airship/treasuremap
Code Issues Proposed changes

Uplift VINO function

Browse Source 
Closes: #145
Change-Id: Id47007f762aebf2faee36c384c754eddb4982960
This commit is contained in:
Kostiantyn Kalynovskyi 2021-05-21 17:34:38 +00:00 committed by Kostyantyn Kalynovskyi
parent 3ec45406b2
commit 70f4b92003
21 changed files with 889 additions and 492 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
manifests/function/vino/Kptfile
View File

@ -5,19 +5,19 @@ dependencies:
git:
repo: "https://opendev.org/airship/vino"
directory: "config/crd"
ref: "3dc0698a85f618a24c40bd7862d1dd807fc73ae3"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a"
- name: upstream/default
git:
repo: "https://opendev.org/airship/vino"
directory: "config/default"
ref: "3dc0698a85f618a24c40bd7862d1dd807fc73ae3"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a"
- name: upstream/manager
git:
repo: "https://opendev.org/airship/vino"
directory: "config/manager"
ref: "3dc0698a85f618a24c40bd7862d1dd807fc73ae3"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a"
- name: upstream/rbac
git:
repo: "https://opendev.org/airship/vino"
directory: "config/rbac"
ref: "3dc0698a85f618a24c40bd7862d1dd807fc73ae3"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a"

6
manifests/function/vino/upstream/crd/Kptfile
View File

@ -5,10 +5,10 @@ metadata:
upstream:
type: git
git:
commit: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3
repo: https://github.com/airshipit/vino
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
repo: https://opendev.org/airship/vino
directory: config/crd
ref: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
openAPI:
definitions:
io.k8s.cli.setters.replicas:

135
manifests/function/vino/upstream/crd/bases/airship.airshipit.org_ippools.yaml
View File

@ -1,4 +1,4 @@
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
@ -13,69 +13,80 @@ spec:
plural: ippools
singular: ippool
scope: Namespaced
validation:
openAPIV3Schema:
description: IPPool is the Schema for the ippools API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: IPPoolSpec tracks allocation ranges and statuses within a specific
subnet IPv4 or IPv6 subnet. It has a set of ranges of IPs within the
subnet from which IPs can be allocated by IPAM, and a set of IPs that
are currently allocated already.
properties:
allocatedIPs:
items:
description: AllocatedIP Allocates an IP to an entity
properties:
allocatedTo:
type: string
ip:
type: string
required:
- allocatedTo
- ip
type: object
type: array
ranges:
items:
description: Range has (inclusive) bounds within a subnet from which
IPs can be allocated
properties:
start:
type: string
stop:
type: string
required:
- start
- stop
type: object
type: array
subnet:
type: string
required:
- allocatedIPs
- ranges
- subnet
type: object
status:
description: IPPoolStatus defines the observed state of IPPool
type: object
type: object
version: v1
versions:
- name: v1
schema:
openAPIV3Schema:
description: IPPool is the Schema for the ippools API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: IPPoolSpec tracks allocation ranges and statuses within a
specific subnet IPv4 or IPv6 subnet. It has a set of ranges of IPs
within the subnet from which IPs can be allocated by IPAM, and a set
of IPs that are currently allocated already.
properties:
allocatedIPs:
items:
description: AllocatedIP Allocates an IP and MAC address to an entity
properties:
allocatedTo:
type: string
ip:
type: string
mac:
type: string
required:
- allocatedTo
- ip
- mac
type: object
type: array
macPrefix:
description: MACPrefix defines the MAC prefix to use for VM mac addresses
type: string
nextMAC:
description: NextMAC indicates the next MAC address (in sequence)
that will be provisioned to a VM in this Subnet
type: string
ranges:
items:
description: Range has (inclusive) bounds within a subnet from which
IPs can be allocated
properties:
start:
type: string
stop:
type: string
required:
- start
- stop
type: object
type: array
subnet:
type: string
required:
- allocatedIPs
- macPrefix
- nextMAC
- ranges
- subnet
type: object
status:
description: IPPoolStatus defines the observed state of IPPool
type: object
type: object
served: true
storage: true
status:

617
manifests/function/vino/upstream/crd/bases/airship.airshipit.org_vinoes.yaml
View File

@ -1,4 +1,4 @@
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
@ -13,147 +13,54 @@ spec:
plural: vinoes
singular: vino
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: Vino is the Schema for the vinoes API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: VinoSpec defines the desired state of Vino
properties:
bmcCredentials:
description: BMCCredentials contain credentials that will be used to
create BMH nodes sushy tools will use these credentials as well, to
set up authentication
properties:
password:
type: string
username:
type: string
required:
- password
- username
type: object
configuration:
description: Define CPU configuration
properties:
cpuExclude:
description: Exclude CPU example 0-4,54-60
type: string
type: object
daemonSetOptions:
description: DaemonSetOptions defines how vino will spawn daemonset
on nodes
properties:
libvirtImage:
type: string
namespacedName:
description: NamespacedName to be used to spawn VMs
properties:
name:
type: string
namespace:
type: string
type: object
nodeAnnotatorImage:
type: string
sushyImage:
type: string
vinoBuilderImage:
type: string
type: object
networks:
description: Define network parameters
items:
description: Network defines libvirt networks
versions:
- name: v1
schema:
openAPIV3Schema:
description: Vino is the Schema for the vinoes API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: VinoSpec defines the desired state of Vino
properties:
bmcCredentials:
description: BMCCredentials contain credentials that will be used
to create BMH nodes sushy tools will use these credentials as well,
to set up authentication
properties:
allocationStart:
password:
type: string
allocationStop:
username:
type: string
dns_servers:
items:
type: string
type: array
name:
description: Network Parameter defined
type: string
routes:
items:
description: VMRoutes defined
properties:
gateway:
type: string
netmask:
type: string
network:
type: string
type: object
type: array
subnet:
type: string
type:
required:
- password
- username
type: object
configuration:
description: Define CPU configuration
properties:
cpuExclude:
description: Exclude CPU example 0-4,54-60
type: string
type: object
type: array
nodeSelector:
description: Define nodelabel parameters
properties:
matchLabels:
additionalProperties:
type: string
description: Node type needs to specified
type: object
required:
- matchLabels
type: object
nodes:
description: Define node details
items:
description: NodeSet node definitions
daemonSetOptions:
description: DaemonSetOptions defines how vino will spawn daemonset
on nodes
properties:
count:
type: integer
diskDrives:
description: DiskDrivesTemplate defines disks on the VM
properties:
name:
type: string
options:
description: DiskOptions disk options
properties:
sizeGb:
type: integer
sparse:
type: boolean
type: object
path:
type: string
type:
type: string
type: object
labels:
description: VMNodeFlavor labels for node to be annotated
properties:
vmFlavor:
additionalProperties:
type: string
type: object
type: object
libvirtTemplate:
libvirtImage:
type: string
namespacedName:
description: NamespacedName to be used to spawn VMs
properties:
name:
@ -161,183 +68,295 @@ spec:
namespace:
type: string
type: object
name:
description: Parameter for Node master or worker-standard
nodeAnnotatorImage:
type: string
networkDataTemplate:
description: NetworkDataTemplate must have a template key
properties:
name:
sushyImage:
type: string
vinoBuilderImage:
type: string
type: object
networks:
description: Define network parameters
items:
description: Network defines libvirt networks
properties:
allocationStart:
type: string
allocationStop:
type: string
dns_servers:
items:
type: string
namespace:
type: string
type: object
networkInterfaces:
items:
description: NetworkInterface define interface on the VM
properties:
mtu:
type: integer
name:
description: Define parameter for network interfaces
type: string
network:
type: string
options:
additionalProperties:
type: array
macPrefix:
description: MACPrefix defines the zero-padded MAC prefix to
use for VM mac addresses, and is the first address that will
be allocated sequentially to VMs in this network. If omitted,
a default private MAC prefix will be used. The prefix should
be specified in full MAC notation, e.g. 06:42:42:00:00:00
type: string
name:
description: Network Parameter defined
type: string
routes:
items:
description: VMRoutes defined
properties:
gateway:
type: string
type: object
type:
netmask:
type: string
network:
type: string
type: object
type: array
subnet:
type: string
type:
type: string
type: object
type: array
nodeLabelKeysToCopy:
description: NodeLabelKeysToCopy vino controller will get these labels
from k8s nodes and place them on BMHs that correspond to this node
items:
type: string
type: array
nodeSelector:
description: Define nodelabel parameters
properties:
matchLabels:
additionalProperties:
type: string
description: Node type needs to specified
type: object
required:
- matchLabels
type: object
nodes:
description: Define node details
items:
description: NodeSet node definitions
properties:
bmhLabels:
additionalProperties:
type: string
description: BMHLabels labels will be copied directly to BMHs
that will be created These labels will override keys from
k8s node, that are specified in vino.NodeLabelKeysToCopy
type: object
bootInterfaceName:
description: BootInterfaceName references the interface name
in the list of NetworkInterfaces Vino will take this interface
find its mac address and use it as bootMACAddress for BMH
type: string
count:
type: integer
diskDrives:
items:
description: DiskDrivesTemplate defines disks on the VM
properties:
name:
type: string
options:
description: DiskOptions disk options
properties:
sizeGb:
type: integer
sparse:
type: boolean
type: object
path:
type: string
type:
type: string
type: object
type: array
libvirtTemplate:
description: NamespacedName to be used to spawn VMs
properties:
name:
type: string
namespace:
type: string
type: object
type: array
type: object
type: array
vmBridge:
description: VMBridge defines the single interface name to be used as
a bridge for VMs
type: string
required:
- bmcCredentials
- vmBridge
type: object
status:
description: VinoStatus defines the observed state of Vino
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a foo's
current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type //
+patchStrategy=merge // +listType=map // +listMapKey=type
\ Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
\n // other fields }"
name:
description: Parameter for Node control-plane or worker
type: string
networkDataTemplate:
description: NetworkDataTemplate must have a template key
properties:
name:
type: string
namespace:
type: string
type: object
networkInterfaces:
items:
description: NetworkInterface define interface on the VM
properties:
mtu:
type: integer
name:
description: Define parameter for network interfaces
type: string
network:
type: string
options:
additionalProperties:
type: string
type: object
type:
type: string
type: object
type: array
type: object
type: array
vmBridge:
description: VMBridge defines the single interface name to be used
as a bridge for VMs
type: string
required:
- bmcCredentials
- vmBridge
type: object
status:
description: VinoStatus defines the observed state of Vino
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are:
\"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
\ // +patchStrategy=merge // +listType=map // +listMapKey=type
\ Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
\n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
configMapRef:
description: 'ObjectReference contains enough information to let you
inspect or modify the referred object. --- New uses of this type
are discouraged because of difficulty describing its usage when
embedded in APIs. 1. Ignored fields. It includes many fields which
are not generally honored. For instance, ResourceVersion and FieldPath
are both very rarely valid in actual usage. 2. Invalid usage help. It
is impossible to add specific help for individual usage. In most
embedded usages, there are particular restrictions like, "must
refer only to types A and B" or "UID not honored" or "name must
be restricted". Those cannot be well described when embedded. 3.
Inconsistent validation. Because the usages are different, the
validation rules are different by usage, which makes it hard for
users to predict what will happen. 4. The fields are both imprecise
and overly precise. Kind is not a precise mapping to a URL. This
can produce ambiguity during interpretation and require a REST
mapping. In most cases, the dependency is on the group,resource
tuple and the version of the actual struct is irrelevant. 5.
We cannot easily change it. Because this type is embedded in many
locations, updates to this type will affect numerous schemas. Don''t
make new APIs embed an underspecified API type they do not control.
Instead of using this type, create a locally provided and used type
that is well-focused on your reference. For example, ServiceReferences
for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
.'
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
apiVersion:
description: API version of the referent.
type: string
message:
description: message is a human readable message indicating details
about the transition. This may be an empty string.
maxLength: 32768
fieldPath:
description: 'If referring to a piece of an object instead of
an entire object, this string should contain a valid JSON/Go
field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within
a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]"
(container with index 2 in this pod). This syntax is chosen
only to have some well-defined way of referencing a part of
an object. TODO: this design is not final and this field is
subject to change in the future.'
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers of
specific condition types may define expected values and meanings
for this field, and whether the values are considered a guaranteed
API. The value should be a CamelCase string. This field may
not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
configMapRef:
description: 'ObjectReference contains enough information to let you
inspect or modify the referred object. --- New uses of this type are
discouraged because of difficulty describing its usage when embedded
in APIs. 1. Ignored fields. It includes many fields which are not
generally honored. For instance, ResourceVersion and FieldPath are
both very rarely valid in actual usage. 2. Invalid usage help. It
is impossible to add specific help for individual usage. In most
embedded usages, there are particular restrictions like, "must
refer only to types A and B" or "UID not honored" or "name must be
restricted". Those cannot be well described when embedded. 3.
Inconsistent validation. Because the usages are different, the validation
rules are different by usage, which makes it hard for users to predict
what will happen. 4. The fields are both imprecise and overly precise. Kind
is not a precise mapping to a URL. This can produce ambiguity during
interpretation and require a REST mapping. In most cases, the dependency
is on the group,resource tuple and the version of the actual struct
is irrelevant. 5. We cannot easily change it. Because this type
is embedded in many locations, updates to this type will affect
numerous schemas. Don''t make new APIs embed an underspecified API
type they do not control. Instead of using this type, create a locally
provided and used type that is well-focused on your reference. For
example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
.'
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead of an
entire object, this string should contain a valid JSON/Go field
access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within
a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]"
(container with index 2 in this pod). This syntax is chosen only
to have some well-defined way of referencing a part of an object.
TODO: this design is not final and this field is subject to change
in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference is
made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
type: object
type: object
version: v1
versions:
- name: v1
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""

7
manifests/function/vino/upstream/crd/kustomization.yaml
View File

@ -7,13 +7,6 @@ resources:
- bases/bmh.yaml
# +kubebuilder:scaffold:crdkustomizeresource
patchesStrategicMerge:
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
# patches here are for enabling the conversion webhook for each CRD
#- patches/webhook_in_vinoes.yaml
#- patches/webhook_in_ippools.yaml
# +kubebuilder:scaffold:crdkustomizewebhookpatch
# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
# patches here are for enabling the CA injection for each CRD
#- patches/cainjection_in_vinoes.yaml

7
manifests/function/vino/upstream/default/Kptfile
View File

@ -5,8 +5,7 @@ metadata:
upstream:
type: git
git:
commit: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3
repo: https://github.com/airshipit/vino
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
repo: https://opendev.org/airship/vino
directory: config/default
ref: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a

48
manifests/function/vino/upstream/default/kustomization.yaml
View File

@ -1,17 +1,14 @@
# Adds namespace to all resources.
namespace: vino-system
# Value of this field is prepended to the
# names of all resources, e.g. a deployment named
# "wordpress" becomes "alices-wordpress".
# Note that it should also match with the prefix (text before '-') of the namespace
# field above.
namePrefix: vino-
# Labels to add to all resources and selectors.
#commonLabels:
# someName: someValue
bases:
- ../crd
- ../rbac
@ -25,46 +22,7 @@ bases:
#- ../prometheus
patchesStrategicMerge:
# Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line.
# Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line.
- manager_auth_proxy_patch.yaml
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
# crd/kustomization.yaml
#- manager_webhook_patch.yaml
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
# 'CERTMANAGER' needs to be enabled to use ca injection
#- webhookcainjection_patch.yaml
# the following config is for teaching kustomize how to do var substitution
vars:
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
# objref:
# kind: Certificate
# group: cert-manager.io
# version: v1alpha2
# name: serving-cert # this name should match the one in certificate.yaml
# fieldref:
# fieldpath: metadata.namespace
#- name: CERTIFICATE_NAME
# objref:
# kind: Certificate
# group: cert-manager.io
# version: v1alpha2
# name: serving-cert # this name should match the one in certificate.yaml
#- name: SERVICE_NAMESPACE # namespace of the service
# objref:
# kind: Service
# version: v1
# name: webhook-service
# fieldref:
# fieldpath: metadata.namespace
#- name: SERVICE_NAME
# objref:
# kind: Service
# version: v1
# name: webhook-service

8
manifests/function/vino/upstream/manager/Kptfile
View File

@ -5,15 +5,15 @@ metadata:
upstream:
type: git
git:
commit: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3
repo: https://github.com/airshipit/vino
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
repo: https://opendev.org/airship/vino
directory: config/manager
ref: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
openAPI:
definitions:
io.k8s.cli.setters.replicas:
x-k8s-cli:
setter:
isSet: true
name: replicas
value: "3"
isSet: true

147
manifests/function/vino/upstream/manager/daemonset-template.yaml
View File

@ -19,7 +19,7 @@ spec:
- name: libvirt
command:
- /tmp/libvirt.sh
image: quay.io/airshipit/libvirt
image: quay.io/airshipit/libvirt:latest-ubuntu_bionic
securityContext:
privileged: true
runAsUser: 0
@ -31,8 +31,6 @@ spec:
- name: var-lib-libvirt
mountPath: /var/lib/libvirt
mountPropagation: Bidirectional
- name: var-lib-libvirt-images
mountPath: /var/lib/libvirt/images
- name: run
mountPath: /run
- name: dev
@ -41,16 +39,59 @@ spec:
mountPath: /sys/fs/cgroup
- name: logs
mountPath: /var/log/libvirt
- mountPath: /var/lib/libvirt/vino-pool
name: var-lib-vino-pool
- mountPath: /etc/libvirt/qemu
name: etc-qemu
- mountPath: /etc/libvirt/nwfilter
name: etc-nwfilter
- mountPath: /etc/libvirt/hooks
name: etc-hooks
- mountPath: /etc/libvirt/storage
name: etc-storage
- mountPath: /var/lib/vino
name: var-lib-vino
- name: sushy
ports:
- containerPort: 8000
hostPort: 8000
image: quay.io/metal3-io/sushy-tools
imagePullPolicy: IfNotPresent
command: ["/usr/local/bin/sushy-emulator"]
command: ["/usr/local/bin/sushy-emulator", "-i", "::", "--debug", "--port",
"8000"]
volumeMounts:
- name: var-run-libvirt
mountPath: /var/run/libvirt
- mountPath: /var/lib/libvirt
name: var-lib-libvirt
livenessProbe:
httpGet:
host: 127.0.0.1
path: /redfish/v1/Systems
port: 8000
initialDelaySeconds: 10
periodSeconds: 20
readinessProbe:
httpGet:
host: 127.0.0.1
path: /redfish/v1/Systems
port: 8000
initialDelaySeconds: 5
periodSeconds: 10
# - name: vino-reverse-proxy
# image: quay.io/airshipit/vino-reverse-proxy
# ports:
# - containerPort: 8000
# hostPort: 8000
# readinessProbe:
# tcpSocket:
# port: 8000
# host: 127.0.0.1
# initialDelaySeconds: 10
# periodSeconds: 5
# livenessProbe:
# tcpSocket:
# port: 8000
# host: 127.0.0.1
# initialDelaySeconds: 30
# periodSeconds: 30
- name: labeler
image: quay.io/airshipit/nodelabeler
imagePullPolicy: IfNotPresent
@ -59,6 +100,51 @@ spec:
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- image: quay.io/airshipit/vino-builder
imagePullPolicy: IfNotPresent
name: vino-builder
ports:
- containerPort: 8001
hostPort: 8001
readinessProbe:
exec:
command:
- cat
- /tmp/healthy
initialDelaySeconds: 20
periodSeconds: 5
securityContext:
privileged: true
readOnlyRootFilesystem: false
runAsUser: 0
volumeMounts:
- mountPath: /var/lib/vino-builder/flavors
name: flavors
- mountPath: /var/lib/vino-builder/flavor-templates
name: flavor-templates
- mountPath: /var/lib/vino-builder/network-templates
name: network-templates
- mountPath: /var/lib/vino-builder/storage-templates
name: storage-templates
- mountPath: /tmp
name: pod-tmp
- mountPath: /lib/modules
name: libmodules
readOnly: true
- mountPath: /var/lib/libvirt
name: var-lib-libvirt
- mountPath: /var/run/libvirt
name: var-run-libvirt
- mountPath: /var/lib/libvirt/vino-pool
name: var-lib-vino-pool
- mountPath: /run
name: run
- mountPath: /dev
name: dev
- mountPath: /sys/fs/cgroup
name: cgroup
- mountPath: /var/log/libvirt
name: logs
volumes:
- name: libmodules
hostPath:
@ -66,9 +152,8 @@ spec:
- name: var-lib-libvirt
hostPath:
path: /var/lib/libvirt
- name: var-lib-libvirt-images
hostPath:
path: /var/lib/libvirt/images
- hostPath: {}
name: var-lib-libvirt-images
- name: run
hostPath:
path: /run
@ -84,3 +169,45 @@ spec:
- name: var-run-libvirt
hostPath:
path: /var/run/libvirt
- configMap:
defaultMode: 0555
name: vino-flavors
name: flavors
- configMap:
defaultMode: 0555
name: vino-flavor-templates
name: flavor-templates
- configMap:
defaultMode: 0555
name: vino-network-templates
name: network-templates
- configMap:
defaultMode: 0555
name: vino-storage-templates
name: storage-templates
- emptyDir: {}
name: pod-tmp
- hostPath:
path: /var/lib/vino-pool
type: DirectoryOrCreate
name: var-lib-vino-pool
- hostPath:
path: /etc/vino-qemu
type: DirectoryOrCreate
name: etc-qemu
- hostPath:
path: /etc/vino-storage
type: DirectoryOrCreate
name: etc-storage
- hostPath:
path: /etc/vino-nwfilter
type: DirectoryOrCreate
name: etc-nwfilter
- hostPath:
path: /etc/vino-hooks
type: DirectoryOrCreate
name: etc-hooks
- hostPath:
path: /var/lib/vino
type: DirectoryOrCreate
name: var-lib-vino

234
manifests/function/vino/upstream/manager/flavor-templates.yaml Normal file
View File

@ -0,0 +1,234 @@
flavorTemplates:
master:
domainTemplate: |
{% set nodename = 'master-' + item|string %}
{% if domains[nodename] is defined %}
{% set domain = domains[nodename] %}
<domain type="kvm">
<name>{{ nodename }}</name>
<uuid>{{ nodename | hash('md5') }}</uuid>
<metadata>
<vino:flavor>master</vino:flavor>
<vino:creationTime>{{ ansible_date_time.date }}</vino:creationTime>
</metadata>
<memory unit="GiB">{{ flavors.master.memory }}</memory>
{% if flavors.worker.hugepages is defined and flavors.worker.hugepages == true %}
<memoryBacking>
<hugepages>
<page size='1' unit='GiB' />
</hugepages>
</memoryBacking>
{% endif %}
<vcpu placement="static">{{ flavors.master.vcpus }}</vcpu>
{% if node_core_map[nodename] is defined %}
# function to produce list of cpus, in same numa (controled by bool), state will need to be tracked via file on hypervisor host. gotpl psudo:
<cputune>
<shares>8192</shares>
{% for core in node_core_map[nodename] %}
<vcpupin vcpu="{{ loop.index0 }}" cpuset="{{ core }}"/>
{% endfor %}
<emulatorpin cpuset="{{ node_core_map[nodename]|join(',') }}"/>
</cputune>
{% endif %}
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch="x86_64" machine="pc">hvm</type>
<boot dev="hd"/>
</os>
<features>
<acpi/>
<apic/>
</features>
<cpu mode="host-passthrough" />
<clock offset="utc">
<timer name="pit" tickpolicy="delay"/>
<timer name="rtc" tickpolicy="catchup"/>
<timer name="hpet" present="no"/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
# for each disk requested
<disk type='volume' device='disk'>
<driver name="qemu" type="qcow2" cache="none" discard="unmap"/>
<source pool='vino-default' volume='{{ nodename }}'/>
<target dev='vde' bus='virtio'/>
</disk>
<controller type="usb" index="0" model="piix3-uhci">
<alias name="usb"/>
</controller>
<controller type="pci" index="0" model="pci-root">
<alias name="pci.0"/>
</controller>
<controller type="ide" index="0">
<alias name="ide"/>
</controller>
# for each interface defined in vino, e.g.
{% for if_name, if_values in domain.interfaces.items() %}
<interface type='bridge'>
<mac address='{{ if_values.macAddress }}'/>
<source bridge='{{ if_name }}'/>
<model type='virtio'/>
</interface>
{% endfor %}
<serial type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/>
</serial>
<serial type='pty'/>
<console type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/>
<target type='serial'/>
</console>
{% if domain.enable_vnc | default(false) %}
<graphics type='vnc' autoport='yes' listen='0.0.0.0'>
<listen type='address' address='0.0.0.0'/>
</graphics>
{% endif %}
<memballoon model="virtio">
<stats period="10"/>
<alias name="balloon0"/>
</memballoon>
</devices>
<seclabel type="dynamic" model="dac" relabel="yes">
<label>+42424:+104</label>
<imagelabel>+42424:+104</imagelabel>
</seclabel>
</domain>
{% endif %}
volumeTemplate: |
{% set nodename = 'master-' + item|string %}
<volume>
<name>{{ nodename }}</name>
<allocation>0</allocation>
<capacity unit='G'>{{ flavors.master.rootSize }}</capacity>
<target>
<format type='qcow2'/>
</target>
</volume>
worker:
domainTemplate: |
{% set nodename = 'worker-' + item|string %}
{% if domains[nodename] is defined %}
{% set domain = domains[nodename] %}
<domain type="kvm">
<name>{{ nodename }}</name>
<uuid>{{ nodename | hash('md5') }}</uuid>
<metadata>
<vino:flavor>worker</vino:flavor>
<vino:creationTime>{{ ansible_date_time.date }}</vino:creationTime>
</metadata>
<memory unit="GiB">{{ flavors.worker.memory }}</memory>
{% if flavors.worker.hugepages is defined and flavors.worker.hugepages == true %}
<memoryBacking>
<hugepages>
<page size='1' unit='GiB' />
</hugepages>
</memoryBacking>
{% endif %}
<vcpu placement="static">{{ flavors.worker.vcpus }}</vcpu>
{% if node_core_map[nodename] is defined %}
# function to produce list of cpus, in same numa (controled by bool), state will need to be tracked via file on hypervisor host. gotpl psudo:
<cputune>
<shares>8192</shares>
{% for core in node_core_map[nodename] %}
<vcpupin vcpu="{{ loop.index0 }}" cpuset="{{ core }}"/>
{% endfor %}
<emulatorpin cpuset="{{ node_core_map[nodename]|join(',') }}"/>
</cputune>
{% endif %}
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch="x86_64" machine="pc-i440fx-xenial">hvm</type>
<boot dev="hd"/>
</os>
<features>
<acpi/>
<apic/>
</features>
<cpu mode="host-passthrough" />
<clock offset="utc">
<timer name="pit" tickpolicy="delay"/>
<timer name="rtc" tickpolicy="catchup"/>
<timer name="hpet" present="no"/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
# for each disk requested
<disk type='volume' device='disk'>
<driver name="qemu" type="qcow2" cache="none" discard="unmap"/>
<source pool='vino-default' volume='{{ nodename }}'/>
<target dev='vde' bus='virtio'/>
</disk>
<controller type="usb" index="0" model="piix3-uhci">
<alias name="usb"/>
</controller>
<controller type="pci" index="0" model="pci-root">
<alias name="pci.0"/>
</controller>
<controller type="ide" index="0">
<alias name="ide"/>
</controller>
{% for if_name, if_values in domain.interfaces.items() %}
<interface type='bridge'>
<mac address='{{ if_values.macAddress }}'/>
<source bridge='{{ if_name }}'/>
<model type='virtio'/>
</interface>
{% endfor %}
<serial type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/>
</serial>
<serial type='pty'/>
<console type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/>
<target type='serial'/>
</console>
{% if domain.enable_vnc | default(false) %}
<graphics type='vnc' autoport='yes' listen='0.0.0.0'>
<listen type='address' address='0.0.0.0'/>
</graphics>
{% endif %}
<memballoon model="virtio">
<stats period="10"/>
<alias name="balloon0"/>
</memballoon>
</devices>
<seclabel type="dynamic" model="dac" relabel="yes">
<label>+42424:+104</label>
<imagelabel>+42424:+104</imagelabel>
</seclabel>
</domain>
{% endif %}
volumeTemplate: |
{% set nodename = 'worker-' + item|string %}
<volume>
<name>{{ nodename }}</name>
<allocation>0</allocation>
<capacity unit='G'>{{ flavors.worker.rootSize }}</capacity>
<target>
<format type='qcow2'/>
</target>
</volume>

9
manifests/function/vino/upstream/manager/flavors.yaml Normal file
View File

@ -0,0 +1,9 @@
flavors:
master:
vcpus: 1
memory: 4
rootSize: 30
worker:
vcpus: 1
memory: 2
rootSize: 10

21
manifests/function/vino/upstream/manager/kustomization.yaml
View File

@ -1,9 +1,28 @@
resources:
- manager.yaml
configMapGenerator:
- name: daemonset-template
options:
disableNameSuffixHash: true
files:
- template=daemonset-template.yaml
- name: flavors
options:
disableNameSuffixHash: true
files:
- flavors.yaml
- name: flavor-templates
options:
disableNameSuffixHash: true
files:
- flavor-templates.yaml
- name: network-templates
options:
disableNameSuffixHash: true
files:
- network-templates.yaml
- name: storage-templates
options:
disableNameSuffixHash: true
files:
- storage-templates.yaml

17
manifests/function/vino/upstream/manager/network-templates.yaml Normal file
View File

@ -0,0 +1,17 @@
libvirtNetworks:
- name: management
libvirtTemplate: |
<network>
<name>management</name>
<forward mode='route'/>
<bridge name='management' stp='off' delay='0'/>
<ip address='{{ networks[0].routes[0].gateway }}' netmask='255.255.240.0'>
<!-- <tftp root='/srv/tftp'/> -->
<dhcp>
<range start='{{ networks[0].allocationStart }}' end='{{ networks[0].allocationStop }}'/>
<bootp file=''/>
</dhcp>
</ip>
</network>
# - name: mobility-gn
# libvirtTemplate:

14
manifests/function/vino/upstream/manager/storage-templates.yaml Normal file
View File

@ -0,0 +1,14 @@
libvirtStorage:
- name: vino-default
libvirtTemplate: |-
<pool type='dir'>
<name>vino-default</name>
<target>
<path>/var/lib/libvirt/vino-pool</path>
<permissions>
<mode>0711</mode>
<owner>0</owner>
<group>0</group>
</permissions>
</target>
</pool>

7
manifests/function/vino/upstream/rbac/Kptfile
View File

@ -5,8 +5,7 @@ metadata:
upstream:
type: git
git:
commit: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3
repo: https://github.com/airshipit/vino
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
repo: https://opendev.org/airship/vino
directory: config/rbac
ref: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a

2
manifests/function/vino/upstream/rbac/kustomization.yaml
View File

@ -13,4 +13,4 @@ resources:
- auth_proxy_role_binding.yaml
- auth_proxy_client_clusterrole.yaml
- vino_manager_role.yaml
- vino_manager_role_binding.yaml
- vino_manager_role_binding.yaml

2
manifests/function/vino/upstream/rbac/leader_election_role.yaml
View File

@ -41,4 +41,4 @@ rules:
- create
- update
- patch
- delete
- delete

5
manifests/function/vino/upstream/rbac/role.yaml
View File

@ -1,9 +1,6 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: manager-role
rules:
- apiGroups:
@ -13,6 +10,8 @@ rules:
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- ""

2
manifests/function/vino/upstream/rbac/vino_daemonset_controller_role_binding.yaml
View File

@ -9,4 +9,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: default
namespace: vino-system
namespace: vino-system

83
manifests/function/vino/upstream/rbac/vino_manager_role.yaml
View File

@ -1,47 +1,46 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cluster-manager-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- watch
- list
- delete
- update
- apiGroups:
- airship.airshipit.org
resources:
- vinoes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- airship.airshipit.org
resources:
- vinoes/status
verbs:
- get
- patch
- update
- apiGroups:
- metal3.io
resources:
- baremetalhosts
verbs:
- create
- get
- list
- patch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- watch
- list
- delete
- update
- apiGroups:
- airship.airshipit.org
resources:
- vinoes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- airship.airshipit.org
resources:
- vinoes/status
verbs:
- get
- patch
- update
- apiGroups:
- metal3.io
resources:
- baremetalhosts
verbs:
- create
- get
- list
- patch
- update

2
manifests/function/vino/upstream/rbac/vino_manager_role_binding.yaml
View File

@ -9,4 +9,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: default
namespace: vino-system
namespace: vino-system