airship/treasuremap
Code Issues Proposed changes

Merge "Uplift VINO function"

Browse Source
This commit is contained in:
Zuul 2021-05-25 22:10:12 +00:00 committed by Gerrit Code Review
commit b850bc140f
21 changed files with 889 additions and 492 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
manifests/function/vino/Kptfile
View File

@ -5,19 +5,19 @@ dependencies:
git: git:
repo: "https://opendev.org/airship/vino" repo: "https://opendev.org/airship/vino"
directory: "config/crd" directory: "config/crd"
ref: "3dc0698a85f618a24c40bd7862d1dd807fc73ae3" ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a"
- name: upstream/default - name: upstream/default
git: git:
repo: "https://opendev.org/airship/vino" repo: "https://opendev.org/airship/vino"
directory: "config/default" directory: "config/default"
ref: "3dc0698a85f618a24c40bd7862d1dd807fc73ae3" ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a"
- name: upstream/manager - name: upstream/manager
git: git:
repo: "https://opendev.org/airship/vino" repo: "https://opendev.org/airship/vino"
directory: "config/manager" directory: "config/manager"
ref: "3dc0698a85f618a24c40bd7862d1dd807fc73ae3" ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a"
- name: upstream/rbac - name: upstream/rbac
git: git:
repo: "https://opendev.org/airship/vino" repo: "https://opendev.org/airship/vino"
directory: "config/rbac" directory: "config/rbac"
ref: "3dc0698a85f618a24c40bd7862d1dd807fc73ae3" ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a"

6
manifests/function/vino/upstream/crd/Kptfile
View File

@ -5,10 +5,10 @@ metadata:
upstream: upstream:
type: git type: git
git: git:
commit: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3 commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
repo: https://github.com/airshipit/vino repo: https://opendev.org/airship/vino
directory: config/crd directory: config/crd
ref: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3 ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
openAPI: openAPI:
definitions: definitions:
io.k8s.cli.setters.replicas: io.k8s.cli.setters.replicas:

135
manifests/function/vino/upstream/crd/bases/airship.airshipit.org_ippools.yaml
View File

@ -1,4 +1,4 @@
apiVersion: apiextensions.k8s.io/v1beta1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
@ -13,69 +13,80 @@ spec:
plural: ippools plural: ippools
singular: ippool singular: ippool
scope: Namespaced scope: Namespaced
validation:
openAPIV3Schema:
description: IPPool is the Schema for the ippools API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: IPPoolSpec tracks allocation ranges and statuses within a specific
subnet IPv4 or IPv6 subnet. It has a set of ranges of IPs within the
subnet from which IPs can be allocated by IPAM, and a set of IPs that
are currently allocated already.
properties:
allocatedIPs:
items:
description: AllocatedIP Allocates an IP to an entity
properties:
allocatedTo:
type: string
ip:
type: string
required:
- allocatedTo
- ip
type: object
type: array
ranges:
items:
description: Range has (inclusive) bounds within a subnet from which
IPs can be allocated
properties:
start:
type: string
stop:
type: string
required:
- start
- stop
type: object
type: array
subnet:
type: string
required:
- allocatedIPs
- ranges
- subnet
type: object
status:
description: IPPoolStatus defines the observed state of IPPool
type: object
type: object
version: v1
versions: versions:
- name: v1 - name: v1
schema:
openAPIV3Schema:
description: IPPool is the Schema for the ippools API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: IPPoolSpec tracks allocation ranges and statuses within a
specific subnet IPv4 or IPv6 subnet. It has a set of ranges of IPs
within the subnet from which IPs can be allocated by IPAM, and a set
of IPs that are currently allocated already.
properties:
allocatedIPs:
items:
description: AllocatedIP Allocates an IP and MAC address to an entity
properties:
allocatedTo:
type: string
ip:
type: string
mac:
type: string
required:
- allocatedTo
- ip
- mac
type: object
type: array
macPrefix:
description: MACPrefix defines the MAC prefix to use for VM mac addresses
type: string
nextMAC:
description: NextMAC indicates the next MAC address (in sequence)
that will be provisioned to a VM in this Subnet
type: string
ranges:
items:
description: Range has (inclusive) bounds within a subnet from which
IPs can be allocated
properties:
start:
type: string
stop:
type: string
required:
- start
- stop
type: object
type: array
subnet:
type: string
required:
- allocatedIPs
- macPrefix
- nextMAC
- ranges
- subnet
type: object
status:
description: IPPoolStatus defines the observed state of IPPool
type: object
type: object
served: true served: true
storage: true storage: true
status: status:

617
manifests/function/vino/upstream/crd/bases/airship.airshipit.org_vinoes.yaml
View File

@ -1,4 +1,4 @@
apiVersion: apiextensions.k8s.io/v1beta1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
@ -13,147 +13,54 @@ spec:
plural: vinoes plural: vinoes
singular: vino singular: vino
scope: Namespaced scope: Namespaced
subresources: versions:
status: {} - name: v1
validation: schema:
openAPIV3Schema: openAPIV3Schema:
description: Vino is the Schema for the vinoes API description: Vino is the Schema for the vinoes API
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: VinoSpec defines the desired state of Vino description: VinoSpec defines the desired state of Vino
properties: properties:
bmcCredentials: bmcCredentials:
description: BMCCredentials contain credentials that will be used to description: BMCCredentials contain credentials that will be used
create BMH nodes sushy tools will use these credentials as well, to to create BMH nodes sushy tools will use these credentials as well,
set up authentication to set up authentication
properties:
password:
type: string
username:
type: string
required:
- password
- username
type: object
configuration:
description: Define CPU configuration
properties:
cpuExclude:
description: Exclude CPU example 0-4,54-60
type: string
type: object
daemonSetOptions:
description: DaemonSetOptions defines how vino will spawn daemonset
on nodes
properties:
libvirtImage:
type: string
namespacedName:
description: NamespacedName to be used to spawn VMs
properties:
name:
type: string
namespace:
type: string
type: object
nodeAnnotatorImage:
type: string
sushyImage:
type: string
vinoBuilderImage:
type: string
type: object
networks:
description: Define network parameters
items:
description: Network defines libvirt networks
properties: properties:
allocationStart: password:
type: string type: string
allocationStop: username:
type: string type: string
dns_servers: required:
items: - password
type: string - username
type: array type: object
name: configuration:
description: Network Parameter defined description: Define CPU configuration
type: string properties:
routes: cpuExclude:
items: description: Exclude CPU example 0-4,54-60
description: VMRoutes defined
properties:
gateway:
type: string
netmask:
type: string
network:
type: string
type: object
type: array
subnet:
type: string
type:
type: string type: string
type: object type: object
type: array daemonSetOptions:
nodeSelector: description: DaemonSetOptions defines how vino will spawn daemonset
description: Define nodelabel parameters on nodes
properties:
matchLabels:
additionalProperties:
type: string
description: Node type needs to specified
type: object
required:
- matchLabels
type: object
nodes:
description: Define node details
items:
description: NodeSet node definitions
properties: properties:
count: libvirtImage:
type: integer type: string
diskDrives: namespacedName:
description: DiskDrivesTemplate defines disks on the VM
properties:
name:
type: string
options:
description: DiskOptions disk options
properties:
sizeGb:
type: integer
sparse:
type: boolean
type: object
path:
type: string
type:
type: string
type: object
labels:
description: VMNodeFlavor labels for node to be annotated
properties:
vmFlavor:
additionalProperties:
type: string
type: object
type: object
libvirtTemplate:
description: NamespacedName to be used to spawn VMs description: NamespacedName to be used to spawn VMs
properties: properties:
name: name:
@ -161,183 +68,295 @@ spec:
namespace: namespace:
type: string type: string
type: object type: object
name: nodeAnnotatorImage:
description: Parameter for Node master or worker-standard
type: string type: string
networkDataTemplate: sushyImage:
description: NetworkDataTemplate must have a template key type: string
properties: vinoBuilderImage:
name: type: string
type: object
networks:
description: Define network parameters
items:
description: Network defines libvirt networks
properties:
allocationStart:
type: string
allocationStop:
type: string
dns_servers:
items:
type: string type: string
namespace: type: array
type: string macPrefix:
type: object description: MACPrefix defines the zero-padded MAC prefix to
networkInterfaces: use for VM mac addresses, and is the first address that will
items: be allocated sequentially to VMs in this network. If omitted,
description: NetworkInterface define interface on the VM a default private MAC prefix will be used. The prefix should
properties: be specified in full MAC notation, e.g. 06:42:42:00:00:00
mtu: type: string
type: integer name:
name: description: Network Parameter defined
description: Define parameter for network interfaces type: string
type: string routes:
network: items:
type: string description: VMRoutes defined
options: properties:
additionalProperties: gateway:
type: string type: string
type: object netmask:
type: type: string
network:
type: string
type: object
type: array
subnet:
type: string
type:
type: string
type: object
type: array
nodeLabelKeysToCopy:
description: NodeLabelKeysToCopy vino controller will get these labels
from k8s nodes and place them on BMHs that correspond to this node
items:
type: string
type: array
nodeSelector:
description: Define nodelabel parameters
properties:
matchLabels:
additionalProperties:
type: string
description: Node type needs to specified
type: object
required:
- matchLabels
type: object
nodes:
description: Define node details
items:
description: NodeSet node definitions
properties:
bmhLabels:
additionalProperties:
type: string
description: BMHLabels labels will be copied directly to BMHs
that will be created These labels will override keys from
k8s node, that are specified in vino.NodeLabelKeysToCopy
type: object
bootInterfaceName:
description: BootInterfaceName references the interface name
in the list of NetworkInterfaces Vino will take this interface
find its mac address and use it as bootMACAddress for BMH
type: string
count:
type: integer
diskDrives:
items:
description: DiskDrivesTemplate defines disks on the VM
properties:
name:
type: string
options:
description: DiskOptions disk options
properties:
sizeGb:
type: integer
sparse:
type: boolean
type: object
path:
type: string
type:
type: string
type: object
type: array
libvirtTemplate:
description: NamespacedName to be used to spawn VMs
properties:
name:
type: string
namespace:
type: string type: string
type: object type: object
type: array name:
type: object description: Parameter for Node control-plane or worker
type: array type: string
vmBridge: networkDataTemplate:
description: VMBridge defines the single interface name to be used as description: NetworkDataTemplate must have a template key
a bridge for VMs properties:
type: string name:
required: type: string
- bmcCredentials namespace:
- vmBridge type: string
type: object type: object
status: networkInterfaces:
description: VinoStatus defines the observed state of Vino items:
properties: description: NetworkInterface define interface on the VM
conditions: properties:
items: mtu:
description: "Condition contains details for one aspect of the current type: integer
state of this API Resource. --- This struct is intended for direct name:
use as an array at the field path .status.conditions. For example, description: Define parameter for network interfaces
type FooStatus struct{ // Represents the observations of a foo's type: string
current state. // Known .status.conditions.type are: \"Available\", network:
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // type: string
+patchStrategy=merge // +listType=map // +listMapKey=type options:
\ Conditions []metav1.Condition `json:\"conditions,omitempty\" additionalProperties:
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` type: string
\n // other fields }" type: object
type:
type: string
type: object
type: array
type: object
type: array
vmBridge:
description: VMBridge defines the single interface name to be used
as a bridge for VMs
type: string
required:
- bmcCredentials
- vmBridge
type: object
status:
description: VinoStatus defines the observed state of Vino
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are:
\"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
\ // +patchStrategy=merge // +listType=map // +listMapKey=type
\ Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
\n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
configMapRef:
description: 'ObjectReference contains enough information to let you
inspect or modify the referred object. --- New uses of this type
are discouraged because of difficulty describing its usage when
embedded in APIs. 1. Ignored fields. It includes many fields which
are not generally honored. For instance, ResourceVersion and FieldPath
are both very rarely valid in actual usage. 2. Invalid usage help. It
is impossible to add specific help for individual usage. In most
embedded usages, there are particular restrictions like, "must
refer only to types A and B" or "UID not honored" or "name must
be restricted". Those cannot be well described when embedded. 3.
Inconsistent validation. Because the usages are different, the
validation rules are different by usage, which makes it hard for
users to predict what will happen. 4. The fields are both imprecise
and overly precise. Kind is not a precise mapping to a URL. This
can produce ambiguity during interpretation and require a REST
mapping. In most cases, the dependency is on the group,resource
tuple and the version of the actual struct is irrelevant. 5.
We cannot easily change it. Because this type is embedded in many
locations, updates to this type will affect numerous schemas. Don''t
make new APIs embed an underspecified API type they do not control.
Instead of using this type, create a locally provided and used type
that is well-focused on your reference. For example, ServiceReferences
for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
.'
properties: properties:
lastTransitionTime: apiVersion:
description: lastTransitionTime is the last time the condition description: API version of the referent.
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string type: string
message: fieldPath:
description: message is a human readable message indicating details description: 'If referring to a piece of an object instead of
about the transition. This may be an empty string. an entire object, this string should contain a valid JSON/Go
maxLength: 32768 field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within
a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]"
(container with index 2 in this pod). This syntax is chosen
only to have some well-defined way of referencing a part of
an object. TODO: this design is not final and this field is
subject to change in the future.'
type: string type: string
observedGeneration: kind:
description: observedGeneration represents the .metadata.generation description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers of
specific condition types may define expected values and meanings
for this field, and whether the values are considered a guaranteed
API. The value should be a CamelCase string. This field may
not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string type: string
status: name:
description: status of the condition, one of True, False, Unknown. description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
enum:
- "True"
- "False"
- Unknown
type: string type: string
type: namespace:
description: type of condition in CamelCase or in foo.example.com/CamelCase. description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
--- Many .condition.type values are consistent across resources type: string
like Available, but because arbitrary conditions can be useful resourceVersion:
(see .node.status.conditions), the ability to deconflict is description: 'Specific resourceVersion to which this reference
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
maxLength: 316 type: string
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object type: object
type: array type: object
configMapRef: type: object
description: 'ObjectReference contains enough information to let you
inspect or modify the referred object. --- New uses of this type are
discouraged because of difficulty describing its usage when embedded
in APIs. 1. Ignored fields. It includes many fields which are not
generally honored. For instance, ResourceVersion and FieldPath are
both very rarely valid in actual usage. 2. Invalid usage help. It
is impossible to add specific help for individual usage. In most
embedded usages, there are particular restrictions like, "must
refer only to types A and B" or "UID not honored" or "name must be
restricted". Those cannot be well described when embedded. 3.
Inconsistent validation. Because the usages are different, the validation
rules are different by usage, which makes it hard for users to predict
what will happen. 4. The fields are both imprecise and overly precise. Kind
is not a precise mapping to a URL. This can produce ambiguity during
interpretation and require a REST mapping. In most cases, the dependency
is on the group,resource tuple and the version of the actual struct
is irrelevant. 5. We cannot easily change it. Because this type
is embedded in many locations, updates to this type will affect
numerous schemas. Don''t make new APIs embed an underspecified API
type they do not control. Instead of using this type, create a locally
provided and used type that is well-focused on your reference. For
example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
.'
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead of an
entire object, this string should contain a valid JSON/Go field
access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within
a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]"
(container with index 2 in this pod). This syntax is chosen only
to have some well-defined way of referencing a part of an object.
TODO: this design is not final and this field is subject to change
in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference is
made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
type: object
type: object
version: v1
versions:
- name: v1
served: true served: true
storage: true storage: true
subresources:
status: {}
status: status:
acceptedNames: acceptedNames:
kind: "" kind: ""

7
manifests/function/vino/upstream/crd/kustomization.yaml
View File

@ -7,13 +7,6 @@ resources:
- bases/bmh.yaml - bases/bmh.yaml
# +kubebuilder:scaffold:crdkustomizeresource # +kubebuilder:scaffold:crdkustomizeresource
patchesStrategicMerge:
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
# patches here are for enabling the conversion webhook for each CRD
#- patches/webhook_in_vinoes.yaml
#- patches/webhook_in_ippools.yaml
# +kubebuilder:scaffold:crdkustomizewebhookpatch
# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
# patches here are for enabling the CA injection for each CRD # patches here are for enabling the CA injection for each CRD
#- patches/cainjection_in_vinoes.yaml #- patches/cainjection_in_vinoes.yaml

7
manifests/function/vino/upstream/default/Kptfile
View File

@ -5,8 +5,7 @@ metadata:
upstream: upstream:
type: git type: git
git: git:
commit: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3 commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
repo: https://github.com/airshipit/vino repo: https://opendev.org/airship/vino
directory: config/default directory: config/default
ref: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3 ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a

48
manifests/function/vino/upstream/default/kustomization.yaml
View File

@ -1,17 +1,14 @@
# Adds namespace to all resources. # Adds namespace to all resources.
namespace: vino-system namespace: vino-system
# Value of this field is prepended to the # Value of this field is prepended to the
# names of all resources, e.g. a deployment named # names of all resources, e.g. a deployment named
# "wordpress" becomes "alices-wordpress". # "wordpress" becomes "alices-wordpress".
# Note that it should also match with the prefix (text before '-') of the namespace # Note that it should also match with the prefix (text before '-') of the namespace
# field above. # field above.
namePrefix: vino- namePrefix: vino-
# Labels to add to all resources and selectors. # Labels to add to all resources and selectors.
#commonLabels: #commonLabels:
# someName: someValue # someName: someValue
bases: bases:
- ../crd - ../crd
- ../rbac - ../rbac
@ -25,46 +22,7 @@ bases:
#- ../prometheus #- ../prometheus
patchesStrategicMerge: patchesStrategicMerge:
# Protect the /metrics endpoint by putting it behind auth. # Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics # If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line. # endpoint w/o any authn/z, please comment the following line.
- manager_auth_proxy_patch.yaml - manager_auth_proxy_patch.yaml
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
# crd/kustomization.yaml
#- manager_webhook_patch.yaml
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
# 'CERTMANAGER' needs to be enabled to use ca injection
#- webhookcainjection_patch.yaml
# the following config is for teaching kustomize how to do var substitution
vars:
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
# objref:
# kind: Certificate
# group: cert-manager.io
# version: v1alpha2
# name: serving-cert # this name should match the one in certificate.yaml
# fieldref:
# fieldpath: metadata.namespace
#- name: CERTIFICATE_NAME
# objref:
# kind: Certificate
# group: cert-manager.io
# version: v1alpha2
# name: serving-cert # this name should match the one in certificate.yaml
#- name: SERVICE_NAMESPACE # namespace of the service
# objref:
# kind: Service
# version: v1
# name: webhook-service
# fieldref:
# fieldpath: metadata.namespace
#- name: SERVICE_NAME
# objref:
# kind: Service
# version: v1
# name: webhook-service

8
manifests/function/vino/upstream/manager/Kptfile
View File

@ -5,15 +5,15 @@ metadata:
upstream: upstream:
type: git type: git
git: git:
commit: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3 commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
repo: https://github.com/airshipit/vino repo: https://opendev.org/airship/vino
directory: config/manager directory: config/manager
ref: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3 ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
openAPI: openAPI:
definitions: definitions:
io.k8s.cli.setters.replicas: io.k8s.cli.setters.replicas:
x-k8s-cli: x-k8s-cli:
setter: setter:
isSet: true
name: replicas name: replicas
value: "3" value: "3"
isSet: true

147
manifests/function/vino/upstream/manager/daemonset-template.yaml
View File

@ -19,7 +19,7 @@ spec:
- name: libvirt - name: libvirt
command: command:
- /tmp/libvirt.sh - /tmp/libvirt.sh
image: quay.io/airshipit/libvirt image: quay.io/airshipit/libvirt:latest-ubuntu_bionic
securityContext: securityContext:
privileged: true privileged: true
runAsUser: 0 runAsUser: 0
@ -31,8 +31,6 @@ spec:
- name: var-lib-libvirt - name: var-lib-libvirt
mountPath: /var/lib/libvirt mountPath: /var/lib/libvirt
mountPropagation: Bidirectional mountPropagation: Bidirectional
- name: var-lib-libvirt-images
mountPath: /var/lib/libvirt/images
- name: run - name: run
mountPath: /run mountPath: /run
- name: dev - name: dev
@ -41,16 +39,59 @@ spec:
mountPath: /sys/fs/cgroup mountPath: /sys/fs/cgroup
- name: logs - name: logs
mountPath: /var/log/libvirt mountPath: /var/log/libvirt
- mountPath: /var/lib/libvirt/vino-pool
name: var-lib-vino-pool
- mountPath: /etc/libvirt/qemu
name: etc-qemu
- mountPath: /etc/libvirt/nwfilter
name: etc-nwfilter
- mountPath: /etc/libvirt/hooks
name: etc-hooks
- mountPath: /etc/libvirt/storage
name: etc-storage
- mountPath: /var/lib/vino
name: var-lib-vino
- name: sushy - name: sushy
ports:
- containerPort: 8000
hostPort: 8000
image: quay.io/metal3-io/sushy-tools image: quay.io/metal3-io/sushy-tools
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["/usr/local/bin/sushy-emulator"] command: ["/usr/local/bin/sushy-emulator", "-i", "::", "--debug", "--port",
"8000"]
volumeMounts: volumeMounts:
- name: var-run-libvirt - name: var-run-libvirt
mountPath: /var/run/libvirt mountPath: /var/run/libvirt
- mountPath: /var/lib/libvirt
name: var-lib-libvirt
livenessProbe:
httpGet:
host: 127.0.0.1
path: /redfish/v1/Systems
port: 8000
initialDelaySeconds: 10
periodSeconds: 20
readinessProbe:
httpGet:
host: 127.0.0.1
path: /redfish/v1/Systems
port: 8000
initialDelaySeconds: 5
periodSeconds: 10
# - name: vino-reverse-proxy
# image: quay.io/airshipit/vino-reverse-proxy
# ports:
# - containerPort: 8000
# hostPort: 8000
# readinessProbe:
# tcpSocket:
# port: 8000
# host: 127.0.0.1
# initialDelaySeconds: 10
# periodSeconds: 5
# livenessProbe:
# tcpSocket:
# port: 8000
# host: 127.0.0.1
# initialDelaySeconds: 30
# periodSeconds: 30
- name: labeler - name: labeler
image: quay.io/airshipit/nodelabeler image: quay.io/airshipit/nodelabeler
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
@ -59,6 +100,51 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
- image: quay.io/airshipit/vino-builder
imagePullPolicy: IfNotPresent
name: vino-builder
ports:
- containerPort: 8001
hostPort: 8001
readinessProbe:
exec:
command:
- cat
- /tmp/healthy
initialDelaySeconds: 20
periodSeconds: 5
securityContext:
privileged: true
readOnlyRootFilesystem: false
runAsUser: 0
volumeMounts:
- mountPath: /var/lib/vino-builder/flavors
name: flavors
- mountPath: /var/lib/vino-builder/flavor-templates
name: flavor-templates
- mountPath: /var/lib/vino-builder/network-templates
name: network-templates
- mountPath: /var/lib/vino-builder/storage-templates
name: storage-templates
- mountPath: /tmp
name: pod-tmp
- mountPath: /lib/modules
name: libmodules
readOnly: true
- mountPath: /var/lib/libvirt
name: var-lib-libvirt
- mountPath: /var/run/libvirt
name: var-run-libvirt
- mountPath: /var/lib/libvirt/vino-pool
name: var-lib-vino-pool
- mountPath: /run
name: run
- mountPath: /dev
name: dev
- mountPath: /sys/fs/cgroup
name: cgroup
- mountPath: /var/log/libvirt
name: logs
volumes: volumes:
- name: libmodules - name: libmodules
hostPath: hostPath:
@ -66,9 +152,8 @@ spec:
- name: var-lib-libvirt - name: var-lib-libvirt
hostPath: hostPath:
path: /var/lib/libvirt path: /var/lib/libvirt
- name: var-lib-libvirt-images - hostPath: {}
hostPath: name: var-lib-libvirt-images
path: /var/lib/libvirt/images
- name: run - name: run
hostPath: hostPath:
path: /run path: /run
@ -84,3 +169,45 @@ spec:
- name: var-run-libvirt - name: var-run-libvirt
hostPath: hostPath:
path: /var/run/libvirt path: /var/run/libvirt
- configMap:
defaultMode: 0555
name: vino-flavors
name: flavors
- configMap:
defaultMode: 0555
name: vino-flavor-templates
name: flavor-templates
- configMap:
defaultMode: 0555
name: vino-network-templates
name: network-templates
- configMap:
defaultMode: 0555
name: vino-storage-templates
name: storage-templates
- emptyDir: {}
name: pod-tmp
- hostPath:
path: /var/lib/vino-pool
type: DirectoryOrCreate
name: var-lib-vino-pool
- hostPath:
path: /etc/vino-qemu
type: DirectoryOrCreate
name: etc-qemu
- hostPath:
path: /etc/vino-storage
type: DirectoryOrCreate
name: etc-storage
- hostPath:
path: /etc/vino-nwfilter
type: DirectoryOrCreate
name: etc-nwfilter
- hostPath:
path: /etc/vino-hooks
type: DirectoryOrCreate
name: etc-hooks
- hostPath:
path: /var/lib/vino
type: DirectoryOrCreate
name: var-lib-vino

234
manifests/function/vino/upstream/manager/flavor-templates.yaml Normal file
View File

@ -0,0 +1,234 @@
flavorTemplates:
master:
domainTemplate: |
{% set nodename = 'master-' + item|string %}
{% if domains[nodename] is defined %}
{% set domain = domains[nodename] %}
<domain type="kvm">
<name>{{ nodename }}</name>
<uuid>{{ nodename | hash('md5') }}</uuid>
<metadata>
<vino:flavor>master</vino:flavor>
<vino:creationTime>{{ ansible_date_time.date }}</vino:creationTime>
</metadata>
<memory unit="GiB">{{ flavors.master.memory }}</memory>
{% if flavors.worker.hugepages is defined and flavors.worker.hugepages == true %}
<memoryBacking>
<hugepages>
<page size='1' unit='GiB' />
</hugepages>
</memoryBacking>
{% endif %}
<vcpu placement="static">{{ flavors.master.vcpus }}</vcpu>
{% if node_core_map[nodename] is defined %}
# function to produce list of cpus, in same numa (controled by bool), state will need to be tracked via file on hypervisor host. gotpl psudo:
<cputune>
<shares>8192</shares>
{% for core in node_core_map[nodename] %}
<vcpupin vcpu="{{ loop.index0 }}" cpuset="{{ core }}"/>
{% endfor %}
<emulatorpin cpuset="{{ node_core_map[nodename]|join(',') }}"/>
</cputune>
{% endif %}
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch="x86_64" machine="pc">hvm</type>
<boot dev="hd"/>
</os>
<features>
<acpi/>
<apic/>
</features>
<cpu mode="host-passthrough" />
<clock offset="utc">
<timer name="pit" tickpolicy="delay"/>
<timer name="rtc" tickpolicy="catchup"/>
<timer name="hpet" present="no"/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
# for each disk requested
<disk type='volume' device='disk'>
<driver name="qemu" type="qcow2" cache="none" discard="unmap"/>
<source pool='vino-default' volume='{{ nodename }}'/>
<target dev='vde' bus='virtio'/>
</disk>
<controller type="usb" index="0" model="piix3-uhci">
<alias name="usb"/>
</controller>
<controller type="pci" index="0" model="pci-root">
<alias name="pci.0"/>
</controller>
<controller type="ide" index="0">
<alias name="ide"/>
</controller>
# for each interface defined in vino, e.g.
{% for if_name, if_values in domain.interfaces.items() %}
<interface type='bridge'>
<mac address='{{ if_values.macAddress }}'/>
<source bridge='{{ if_name }}'/>
<model type='virtio'/>
</interface>
{% endfor %}
<serial type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/>
</serial>
<serial type='pty'/>
<console type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/>
<target type='serial'/>
</console>
{% if domain.enable_vnc | default(false) %}
<graphics type='vnc' autoport='yes' listen='0.0.0.0'>
<listen type='address' address='0.0.0.0'/>
</graphics>
{% endif %}
<memballoon model="virtio">
<stats period="10"/>
<alias name="balloon0"/>
</memballoon>
</devices>
<seclabel type="dynamic" model="dac" relabel="yes">
<label>+42424:+104</label>
<imagelabel>+42424:+104</imagelabel>
</seclabel>
</domain>
{% endif %}
volumeTemplate: |
{% set nodename = 'master-' + item|string %}
<volume>
<name>{{ nodename }}</name>
<allocation>0</allocation>
<capacity unit='G'>{{ flavors.master.rootSize }}</capacity>
<target>
<format type='qcow2'/>
</target>
</volume>
worker:
domainTemplate: |
{% set nodename = 'worker-' + item|string %}
{% if domains[nodename] is defined %}
{% set domain = domains[nodename] %}
<domain type="kvm">
<name>{{ nodename }}</name>
<uuid>{{ nodename | hash('md5') }}</uuid>
<metadata>
<vino:flavor>worker</vino:flavor>
<vino:creationTime>{{ ansible_date_time.date }}</vino:creationTime>
</metadata>
<memory unit="GiB">{{ flavors.worker.memory }}</memory>
{% if flavors.worker.hugepages is defined and flavors.worker.hugepages == true %}
<memoryBacking>
<hugepages>
<page size='1' unit='GiB' />
</hugepages>
</memoryBacking>
{% endif %}
<vcpu placement="static">{{ flavors.worker.vcpus }}</vcpu>
{% if node_core_map[nodename] is defined %}
# function to produce list of cpus, in same numa (controled by bool), state will need to be tracked via file on hypervisor host. gotpl psudo:
<cputune>
<shares>8192</shares>
{% for core in node_core_map[nodename] %}
<vcpupin vcpu="{{ loop.index0 }}" cpuset="{{ core }}"/>
{% endfor %}
<emulatorpin cpuset="{{ node_core_map[nodename]|join(',') }}"/>
</cputune>
{% endif %}
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch="x86_64" machine="pc-i440fx-xenial">hvm</type>
<boot dev="hd"/>
</os>
<features>
<acpi/>
<apic/>
</features>
<cpu mode="host-passthrough" />
<clock offset="utc">
<timer name="pit" tickpolicy="delay"/>
<timer name="rtc" tickpolicy="catchup"/>
<timer name="hpet" present="no"/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
# for each disk requested
<disk type='volume' device='disk'>
<driver name="qemu" type="qcow2" cache="none" discard="unmap"/>
<source pool='vino-default' volume='{{ nodename }}'/>
<target dev='vde' bus='virtio'/>
</disk>
<controller type="usb" index="0" model="piix3-uhci">
<alias name="usb"/>
</controller>
<controller type="pci" index="0" model="pci-root">
<alias name="pci.0"/>
</controller>
<controller type="ide" index="0">
<alias name="ide"/>
</controller>
{% for if_name, if_values in domain.interfaces.items() %}
<interface type='bridge'>
<mac address='{{ if_values.macAddress }}'/>
<source bridge='{{ if_name }}'/>
<model type='virtio'/>
</interface>
{% endfor %}
<serial type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/>
</serial>
<serial type='pty'/>
<console type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/>
<target type='serial'/>
</console>
{% if domain.enable_vnc | default(false) %}
<graphics type='vnc' autoport='yes' listen='0.0.0.0'>
<listen type='address' address='0.0.0.0'/>
</graphics>
{% endif %}
<memballoon model="virtio">
<stats period="10"/>
<alias name="balloon0"/>
</memballoon>
</devices>
<seclabel type="dynamic" model="dac" relabel="yes">
<label>+42424:+104</label>
<imagelabel>+42424:+104</imagelabel>
</seclabel>
</domain>
{% endif %}
volumeTemplate: |
{% set nodename = 'worker-' + item|string %}
<volume>
<name>{{ nodename }}</name>
<allocation>0</allocation>
<capacity unit='G'>{{ flavors.worker.rootSize }}</capacity>
<target>
<format type='qcow2'/>
</target>
</volume>

9
manifests/function/vino/upstream/manager/flavors.yaml Normal file
View File

@ -0,0 +1,9 @@
flavors:
master:
vcpus: 1
memory: 4
rootSize: 30
worker:
vcpus: 1
memory: 2
rootSize: 10

21
manifests/function/vino/upstream/manager/kustomization.yaml
View File

@ -1,9 +1,28 @@
resources: resources:
- manager.yaml - manager.yaml
configMapGenerator: configMapGenerator:
- name: daemonset-template - name: daemonset-template
options: options:
disableNameSuffixHash: true disableNameSuffixHash: true
files: files:
- template=daemonset-template.yaml - template=daemonset-template.yaml
- name: flavors
options:
disableNameSuffixHash: true
files:
- flavors.yaml
- name: flavor-templates
options:
disableNameSuffixHash: true
files:
- flavor-templates.yaml
- name: network-templates
options:
disableNameSuffixHash: true
files:
- network-templates.yaml
- name: storage-templates
options:
disableNameSuffixHash: true
files:
- storage-templates.yaml

17
manifests/function/vino/upstream/manager/network-templates.yaml Normal file
View File

@ -0,0 +1,17 @@
libvirtNetworks:
- name: management
libvirtTemplate: |
<network>
<name>management</name>
<forward mode='route'/>
<bridge name='management' stp='off' delay='0'/>
<ip address='{{ networks[0].routes[0].gateway }}' netmask='255.255.240.0'>
<!-- <tftp root='/srv/tftp'/> -->
<dhcp>
<range start='{{ networks[0].allocationStart }}' end='{{ networks[0].allocationStop }}'/>
<bootp file=''/>
</dhcp>
</ip>
</network>
# - name: mobility-gn
# libvirtTemplate:

14
manifests/function/vino/upstream/manager/storage-templates.yaml Normal file
View File

@ -0,0 +1,14 @@
libvirtStorage:
- name: vino-default
libvirtTemplate: |-
<pool type='dir'>
<name>vino-default</name>
<target>
<path>/var/lib/libvirt/vino-pool</path>
<permissions>
<mode>0711</mode>
<owner>0</owner>
<group>0</group>
</permissions>
</target>
</pool>

7
manifests/function/vino/upstream/rbac/Kptfile
View File

@ -5,8 +5,7 @@ metadata:
upstream: upstream:
type: git type: git
git: git:
commit: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3 commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
repo: https://github.com/airshipit/vino repo: https://opendev.org/airship/vino
directory: config/rbac directory: config/rbac
ref: 3dc0698a85f618a24c40bd7862d1dd807fc73ae3 ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a

2
manifests/function/vino/upstream/rbac/kustomization.yaml
View File

@ -13,4 +13,4 @@ resources:
- auth_proxy_role_binding.yaml - auth_proxy_role_binding.yaml
- auth_proxy_client_clusterrole.yaml - auth_proxy_client_clusterrole.yaml
- vino_manager_role.yaml - vino_manager_role.yaml
- vino_manager_role_binding.yaml - vino_manager_role_binding.yaml

2
manifests/function/vino/upstream/rbac/leader_election_role.yaml
View File

@ -41,4 +41,4 @@ rules:
- create - create
- update - update
- patch - patch
- delete - delete

5
manifests/function/vino/upstream/rbac/role.yaml
View File

@ -1,9 +1,6 @@
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
creationTimestamp: null
name: manager-role name: manager-role
rules: rules:
- apiGroups: - apiGroups:
@ -13,6 +10,8 @@ rules:
verbs: verbs:
- get - get
- list - list
- patch
- update
- watch - watch
- apiGroups: - apiGroups:
- "" - ""

2
manifests/function/vino/upstream/rbac/vino_daemonset_controller_role_binding.yaml
View File

@ -9,4 +9,4 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: default name: default
namespace: vino-system namespace: vino-system

83
manifests/function/vino/upstream/rbac/vino_manager_role.yaml
View File

@ -1,47 +1,46 @@
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: cluster-manager-role name: cluster-manager-role
rules: rules:
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- secrets - secrets
verbs: verbs:
- create - create
- get - get
- watch - watch
- list - list
- delete - delete
- update - update
- apiGroups: - apiGroups:
- airship.airshipit.org - airship.airshipit.org
resources: resources:
- vinoes - vinoes
verbs: verbs:
- create - create
- delete - delete
- get - get
- list - list
- patch - patch
- update - update
- watch - watch
- apiGroups: - apiGroups:
- airship.airshipit.org - airship.airshipit.org
resources: resources:
- vinoes/status - vinoes/status
verbs: verbs:
- get - get
- patch - patch
- update - update
- apiGroups: - apiGroups:
- metal3.io - metal3.io
resources: resources:
- baremetalhosts - baremetalhosts
verbs: verbs:
- create - create
- get - get
- list - list
- patch - patch
- update - update

2
manifests/function/vino/upstream/rbac/vino_manager_role_binding.yaml
View File

@ -9,4 +9,4 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: default name: default
namespace: vino-system namespace: vino-system