ nodename }}'/> <source pool='vino-default' volume='{{ domain.name }}'/>
<target dev='vde' bus='virtio'/> <target dev='vde' bus='virtio'/>
</disk> </disk>
@ -187,25 +182,31 @@ flavorTemplates:
<alias name="ide"/> <alias name="ide"/>
</controller> </controller>
{% for if_name, if_values in domain.interfaces.items() %} <interface type='network'>
<source network='pxe'/>
<model type='virtio'/>
</interface>
# for each interface defined in vino, e.g.
{% for interface in domain.interfaces %}
<interface type='bridge'> <interface type='bridge'>
<mac address='{{ if_values.macAddress }}'/> <mac address='{{ interface.macAddress }}'/>
<source bridge='{{ if_name }}'/> <source bridge='{{ interface.network }}'/>
<model type='virtio'/> <model type='virtio'/>
</interface> </interface>
{% endfor %} {% endfor %}
<serial type='file'> <serial type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/> <source path='/var/lib/libvirt/{{ domain.name }}-console.log'/>
</serial> </serial>
<serial type='pty'/> <serial type='pty'/>
<console type='file'> <console type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/> <source path='/var/lib/libvirt/{{ domain.name }}-console.log'/>
<target type='serial'/> <target type='serial'/>
</console> </console>
{% if domain.enable_vnc | default(false) %} {% if domain.enableVNC | default(false) %}
<graphics type='vnc' autoport='yes' listen='0.0.0.0'> <graphics type='vnc' autoport='yes' listen='0.0.0.0'>
<listen type='address' address='0.0.0.0'/> <listen type='address' address='0.0.0.0'/>
</graphics> </graphics>
@ -223,9 +224,8 @@ flavorTemplates:
</domain> </domain>
{% endif %} {% endif %}
volumeTemplate: | volumeTemplate: |
{% set nodename = 'worker-' + item|string %}
<volume> <volume>
<name>{{ nodename }}</name> <name>{{ domain.name }}</name>
<allocation>0</allocation> <allocation>0</allocation>
<capacity unit='G'>{{ flavors.worker.rootSize }}</capacity> <capacity unit='G'>{{ flavors.worker.rootSize }}</capacity>
<target> <target>

34
manifests/function/vino/upstream/manager/inventory-template.yaml
View File

@ -1,34 +0,0 @@
# NOTE: auto-generated. Some fields should NOT be modified.
# Date: 2021-03-16 10:05:35 UTC
#
# Contains the "inventory object" template ConfigMap.
# When this object is applied, it is handled specially,
# storing the metadata of all the other objects applied.
# This object and its stored inventory is subsequently
# used to calculate the set of objects to automatically
# delete (prune), when an object is omitted from further
# applies. When applied, this "inventory object" is also
# used to identify the entire set of objects to delete.
#
# NOTE: The name of this inventory template file
# does NOT have any impact on group-related functionality
# such as deletion or pruning.
#
apiVersion: v1
kind: ConfigMap
metadata:
# DANGER: Do not change the inventory object namespace.
# Changing the namespace will cause a loss of continuity
# with previously applied grouped objects. Set deletion
# and pruning functionality will be impaired.
namespace: default
# NOTE: The name of the inventory object does NOT have
# any impact on group-related functionality such as
# deletion or pruning.
name: inventory-15862452
labels:
# DANGER: Do not change the value of this label.
# Changing this value will cause a loss of continuity
# with previously applied grouped objects. Set deletion
# and pruning functionality will be impaired.
cli-utils.sigs.k8s.io/inventory-id: 6e088520-63c2-4b5d-82ea-4f2cb089920f

19
manifests/function/vino/upstream/manager/kustomization.yaml
View File

@ -1,5 +1,6 @@
resources: resources:
- manager.yaml - manager.yaml
configMapGenerator: configMapGenerator:
- name: daemonset-template - name: daemonset-template
options: options:
@ -10,19 +11,29 @@ configMapGenerator:
options: options:
disableNameSuffixHash: true disableNameSuffixHash: true
files: files:
- flavors.yaml - flavors.yaml
- name: flavor-templates - name: flavor-templates
options: options:
disableNameSuffixHash: true disableNameSuffixHash: true
files: files:
- flavor-templates.yaml - flavor-templates.yaml
- name: network-templates - name: network-templates
options: options:
disableNameSuffixHash: true disableNameSuffixHash: true
files: files:
- network-templates.yaml - network-templates.yaml
- name: storage-templates - name: storage-templates
options: options:
disableNameSuffixHash: true disableNameSuffixHash: true
files: files:
- storage-templates.yaml - storage-templates.yaml
- name: libvirt-qemu-conf
options:
disableNameSuffixHash: true
files:
- qemu.conf
- name: create-libvirt-vnc-cert
options:
disableNameSuffixHash: true
files:
- create_tls_cert.sh

8
manifests/function/vino/upstream/manager/manager.yaml
View File

@ -38,8 +38,8 @@ spec:
cpu: 100m cpu: 100m
memory: 20Mi memory: 20Mi
env: env:
- name: RUNTIME_NAMESPACE - name: RUNTIME_NAMESPACE
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
terminationGracePeriodSeconds: 10 terminationGracePeriodSeconds: 10

30
manifests/function/vino/upstream/manager/network-templates.yaml
View File

@ -1,17 +1,15 @@
libvirtNetworks: libvirtNetworks:
- name: management management:
libvirtTemplate: | libvirtTemplate: |
<network> <network>
<name>management</name> <name>{{ network.name }}</name>
<forward mode='route'/> <forward mode='route'/>
<bridge name='management' stp='off' delay='0'/> <bridge name='vm-infra-bridge' stp='off' delay='0' {% if network.physicalInterface is defined %} dev='{{ network.physicalInterface }}' {% endif %}/>
<ip address='{{ networks[0].routes[0].gateway }}' netmask='255.255.240.0'> <ip address='{{ ipam.bridge_ip | default(omit) }}' netmask='{{ ipam.bridge_subnet_netmask }}'>
<!-- <tftp root='/srv/tftp'/> --> <!-- <tftp root='/srv/tftp'/> -->
<dhcp> <dhcp>
<range start='{{ networks[0].allocationStart }}' end='{{ networks[0].allocationStop }}'/> <range start='{{ ipam.instance_ips[0] }}' end='{{ ipam.instance_ips[-1] }}'/>
<bootp file=''/> <bootp file='http://{{ pxeBootImageHost | default(ansible_default_ipv4.address) }}:{{ pxeBootImageHostPort | default(80) }}/dualboot.ipxe'/>
</dhcp> </dhcp>
</ip> </ip>
</network> </network>
# - name: mobility-gn
# libvirtTemplate:

6
manifests/function/vino/upstream/manager/qemu.conf Normal file
View File

@ -0,0 +1,6 @@
stdio_handler = "file"
user = "root"
group = "root"
security_driver = "none"
vnc_tls = 1
#vnc_tls_x509_verify = 1

26
manifests/function/vino/upstream/manager/storage-templates.yaml
View File

@ -1,14 +1,14 @@
libvirtStorage: libvirtStorage:
- name: vino-default - name: vino-default
libvirtTemplate: |- libvirtTemplate: |
<pool type='dir'> <pool type='dir'>
<name>vino-default</name> <name>vino-default</name>
<target> <target>
<path>/var/lib/libvirt/vino-pool</path> <path>/var/lib/libvirt/vino-pool</path>
<permissions> <permissions>
<mode>0711</mode> <mode>0711</mode>
<owner>0</owner> <owner>0</owner>
<group>0</group> <group>0</group>
</permissions> </permissions>
</target> </target>
</pool> </pool>

4
manifests/function/vino/upstream/rbac/Kptfile
View File

@ -5,7 +5,7 @@ metadata:
upstream: upstream:
type: git type: git
git: git:
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a commit: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
repo: https://opendev.org/airship/vino repo: https://opendev.org/airship/vino
directory: config/rbac directory: config/rbac
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a ref: 0e709c0d27b2052a5198f8d27d39bd25ed122dae

2
manifests/function/vino/upstream/rbac/kustomization.yaml
View File

@ -13,4 +13,4 @@ resources:
- auth_proxy_role_binding.yaml - auth_proxy_role_binding.yaml
- auth_proxy_client_clusterrole.yaml - auth_proxy_client_clusterrole.yaml
- vino_manager_role.yaml - vino_manager_role.yaml
- vino_manager_role_binding.yaml - vino_manager_role_binding.yaml

2
manifests/function/vino/upstream/rbac/leader_election_role.yaml
View File

@ -41,4 +41,4 @@ rules:
- create - create
- update - update
- patch - patch
- delete - delete

3
manifests/function/vino/upstream/rbac/role.yaml
View File

@ -1,6 +1,9 @@
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
creationTimestamp: null
name: manager-role name: manager-role
rules: rules:
- apiGroups: - apiGroups:

2
manifests/function/vino/upstream/rbac/vino_daemonset_controller_role_binding.yaml
View File

@ -9,4 +9,4 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: default name: default
namespace: vino-system namespace: vino-system

83
manifests/function/vino/upstream/rbac/vino_manager_role.yaml
View File

@ -1,46 +1,47 @@
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: cluster-manager-role name: cluster-manager-role
rules: rules:
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- secrets - secrets
verbs: verbs:
- create - create
- get - get
- watch - watch
- list - list
- delete - delete
- update - update
- apiGroups: - apiGroups:
- airship.airshipit.org - airship.airshipit.org
resources: resources:
- vinoes - vinoes
verbs: verbs:
- create - create
- delete - delete
- get - get
- list - list
- patch - patch
- update - update
- watch - watch
- apiGroups: - apiGroups:
- airship.airshipit.org - airship.airshipit.org
resources: resources:
- vinoes/status - vinoes/status
verbs: verbs:
- get - get
- patch - patch
- update - update
- apiGroups: - apiGroups:
- metal3.io - metal3.io
resources: resources:
- baremetalhosts - baremetalhosts
verbs: verbs:
- create - create
- get - get
- list - list
- patch - patch
- update - update

2
manifests/function/vino/upstream/rbac/vino_manager_role_binding.yaml
View File

@ -9,4 +9,4 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: default name: default
namespace: vino-system namespace: vino-system