Add KubeVirt app to StarlingX

Builds and installs a FluxCD package with KubeVirt.

This builds a deb format package that contains the .tgz file
that can be installed on the controller using
system application management.

Installation Steps for the Controller
  - Unpack deb package
  - Find the kubevirt.tgz versioned file in
    /usr/local/share/applications/helm/ and execute:
    	- 'system application-upload <kubevirt.tgz file>'
        - 'system application-apply kubevirt-app'
 - Verify that kubevirt is running by executing
   'kubectl get all -n kubevirt'
 - Verify that cdi is running by executing
   'kubectl get all -n cdi'
 - virtctl is installed to /var/opt/kubevirt

Test Plan:
  Passed: Install KubeVirt using sysinv
  Passed: Remove KubeVirt using sysinv
  Passed: Testing creating a Debian VM AIO-SX
  Passed: Executed virtctl
  Passed: Verify application-remove removes virtctl
  Passed: Exercised kubevirt.io lab 2 using CDI to import a VM

Story: 2010096
Task: 45651

Change-Id: I9624089a0f9e6a8dcdb7805c6b9091ae33c06cd7
Signed-off-by: Gleb Aronsky <gleb.aronsky@windriver.com>

.zuul.yaml

@@ -0,0 +1,33 @@
+---
+- project:
+    check:
+      jobs:
+        - openstack-tox-linters
+        - k8sapp-kubevirt-tox-py39
+        - k8sapp-kubevirt-tox-pylint
+    gate:
+      jobs:
+        - openstack-tox-linters
+        - k8sapp-kubevirt-tox-py39
+        - k8sapp-kubevirt-tox-pylint
+- job:
+    name: k8sapp-kubevirt-tox-py39
+    parent: tox-py39
+    description: |
+                Run py39 for KubeVirt app
+    nodeset: debian-bullseye
+    files:
+      - python-k8sapp-kubevirt/*
+    vars:
+        tox_envlist: py39
+        python_version: 3.9
+- job:
+    name: k8sapp-kubevirt-tox-pylint
+    parent: tox
+    description: |
+            Run pylint test for k8sapp_kubevirt
+    files:
+      - python-k8sapp-kubevirt/*
+    vars:
+      tox_envlist: pylint
+

CONTRIBUTING.rst

@@ -0,0 +1,16 @@
+If you would like to contribute to the development of OpenStack,
+you must follow the steps in this page:
+
+   https://docs.openstack.org/infra/manual/developers.html
+
+Once those steps have been completed, changes to OpenStack
+should be submitted for review via the Gerrit tool, following
+the workflow documented at:
+
+   https://docs.openstack.org/infra/manual/developers.html#development-workflow
+
+Pull requests submitted through GitHub will be ignored.
+
+Bugs should be filed in Launchpad:
+
+   https://bugs.launchpad.net/starlingx

HACKING.rst

@@ -0,0 +1,17 @@
+StarlingX KubeVirt-App Style Commandments
+===================================
+
+- Step 1: Read the OpenStack style commandments
+  https://docs.openstack.org/hacking/latest/
+- Step 2: Read on
+
+KubeVirt-App Specific Commandments
+--------------------------------
+
+None so far
+
+Running tests
+-------------
+The approach to running tests is to simply run the command ``tox``. This will
+create virtual environments, populate them with dependencies and run all of
+the tests that OpenStack CI systems run.

debian_build_layer.cfg

@@ -0,0 +1 @@
+flock

debian_pkg_dirs

@@ -0,0 +1,2 @@
+stx-kubevirt-app-helm
+python-k8sapp-kubevirt

debian_stable_docker_images.inc

@@ -0,0 +1 @@
+stx-kubevirt-app-helm

github_sync.trigger

@@ -0,0 +1,3 @@
+# to trigger the upload job to sync to GitHub
+1
+

python-k8sapp-kubevirt/debian/deb_folder/changelog

@@ -0,0 +1,6 @@
+python3-k8sapp-kubevirt (1.0-1) unstable; urgency=medium
+
+  * Initial Release
+
+  -- Gleb Aronsky <gleb.aronsky@windriver.com> Mon, 1 Aug 2022 08:00:00 +0000
+

python-k8sapp-kubevirt/debian/deb_folder/control

@@ -0,0 +1,26 @@
+Source: python3-k8sapp-kubevirt
+Section: libs
+Priority: optional
+Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
+Build-Depends: debhelper-compat (= 13),
+ dh-python,
+ python3-all,
+ python3-pbr,
+ python3-setuptools,
+ python3-wheel
+Standards-Version: 4.5.1
+Homepage: https://www.starlingx.io
+
+Package: python3-k8sapp-kubevirt
+Section: libs
+Architecture: any
+Depends: ${misc:Depends}, ${python3:Depends}
+Description: StarlingX Sysinv KubeVirt Extensions
+ This package contains sysinv plugins for the kubevirt K8S app.
+
+Package: python3-k8sapp-kubevirt-wheels
+Section: libs
+Architecture: any
+Depends: ${misc:Depends}, ${python3:Depends}, python3-wheel
+Description: StarlingX Sysinv KubeVirt Extension Wheels
+ This package contains python wheels for the KubeVirt K8S app plugins.

python-k8sapp-kubevirt/debian/deb_folder/copyright

@@ -0,0 +1,41 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: stx-kubevirt-app-helm
+Source: https://opendev.org/starlingx/app-kubevirt/
+
+Files: *
+Copyright: (c) 2013-2022 Wind River Systems, Inc
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.
+
+# If you want to use GPL v2 or later for the /debian/* files use
+# the following clauses, or change it to suit. Delete these two lines
+Files: debian/*
+Copyright: 2022 Wind River Systems, Inc
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.

python-k8sapp-kubevirt/debian/deb_folder/python3-k8sapp-kubevirt-wheels.install

@@ -0,0 +1 @@
+plugins/kubevirt-app/*.whl

python-k8sapp-kubevirt/debian/deb_folder/python3-k8sapp-kubevirt.install

@@ -0,0 +1,2 @@
+usr/lib/python3/dist-packages/k8sapp_kubevirt-1.0.0.egg-info/*
+usr/lib/python3/dist-packages/k8sapp_kubevirt/*

python-k8sapp-kubevirt/debian/deb_folder/rules

@@ -0,0 +1,20 @@
+#!/usr/bin/make -f
+# export DH_VERBOSE = 1
+
+export APP_NAME=kubevirt-app
+export PBR_VERSION=1.0.0
+export PYBUILD_NAME=k8sapp-kubevirt
+export ROOT=$(CURDIR)/debian/tmp
+export SKIP_PIP_INSTALL=1
+
+%:
+	dh $@ --with=python3 --buildsystem=pybuild
+
+override_dh_auto_build:
+	python3 setup.py build
+
+override_dh_auto_install:
+	python3 setup.py install --install-layout=deb --skip-build --root $(ROOT)
+	python3 setup.py bdist_wheel \
+		--universal \
+		-d $(ROOT)/plugins/$(APP_NAME)

python-k8sapp-kubevirt/debian/deb_folder/source/format

@@ -0,0 +1,2 @@
+3.0 (quilt)
+

python-k8sapp-kubevirt/debian/meta_data.yaml

@@ -0,0 +1,7 @@
+---
+debname: python3-k8sapp-kubevirt
+debver: 1.0-1
+src_path: k8sapp_kubevirt
+revision:
+  dist: $STX_DIST
+  PKG_GITREVCOUNT: true

python-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/__init__.py

@@ -0,0 +1,8 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# All Rights Reserved.
+#
+

python-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/common/__init__.py

@@ -0,0 +1,8 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# All Rights Reserved.
+#
+

python-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/common/constants.py

@@ -0,0 +1,25 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# All Rights Reserved.
+#
+
+HELM_APP_KUBEVIRT = 'kubevirt'
+HELM_APP_KUBEVIRT_CR = 'kubevirt.kubevirt.io/kubevirt'
+HELM_APP_KUBEVIRT_CRD = 'kubevirts.kubevirt.io'
+HELM_RELEASE_KUBEVIRT = 'kubevirt'
+HELM_CHART_KUBEVIRT = 'kubevirt'
+HELM_NS_KUBEVIRT = 'kubevirt'
+
+HELM_APP_CDI = 'cdi'
+HELM_APP_CDI_CR = 'cdi.cdi.kubevirt.io/cdi'
+HELM_APP_CDI_CRD = 'cdis.cdi.kubevirt.io'
+HELM_NS_CDI = 'cdi'
+HELM_APP_CDI_UPLOAD_API_V1_ALPHA_1 = 'v1alpha1.upload.cdi.kubevirt.io'
+HELM_APP_CDI_UPLOAD_API_V1_BETA_1 = 'v1beta1.upload.cdi.kubevirt.io'
+
+HELM_VIRTCTL_DIR = '/var/opt/kubevirt/'
+HELM_VIRTCTL_FILE_NAME = 'virtctl-v0.53.1-linux-amd64'
+HELM_VIRTCTL_PATH = HELM_VIRTCTL_DIR + HELM_VIRTCTL_FILE_NAME

python-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/helm/__init__.py

@@ -0,0 +1,5 @@
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+

python-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/helm/kubevirt.py

@@ -0,0 +1,48 @@
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+from k8sapp_kubevirt.common import constants as app_constants
+from sysinv.common import exception
+from sysinv.common import utils
+from sysinv.helm import base
+from oslo_log import log as logging
+from sysinv.db import api as dbapi
+
+LOG = logging.getLogger(__name__)
+
+class KubeVirtHelm(base.FluxCDBaseHelm):
+    """Class to encapsulate helm operations for the kubevirt chart"""
+
+    CHART = app_constants.HELM_CHART_KUBEVIRT
+    HELM_RELEASE = app_constants.HELM_RELEASE_KUBEVIRT
+    SERVICE_NAME = 'kubevirt'
+
+
+    SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \
+        [app_constants.HELM_NS_KUBEVIRT] + [app_constants.HELM_NS_CDI]
+
+    SUPPORTED_APP_NAMESPACES = {
+        app_constants.HELM_APP_KUBEVIRT:
+            base.BaseHelm.SUPPORTED_NAMESPACES + [app_constants.HELM_NS_KUBEVIRT] + [app_constants.HELM_NS_CDI],
+    }
+
+    def get_namespaces(self):
+        return self.SUPPORTED_NAMESPACES
+
+    def get_overrides(self, namespace=None):
+        overrides = {
+            app_constants.HELM_NS_KUBEVIRT: {
+                'featureGates': ['Snapshot'],
+                'useEmulation': utils.is_virtual(),
+                'replicas': '1' if utils.is_single_controller(dbapi.get_instance()) else '2'
+            }
+        }
+
+        if namespace in self.SUPPORTED_NAMESPACES:
+            return overrides[namespace]
+        elif namespace:
+            raise exception.InvalidHelmNamespace(chart=self.CHART,
+                                                 namespace=namespace)
+        else:
+            return overrides

python-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/lifecycle/__init__.py

@@ -0,0 +1,8 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# All Rights Reserved.
+#
+

python-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/lifecycle/lifecycle_kubevirt.py

@@ -0,0 +1,104 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# All Rights Reserved.
+#
+
+""" System inventory App lifecycle operator."""
+
+import os
+
+from k8sapp_kubevirt.common import constants as app_constants
+from oslo_log import log as logging
+from sysinv.common import constants
+from sysinv.common import exception
+from sysinv.common import kubernetes
+from sysinv.common import utils as cutils
+from sysinv.helm import lifecycle_base as base
+from sysinv.helm.lifecycle_constants import LifecycleConstants
+
+
+LOG = logging.getLogger(__name__)
+
+class KubeVirtAppLifecycleOperator(base.AppLifecycleOperator):
+    def app_lifecycle_actions(self, context, conductor_obj, app_op, app, hook_info):
+        """Perform lifecycle actions for an operation
+
+        :param context: request context, can be None
+        :param conductor_obj: conductor object, can be None
+        :param app_op: AppOperator object
+        :param app: AppOperator.Application object
+        :param hook_info: LifecycleHookInfo object
+
+        """
+        if hook_info.lifecycle_type == constants.APP_LIFECYCLE_TYPE_OPERATION:
+            if hook_info.operation == constants.APP_REMOVE_OP:
+                if hook_info.relative_timing == constants.APP_LIFECYCLE_TIMING_PRE:
+                    return self.pre_remove(app)
+                elif hook_info.relative_timing == constants.APP_LIFECYCLE_TIMING_POST:
+                    return self.post_remove(app)
+
+        super(KubeVirtAppLifecycleOperator, self).app_lifecycle_actions(
+            context, conductor_obj, app_op, app, hook_info
+        )
+
+    def pre_remove(self, app):
+        # Due to ordering of deletes, to prevent the namespace finalizer from waiting indefinitely,
+        # we need to ensure that the kubevirt and cdi custom resource.
+
+        LOG.debug(
+            "Executing pre_remove for {} app".format(app_constants.HELM_APP_KUBEVIRT)
+        )
+        cmd = ['kubectl', '--kubeconfig', kubernetes.KUBERNETES_ADMIN_CONF,
+               'delete', app_constants.HELM_APP_CDI_CR, '-n', app_constants.HELM_NS_CDI]
+        stdout, stderr = cutils.trycmd(*cmd)
+        LOG.debug("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr))
+
+        cmd = ['kubectl', '--kubeconfig', kubernetes.KUBERNETES_ADMIN_CONF,
+               'delete', app_constants.HELM_APP_KUBEVIRT_CR, '-n', app_constants.HELM_NS_KUBEVIRT]
+        stdout, stderr = cutils.trycmd(*cmd)
+        LOG.debug("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr))
+
+    def post_remove(self, app):
+        LOG.debug(
+            "Executing post_remove for {} app".format(app_constants.HELM_APP_KUBEVIRT)
+        )
+
+        # Due to ordering of deletes, to prevent the namespace finalizer from waiting indefinitely,
+        # we need to ensure we delete 2 APIs
+        cmd = ['kubectl', '--kubeconfig', kubernetes.KUBERNETES_ADMIN_CONF,
+               'delete', 'apiservices.apiregistration.k8s.io', app_constants.HELM_APP_CDI_UPLOAD_API_V1_ALPHA_1]
+        stdout, stderr = cutils.trycmd(*cmd)
+        LOG.debug("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr))
+ 
+        cmd = ['kubectl', '--kubeconfig', kubernetes.KUBERNETES_ADMIN_CONF,
+               'delete', 'apiservices.apiregistration.k8s.io', app_constants.HELM_APP_CDI_UPLOAD_API_V1_BETA_1]
+        stdout, stderr = cutils.trycmd(*cmd)
+        LOG.debug("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr))
+       
+        # Helm doesn't delete CRDs.  To clean up after application-remove, we need to explicitly delete the CRDs.
+        cmd = ['kubectl', '--kubeconfig', kubernetes.KUBERNETES_ADMIN_CONF,
+               'delete','crd',  app_constants.HELM_APP_CDI_CRD]
+        stdout, stderr = cutils.trycmd(*cmd)
+        LOG.debug("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr))
+
+        cmd = ['kubectl', '--kubeconfig', kubernetes.KUBERNETES_ADMIN_CONF,
+               'delete','crd',  app_constants.HELM_APP_KUBEVIRT_CRD]
+        stdout, stderr = cutils.trycmd(*cmd)
+        LOG.debug("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr))
+
+        # Remove virtctl binary
+        if os.path.exists(app_constants.HELM_VIRTCTL_PATH):
+          os.remove(app_constants.HELM_VIRTCTL_PATH)
+        else:
+          LOG.warning("Failed to delete {}".format(app_constants.HELM_VIRTCTL_PATH))
+
+        # Remove /var/opt/kubevirt if it is empty
+        dir = os.listdir(app_constants.HELM_VIRTCTL_DIR)
+        if len(dir) == 0:
+          os.rmdir(app_constants.HELM_VIRTCTL_DIR)
+          LOG.debug("Deleted directory {}".format(app_constants.HELM_VIRTCTL_DIR))
+        else:
+          LOG.warning("Directory {} is not empty - will not be deleted.".format(app_constants.HELM_VIRTCTL_DIR))

python-k8sapp-kubevirt/k8sapp_kubevirt/pylint.rc

@@ -0,0 +1,320 @@
+[MASTER]
+# Specify a configuration file.
+rcfile=pylint.rc
+
+# Python code to execute, usually for sys.path manipulation such as
+# pygtk.require().
+#init-hook=
+
+# Add files or directories to the blacklist. Should be base names, not paths.
+ignore=tests
+
+# Pickle collected data for later comparisons.
+persistent=yes
+
+# List of plugins (as comma separated values of python modules names) to load,
+# usually to register additional checkers.
+load-plugins=
+
+# Use multiple processes to speed up Pylint.
+jobs=4
+
+# Allow loading of arbitrary C extensions. Extensions are imported into the
+# active Python interpreter and may run arbitrary code.
+unsafe-load-any-extension=no
+
+# A comma-separated list of package or module names from where C extensions may
+# be loaded. Extensions are loading into the active Python interpreter and may
+# run arbitrary code
+extension-pkg-whitelist=lxml.etree,greenlet
+
+
+
+[MESSAGES CONTROL]
+# Enable the message, report, category or checker with the given id(s). You can
+# either give multiple identifier separated by comma (,) or put this option
+# multiple time.
+#
+# Python3 checker:
+#
+# E1601: print-statement
+# E1602: parameter-unpacking
+# E1603: unpacking-in-except
+# E1604: old-raise-syntax
+# E1605: backtick
+# E1606: long-suffix
+# E1607: old-ne-operator
+# E1608: old-octal-literal
+# E1609: import-star-module-level
+# E1610: non-ascii-bytes-literal
+# E1611: invalid-unicode-literal
+# W1601: apply-builtin
+# W1602: basestring-builtin
+# W1603: buffer-builtin
+# W1604: cmp-builtin
+# W1605: coerce-builtin
+# W1606: execfile-builtin
+# W1607: file-builtin
+# W1608: long-builtin
+# W1609: raw_input-builtin
+# W1610: reduce-builtin
+# W1611: standarderror-builtin
+# W1612: unicode-builtin
+# W1613: xrange-builtin
+# W1614: coerce-method
+# W1615: delslice-method
+# W1616: getslice-method
+# W1617: setslice-method
+# W1618: no-absolute-import
+# W1619: old-division
+# W1620: dict-iter-method
+# W1621: dict-view-method
+# W1622: next-method-called
+# W1623: metaclass-assignment
+# W1624: indexing-exception
+# W1625: raising-string
+# W1626: reload-builtin
+# W1627: oct-method
+# W1628: hex-method
+# W1629: nonzero-method
+# W1630: cmp-method
+# W1632: input-builtin
+# W1633: round-builtin
+# W1634: intern-builtin
+# W1635: unichr-builtin
+# W1636: map-builtin-not-iterating
+# W1637: zip-builtin-not-iterating
+# W1638: range-builtin-not-iterating
+# W1639: filter-builtin-not-iterating
+# W1640: using-cmp-argument
+# W1641: eq-without-hash
+# W1642: div-method
+# W1643: idiv-method
+# W1644: rdiv-method
+# W1645: exception-message-attribute
+# W1646: invalid-str-codec
+# W1647: sys-max-int
+# W1648: bad-python3-import
+# W1649: deprecated-string-function
+# W1650: deprecated-str-translate-call
+# W1651: deprecated-itertools-function
+# W1652: deprecated-types-field
+# W1653: next-method-defined
+# W1654: dict-items-not-iterating
+# W1655: dict-keys-not-iterating
+# W1656: dict-values-not-iterating
+# W1657: deprecated-operator-function
+# W1658: deprecated-urllib-function
+# W1659: xreadlines-attribute
+# W1660: deprecated-sys-function
+# W1661: exception-escape
+# W1662: comprehension-escape
+enable=E1603,E1609,E1610,E1602,E1606,E1608,E1607,E1605,E1604,E1601,E1611,W1652,
+       W1651,W1649,W1657,W1660,W1658,W1659,W1623,W1622,W1620,W1621,W1645,W1641,
+       W1624,W1648,W1625,W1611,W1662,W1661,W1650,W1640,W1630,W1614,W1615,W1642,
+       W1616,W1628,W1643,W1629,W1627,W1644,W1617,W1601,W1602,W1603,W1604,W1605,
+       W1654,W1655,W1656,W1619,W1606,W1607,W1639,W1632,W1634,W1608,W1636,
+       W1653,W1646,W1638,W1609,W1610,W1626,W1633,W1647,W1635,W1612,W1613,W1637
+
+
+# Disable the message, report, category or checker with the given id(s). You
+# can either give multiple identifier separated by comma (,) or put this option
+# multiple time (only on the command line, not in the configuration file where
+# it should appear only once).
+# See "Messages Control" section of
+# https://pylint.readthedocs.io/en/latest/user_guide
+# We are disabling (C)onvention
+# We are disabling (R)efactor
+# W1618: no-absolute-import
+disable=C, R, W1618
+
+[REPORTS]
+# Set the output format. Available formats are text, parseable, colorized, msvs
+# (visual studio) and html
+output-format=text
+
+# Put messages in a separate file for each module / package specified on the
+# command line instead of printing them on stdout. Reports (if any) will be
+# written in a file name "pylint_global.[txt|html]".
+files-output=no
+
+# Tells whether to display a full report or only the messages
+reports=yes
+
+# Python expression which should return a note less than 10 (10 is the highest
+# note). You have access to the variables errors warning, statement which
+# respectively contain the number of errors / warnings messages and the total
+# number of statements analyzed. This is used by the global evaluation report
+# (RP0004).
+evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
+
+
+[SIMILARITIES]
+# Minimum lines number of a similarity.
+min-similarity-lines=4
+
+# Ignore comments when computing similarities.
+ignore-comments=yes
+
+# Ignore docstrings when computing similarities.
+ignore-docstrings=yes
+
+
+[FORMAT]
+# Maximum number of characters on a single line.
+max-line-length=85
+
+# Maximum number of lines in a module
+max-module-lines=1000
+
+# String used as indentation unit. This is usually 4 spaces or "\t" (1 tab).
+indent-string='    '
+
+
+[TYPECHECK]
+# Tells whether missing members accessed in mixin class should be ignored. A
+# mixin class is detected if its name ends with "mixin" (case insensitive).
+ignore-mixin-members=yes
+
+# List of module names for which member attributes should not be checked
+# (useful for modules/projects where namespaces are manipulated during runtime
+# and thus existing member attributes cannot be deduced by static analysis
+ignored-modules=distutils,eventlet.green.subprocess,six,six.moves
+
+# List of classes names for which member attributes should not be checked
+# (useful for classes with attributes dynamically set).
+# pylint is confused by sqlalchemy Table, as well as sqlalchemy Enum types
+# ie: (unprovisioned, identity)
+# LookupDict in requests library confuses pylint
+ignored-classes=SQLObject, optparse.Values, thread._local, _thread._local,
+                Table, unprovisioned, identity, LookupDict
+
+# List of members which are set dynamically and missed by pylint inference
+# system, and so shouldn't trigger E0201 when accessed. Python regular
+# expressions are accepted.
+generated-members=REQUEST,acl_users,aq_parent
+
+
+[BASIC]
+# List of builtins function names that should not be used, separated by a comma
+bad-functions=map,filter,apply,input
+
+# Regular expression which should only match correct module names
+module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
+
+# Regular expression which should only match correct module level names
+const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$
+
+# Regular expression which should only match correct class names
+class-rgx=[A-Z_][a-zA-Z0-9]+$
+
+# Regular expression which should only match correct function names
+function-rgx=[a-z_][a-z0-9_]{2,30}$
+
+# Regular expression which should only match correct method names
+method-rgx=[a-z_][a-z0-9_]{2,30}$
+
+# Regular expression which should only match correct instance attribute names
+attr-rgx=[a-z_][a-z0-9_]{2,30}$
+
+# Regular expression which should only match correct argument names
+argument-rgx=[a-z_][a-z0-9_]{2,30}$
+
+# Regular expression which should only match correct variable names
+variable-rgx=[a-z_][a-z0-9_]{2,30}$
+
+# Regular expression which should only match correct list comprehension /
+# generator expression variable names
+inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
+
+# Good variable names which should always be accepted, separated by a comma
+good-names=i,j,k,ex,Run,_
+
+# Bad variable names which should always be refused, separated by a comma
+bad-names=foo,bar,baz,toto,tutu,tata
+
+# Regular expression which should only match functions or classes name which do
+# not require a docstring
+no-docstring-rgx=__.*__
+
+
+[MISCELLANEOUS]
+# List of note tags to take in consideration, separated by a comma.
+notes=FIXME,XXX,TODO
+
+
+[VARIABLES]
+# Tells whether we should check for unused import in __init__ files.
+init-import=no
+
+# A regular expression matching the beginning of the name of dummy variables
+# (i.e. not used).
+dummy-variables-rgx=_|dummy
+
+# List of additional names supposed to be defined in builtins. Remember that
+# you should avoid to define new builtins when possible.
+additional-builtins=
+
+
+[IMPORTS]
+# Deprecated modules which should not be used, separated by a comma
+deprecated-modules=regsub,string,TERMIOS,Bastion,rexec
+
+# Create a graph of every (i.e. internal and external) dependencies in the
+# given file (report RP0402 must not be disabled)
+import-graph=
+
+# Create a graph of external dependencies in the given file (report RP0402 must
+# not be disabled)
+ext-import-graph=
+
+# Create a graph of internal dependencies in the given file (report RP0402 must
+# not be disabled)
+int-import-graph=
+
+
+[DESIGN]
+# Maximum number of arguments for function / method
+max-args=5
+
+# Argument names that match this expression will be ignored. Default to name
+# with leading underscore
+ignored-argument-names=_.*
+
+# Maximum number of locals for function / method body
+max-locals=15
+
+# Maximum number of return / yield for function / method body
+max-returns=6
+
+# Maximum number of branch for function / method body
+max-branchs=12
+
+# Maximum number of statements in function / method body
+max-statements=50
+
+# Maximum number of parents for a class (see R0901).
+max-parents=7
+
+# Maximum number of attributes for a class (see R0902).
+max-attributes=7
+
+# Minimum number of public methods for a class (see R0903).
+min-public-methods=2
+
+# Maximum number of public methods for a class (see R0904).
+max-public-methods=20
+
+
+[CLASSES]
+# List of method names used to declare (i.e. assign) instance attributes.
+defining-attr-methods=__init__,__new__,setUp
+
+# List of valid names for the first argument in a class method.
+valid-classmethod-first-arg=cls
+
+
+[EXCEPTIONS]
+# Exceptions that will emit a warning when being caught. Defaults to
+# "Exception"
+overgeneral-exceptions=Exception

python-k8sapp-kubevirt/k8sapp_kubevirt/requirements.txt

@@ -0,0 +1,2 @@
+pbr>=0.5
+PyYAML==3.10

python-k8sapp-kubevirt/k8sapp_kubevirt/setup.cfg

@@ -0,0 +1,35 @@
+[metadata]
+name = k8sapp-kubevirt
+summary = StarlingX sysinv extensions for kubevirt
+author = StarlingX
+author-email = starlingx-discuss@lists.starlingx.io
+home-page = https://www.starlingx.io/
+classifier =
+    License :: OSI Approved :: Apache Software License
+    Operating System :: POSIX :: Linux
+    Programming Language :: Python
+    Programming Language :: Python :: 2
+    Programming Language :: Python :: 2.7
+    Programming Language :: Python :: 3
+    Programming Language :: Python :: 3.6
+
+[files]
+packages =
+    k8sapp_kubevirt
+
+[global]
+setup-hooks =
+    pbr.hooks.setup_hook
+
+[entry_points]
+systemconfig.helm_applications =
+    kubevirt-app = systemconfig.helm_plugins.kubevirt
+
+systemconfig.app_lifecycle =
+    kubevirt-app = k8sapp_kubevirt.lifecycle.lifecycle_kubevirt:KubeVirtAppLifecycleOperator
+
+systemconfig.helm_plugins.kubevirt =
+    001_kubevirt-app = k8sapp_kubevirt.helm.kubevirt:KubeVirtHelm
+
+[wheel]
+universal = 1

python-k8sapp-kubevirt/k8sapp_kubevirt/setup.py

@@ -0,0 +1,9 @@
+#
+# copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+import setuptools
+setuptools.setup(
+    setup_requires=['pbr>=2.0.0'],
+    pbr=True)

python-k8sapp-kubevirt/k8sapp_kubevirt/test-requirements.txt

@@ -0,0 +1,23 @@
+# The order of packages is significant, because pip processes them in the order
+# of appearance. Changing the order has an impact on the overall integration
+# process, which may cause wedges in the gate later.
+pycodestyle<2.6.0 # MIT License
+hacking>=1.1.0,<=2.0.0 # Apache-2.0
+coverage>=3.6
+discover
+fixtures>=3.0.0 # Apache-2.0/BSD
+mock>=2.0.0 # BSD
+passlib>=1.7.0
+psycopg2-binary
+python-barbicanclient>=4.5.2 # Apache-2.0
+python-subunit>=1.4.0
+requests-mock>=0.6.0 # Apache-2.0
+oslotest>=3.2.0 # Apache-2.0
+stestr>=1.0.0 # Apache-2.0
+testrepository>=0.0.18
+testtools!=1.2.0,>=0.9.36
+pytest
+pyudev
+migrate
+python-ldap>=3.1.0
+markupsafe

python-k8sapp-kubevirt/k8sapp_kubevirt/tox.ini

@@ -0,0 +1,43 @@
+[tox]
+envlist = pylint
+minversion = 2.3
+
+# tox does not work if the path to the workdir is too long, so move it to /tmp
+toxworkdir = /tmp/{env:USER}_k8sapp_kubevirt
+distshare={toxworkdir}/.tox/distshare
+
+[testenv]
+sitepackages = False
+
+# these need to be separated by a newline....
+whitelist_externals = bash
+                      find
+
+install_command = pip install -v -v -v \
+    -c{env:UPPER_CONSTRAINTS_FILE:https://opendev.org/starlingx/root/raw/branch/master/build-tools/requirements/debian/upper-constraints.txt} \
+    {opts} {packages}
+
+commands =
+  find . -type f -name "*.pyc" -delete
+
+setenv = VIRTUAL_ENV={envdir}
+         PYTHONHASHSEED=0
+         PYTHONDONTWRITEBYTECODE=1
+         LANG=en_US.UTF-8
+         LANGUAGE=en_US:en
+         LC_ALL=C
+         SYSINV_TEST_ENV=True
+         TOX_WORK_DIR={toxworkdir}
+         PYLINTHOME={toxworkdir}
+
+deps = -r{toxinidir}/requirements.txt
+       -r{toxinidir}/test-requirements.txt
+
+[testenv:pylint]
+basepython = python3
+sitepackages = False
+
+deps = {[testenv]deps}
+       pylint
+commands =
+     pylint {posargs} k8sapp_kubevirt --rcfile=./pylint.rc

requirements.txt

@@ -0,0 +1 @@
+# Nothing

stx-kubevirt-app-helm/debian/deb_folder/changelog

@@ -0,0 +1,5 @@
+stx-kubevirt-app-helm (1.0-1) unstable; urgency=medium
+
+  * Initial Release
+
+  -- Gleb Aronsky <gleb.aronsky@windriver.com> Mon, 1 Aug 2022 08:00:00 +0000

stx-kubevirt-app-helm/debian/deb_folder/control

@@ -0,0 +1,17 @@
+Source: stx-kubevirt-app-helm
+Section: libs
+Priority: optional
+Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
+Build-Depends: debhelper-compat (= 13),
+ helm,
+ python3-k8sapp-kubevirt,
+ python3-k8sapp-kubevirt-wheels
+Standards-Version: 4.5.1
+Homepage: https://www.starlingx.io
+
+Package: stx-kubevirt-app-helm
+Section: libs
+Architecture: any
+Depends: ${misc:Depends}
+Description: StarlingX KubeVirt App Charts
+ This package contains helm charts for the KubeVirt application.

stx-kubevirt-app-helm/debian/deb_folder/copyright

@@ -0,0 +1,41 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: stx-kubevirt-app-helm
+Source: https://opendev.org/starlingx/kubevirt-app/
+
+Files: *
+Copyright: (c) 2013-2022 Wind River Systems, Inc
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.
+
+# If you want to use GPL v2 or later for the /debian/* files use
+# the following clauses, or change it to suit. Delete these two lines
+Files: debian/*
+Copyright: 2022 Wind River Systems, Inc
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.

stx-kubevirt-app-helm/debian/deb_folder/rules

@@ -0,0 +1,48 @@
+#!/usr/bin/make -f
+# export DH_VERBOSE = 1
+
+export ROOT = debian/tmp
+export APP_FOLDER = $(ROOT)/usr/local/share/applications/helm
+
+export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ')
+export MAJOR = $(shell echo $(DEB_VERSION) | cut -f 1 -d '.')
+export MINOR_PATCH = $(shell echo $(DEB_VERSION) | cut -f 2 -d '.')
+
+export APP_NAME = kubevirt-app
+export APP_VERSION = $(MAJOR).$(MINOR_PATCH)
+export APP_TARBALL = $(APP_NAME)-$(APP_VERSION).tgz
+export HELM_REPO = stx-platform
+export STAGING = staging
+
+%:
+	dh $@
+
+override_dh_auto_build:
+	# Setup the staging directory.
+	cd helm-charts && make kubevirt-app
+	mkdir -p $(STAGING)
+	cp files/metadata.yaml $(STAGING)
+	cp -R fluxcd-manifests $(STAGING)
+	mkdir -p $(STAGING)/charts
+	cp helm-charts/*.tgz $(STAGING)/charts
+	# Populate metadata
+	sed -i 's/@APP_NAME@/$(APP_NAME)/g' $(STAGING)/metadata.yaml
+	sed -i 's/@APP_VERSION@/$(APP_VERSION)/g' $(STAGING)/metadata.yaml
+	sed -i 's/@HELM_REPO@/$(HELM_REPO)/g' $(STAGING)/metadata.yaml
+	# Copy the plugins: installed in the buildroot
+	mkdir -p $(STAGING)/plugins
+	cp /plugins/$(APP_NAME)/*.whl $(STAGING)/plugins
+	# Create the app package.
+	cd $(STAGING) && find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5
+	tar cfz $(APP_TARBALL) -C $(STAGING)/ .
+	# Cleanup staging
+	rm -rf $(STAGING)
+
+override_dh_auto_install:
+	# Install the app tar file.
+	install -d -m 755 $(APP_FOLDER)
+	install -p -D -m 755 $(APP_TARBALL) $(APP_FOLDER)
+
+override_dh_auto_test:
+
+override_dh_usrlocal:

stx-kubevirt-app-helm/debian/deb_folder/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

stx-kubevirt-app-helm/debian/deb_folder/stx-kubevirt-app-helm.install

@@ -0,0 +1 @@
+usr/local/share/applications/helm/*

stx-kubevirt-app-helm/debian/meta_data.yaml

@@ -0,0 +1,14 @@
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+debname: stx-kubevirt-app-helm
+debver: 1.0-1
+src_path: stx-kubevirt-app-helm
+revision:
+  dist: $STX_DIST
+  PKG_GITREVCOUNT: true
+behavior:
+  platform_managed_app: yes
+  desired_state: uploaded

stx-kubevirt-app-helm/debian/stx-kubevirt-app-helm.stable_docker_image

@@ -0,0 +1,4 @@
+BUILDER=docker
+LABEL=stx-kubevirt-app
+DOCKER_CONTEXT=../docker
+DOCKER_FILE=../docker/Dockerfile

stx-kubevirt-app-helm/docker/Dockerfile

@@ -0,0 +1,10 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# All Rights Reserved.
+#
+FROM alpine:3.16.2
+ADD https://github.com/kubevirt/kubevirt/releases/download/v0.53.1/virtctl-v0.53.1-linux-amd64 .
+RUN chmod a+rwx ./virtctl-v0.53.1-linux-amd64

stx-kubevirt-app-helm/stx-kubevirt-app-helm/README

@@ -0,0 +1,11 @@
+This directory contains all StarlingX charts that need to be built for this
+application. The Helm Charts are derived from Kubernetes yaml files for KubeVirt.
+The original sources were retrieved from:
+
+https://github.com/kubevirt/kubevirt/releases/download/${VERSION}/kubevirt-cr.yaml
+https://github.com/kubevirt/kubevirt/releases/download/${VERSION}/kubevirt-operator.yaml.
+
+Additional information can be found at https://kubevirt.io/.
+
+As the KubeVirt versions are updated, maintainers of this repo will need to update
+the helm charts.

stx-kubevirt-app-helm/stx-kubevirt-app-helm/files/Makefile

@@ -0,0 +1,43 @@
+#
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# It's necessary to set this because some environments don't link sh -> bash.
+SHELL := /bin/bash
+TASK  := build
+
+EXCLUDES := helm-toolkit doc tests tools logs tmp
+CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
+
+.PHONY: $(EXCLUDES) $(CHARTS)
+
+all: $(CHARTS)
+
+$(CHARTS):
+	@if [ -d $@ ]; then \
+		echo; \
+		echo "===== Processing [$@] chart ====="; \
+		make $(TASK)-$@; \
+	fi
+
+init-%:
+	if [ -f $*/Makefile ]; then make -C $*; fi
+	if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: init-%
+	if [ -d $* ]; then helm lint $*; fi
+
+build-%: lint-%
+	if [ -d $* ]; then helm package $*; fi
+
+clean:
+	@echo "Clean all build artifacts"
+	rm -f */templates/_partials.tpl */templates/_globals.tpl
+	rm -f *tgz */charts/*tgz */requirements.lock
+	rm -rf */charts */tmpcharts
+
+%:
+	@:

stx-kubevirt-app-helm/stx-kubevirt-app-helm/files/index.yaml

@@ -0,0 +1,8 @@
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: v1
+entries: {}
+generated: 2019-01-07T12:33:46.098166523-06:00

stx-kubevirt-app-helm/stx-kubevirt-app-helm/files/metadata.yaml

@@ -0,0 +1,4 @@
+app_name: @APP_NAME@
+app_version: @APP_VERSION@
+helm_repo: @HELM_REPO@
+maintain_user_overrides: true

stx-kubevirt-app-helm/stx-kubevirt-app-helm/files/repositories.yaml

@@ -0,0 +1,17 @@
+#
+## Copyright (c) 2022 Wind River Systems, Inc.
+##
+## SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: v1
+generated: 2019-01-02T15:19:36.215111369-06:00
+repositories:
+- caFile: ""
+  cache: /builddir/.helm/repository/cache/local-index.yaml
+  certFile: ""
+  keyFile: ""
+  name: local
+  password: ""
+  url: http://127.0.0.1:8879/charts
+  username: ""

stx-kubevirt-app-helm/stx-kubevirt-app-helm/fluxcd-manifests/base/helmrepository.yaml

@@ -0,0 +1,13 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+  name: stx-platform
+spec:
+  url: http://192.168.206.1:8080/helm_charts/stx-platform
+  interval: 60m

stx-kubevirt-app-helm/stx-kubevirt-app-helm/fluxcd-manifests/base/kustomization.yaml

@@ -0,0 +1,9 @@
+#
+## Copyright (c) 2022 Wind River Systems, Inc.
+##
+## SPDX-License-Identifier: Apache-2.0
+##
+---
+resources:
+  - helmrepository.yaml
+  - namespace.yaml

stx-kubevirt-app-helm/stx-kubevirt-app-helm/fluxcd-manifests/base/namespace.yaml

@@ -0,0 +1,14 @@
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kubevirt
+  labels:
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    meta.helm.sh/release-name: kubevirt-app
+    meta.helm.sh/release-namespace: kubevirt

stx-kubevirt-app-helm/stx-kubevirt-app-helm/fluxcd-manifests/kubevirt-app/helmrelease.yaml

@@ -0,0 +1,36 @@
+#
+## Copyright (c) 2022 Wind River Systems, Inc.
+##
+## SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
+kind: HelmRelease
+metadata:
+  name: kubevirt-app
+  labels:
+    chart_group: starlingx-kubevirt-charts
+spec:
+  releaseName: kubevirt-app
+  chart:
+    spec:
+      chart: kubevirt-app
+      version: 0.1.0
+      sourceRef:
+        kind: HelmRepository
+        name: stx-platform
+  interval: 5m
+  timeout: 30m
+  test:
+    enable: false
+  install:
+    disableHooks: false
+  upgrade:
+    disableHooks: false
+  valuesFrom:
+    - kind: Secret
+      name: kubevirt-static-overrides
+      valuesKey: kubevirt-static-overrides.yaml
+    - kind: Secret
+      name: kubevirt-system-overrides
+      valuesKey: kubevirt-system-overrides.yaml

stx-kubevirt-app-helm/stx-kubevirt-app-helm/fluxcd-manifests/kubevirt-app/kubevirt-static-overrides.yaml

@@ -0,0 +1,6 @@
+#
+## Copyright (c) 2022 Wind River Systems, Inc.
+##
+## SPDX-License-Identifier: Apache-2.0
+#
+---

stx-kubevirt-app-helm/stx-kubevirt-app-helm/fluxcd-manifests/kubevirt-app/kubevirt-system-overrides.yaml

@@ -0,0 +1,6 @@
+#
+## Copyright (c) 2022 Wind River Systems, Inc.
+##
+## SPDX-License-Identifier: Apache-2.0
+#
+---

stx-kubevirt-app-helm/stx-kubevirt-app-helm/fluxcd-manifests/kubevirt-app/kustomization.yaml

@@ -0,0 +1,17 @@
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+namespace: kubevirt
+resources:
+  - helmrelease.yaml
+secretGenerator:
+  - name: kubevirt-system-overrides
+    files:
+      - kubevirt-system-overrides.yaml
+  - name: kubevirt-static-overrides
+    files:
+      - kubevirt-static-overrides.yaml
+generatorOptions:
+  disableNameSuffixHash: true

stx-kubevirt-app-helm/stx-kubevirt-app-helm/fluxcd-manifests/kustomization.yaml

@@ -0,0 +1,11 @@
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kubevirt
+resources:
+  - base
+  - kubevirt-app

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/Makefile

@@ -0,0 +1,43 @@
+#
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# It's necessary to set this because some environments don't link sh -> bash.
+SHELL := /bin/bash
+TASK  := build
+
+EXCLUDES := helm-toolkit doc tests tools logs tmp
+CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
+
+.PHONY: $(EXCLUDES) $(CHARTS)
+
+all: $(CHARTS)
+
+$(CHARTS):
+	@if [ -d $@ ]; then \
+		echo; \
+		echo "===== Processing [$@] chart ====="; \
+		make $(TASK)-$@; \
+	fi
+
+init-%:
+	if [ -f $*/Makefile ]; then make -C $*; fi
+	if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: init-%
+	if [ -d $* ]; then helm lint $*; fi
+
+build-%: lint-%
+	if [ -d $* ]; then helm package $*; fi
+
+clean:
+	@echo "Clean all build artifacts"
+	rm -f */templates/_partials.tpl */templates/_globals.tpl
+	rm -f *tgz */charts/*tgz */requirements.lock
+	rm -rf */charts */tmpcharts
+
+%:
+	@:

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/Chart.yaml

@@ -0,0 +1,11 @@
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: v2
+appVersion: 1.0.0
+description: A Helm chart for KubeVirt
+name: kubevirt-app
+type: application
+version: 0.1.0

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi-clusterrole.yaml

@@ -0,0 +1,262 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    operator.cdi.kubevirt.io: ""
+  name: cdi-operator-cluster
+rules:
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterrolebindings
+  - clusterroles
+  verbs:
+  - '*'
+- apiGroups:
+  - security.openshift.io
+  resources:
+  - securitycontextconstraints
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  verbs:
+  - get
+  - list
+  - watch
+  - delete
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - '*'
+- apiGroups:
+  - cdi.kubevirt.io
+  - upload.cdi.kubevirt.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  - mutatingwebhookconfigurations
+  verbs:
+  - '*'
+- apiGroups:
+  - apiregistration.k8s.io
+  resources:
+  - apiservices
+  verbs:
+  - '*'
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+- apiGroups:
+  - cdi.kubevirt.io
+  resources:
+  - datavolumes
+  verbs:
+  - list
+  - get
+- apiGroups:
+  - cdi.kubevirt.io
+  resources:
+  - datasources
+  verbs:
+  - list
+  - get
+- apiGroups:
+  - cdi.kubevirt.io
+  resources:
+  - cdis
+  verbs:
+  - get
+- apiGroups:
+  - cdi.kubevirt.io
+  resources:
+  - cdis/finalizers
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumes
+  - persistentvolumeclaims
+  - volumesnapshots
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims/finalizers
+  - pods/finalizers
+  - volumesnapshots/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  - csidrivers
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - config.openshift.io
+  resources:
+  - proxies
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - cdi.kubevirt.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - scheduling.k8s.io
+  resources:
+  - priorityclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - image.openshift.io
+  resources:
+  - imagestreams
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - get
+- apiGroups:
+  - cdi.kubevirt.io
+  resources:
+  - dataimportcrons
+  verbs:
+  - get
+  - list
+  - update

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi-clusterrolebinding.yaml

@@ -0,0 +1,32 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    operator.cdi.kubevirt.io: ""
+  name: cdi-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cdi-operator-cluster
+subjects:
+- kind: ServiceAccount
+  name: cdi-operator
+  namespace: cdi

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi-configmap.yaml

@@ -0,0 +1,25 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    operator.cdi.kubevirt.io: ""
+  name: cdi-operator-leader-election-helper
+  namespace: cdi

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi-deployment.yaml

@@ -0,0 +1,85 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    name: cdi-operator
+    operator.cdi.kubevirt.io: ""
+    prometheus.cdi.kubevirt.io: "true"
+  name: cdi-operator
+  namespace: cdi
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: cdi-operator
+      operator.cdi.kubevirt.io: ""
+  strategy: {}
+  template:
+    metadata:
+      labels:
+        name: cdi-operator
+        operator.cdi.kubevirt.io: ""
+        prometheus.cdi.kubevirt.io: "true"
+    spec:
+      containers:
+      - env:
+        - name: DEPLOY_CLUSTER_RESOURCES
+          value: "true"
+        - name: OPERATOR_VERSION
+          value: v1.54.0
+        - name: CONTROLLER_IMAGE
+          value: {{ .Values.cdiControlerImage }} #quay.io/kubevirt/cdi-controller:v1.54.0
+        - name: IMPORTER_IMAGE
+          value: {{ .Values.cdiImporterImage }} #quay.io/kubevirt/cdi-importer:v1.54.0
+        - name: CLONER_IMAGE
+          value: {{ .Values.cdiClonerImage }}  #quay.io/kubevirt/cdi-cloner:v1.54.0
+        - name: APISERVER_IMAGE
+          value: {{ .Values.cdiApiServerImage }} #quay.io/kubevirt/cdi-apiserver:v1.54.0
+        - name: UPLOAD_SERVER_IMAGE
+          value: {{ .Values.cdiUploadServerImage }}  # quay.io/kubevirt/cdi-uploadserver:v1.54.0
+        - name: UPLOAD_PROXY_IMAGE
+          value: {{ .Values.cdiUploadProxyImage }}  #quay.io/kubevirt/cdi-uploadproxy:v1.54.0
+        - name: VERBOSITY
+          value: "1"
+        - name: PULL_POLICY
+          value: IfNotPresent
+        - name: MONITORING_NAMESPACE
+        image: {{ .Values.cdiOperatorImage }}
+        imagePullPolicy: IfNotPresent
+        name: cdi-operator
+        ports:
+        - containerPort: {{ .Values.containerPorts.cdiMetricsPort }}
+          name: metrics
+          protocol: TCP
+        resources:
+          requests:
+            memory: {{ .Values.resources.requests.memory }}
+      securityContext:
+        runAsNonRoot: true
+      serviceAccountName: cdi-operator
+{{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 6 }}
+{{- end }}
+{{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ .Values.nodeSelector | toYaml | trim | indent 8 }}
+{{- end }}

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi-namespace.yaml

@@ -0,0 +1,28 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    cdi.kubevirt.io: ""
+    app.kubernetes.io/managed-by: Helm
+  name: cdi
+  annotations:
+    meta.helm.sh/release-name: kubevirt-cdi-app
+    meta.helm.sh/release-namespace: cdi

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi-role.yaml

@@ -0,0 +1,86 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/managed-by: cdi-operator
+    cdi.kubevirt.io: ""
+  name: cdi-operator
+  namespace: cdi
+rules:
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  - roles
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  - configmaps
+  - events
+  - secrets
+  - services
+  verbs:
+  - '*'
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - deployments/finalizers
+  verbs:
+  - '*'
+- apiGroups:
+  - route.openshift.io
+  resources:
+  - routes
+  - routes/custom-host
+  verbs:
+  - '*'
+- apiGroups:
+  - config.openshift.io
+  resources:
+  - proxies
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  - prometheusrules
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - update
+  - patch
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - '*'

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi-rolebinding.yaml

@@ -0,0 +1,35 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/managed-by: cdi-operator
+    cdi.kubevirt.io: ""
+  name: cdi-operator
+  namespace: cdi
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cdi-operator
+subjects:
+- kind: ServiceAccount
+  name: cdi-operator
+  namespace: cdi

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi-rolebinding2.yaml

@@ -0,0 +1,31 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 202 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: cdi-registry-rolebinding
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubevirt-registry-cr
+subjects:
+- kind: ServiceAccount
+  name: cdi-operator
+  namespace: cdi

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi-serviceaccount.yaml

@@ -0,0 +1,27 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 202 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    operator.cdi.kubevirt.io: ""
+  name: cdi-operator
+  namespace: cdi
+imagePullSecrets:
+  - name: {{ .Values.imagePullSecrets }}

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi.yaml

@@ -0,0 +1,35 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: cdi.kubevirt.io/v1beta1
+kind: CDI
+metadata:
+  name: cdi
+spec:
+  imagePullPolicy: IfNotPresent
+  infra:
+    nodeSelector:
+      kubernetes.io/os: linux
+    tolerations:
+    - key: CriticalAddonsOnly
+      operator: Exists
+  workload:
+{{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ .Values.nodeSelector | toYaml | trim | indent 8 }}
+{{- end }}

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/clusterrole.yaml

@@ -0,0 +1,863 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 202 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    kubevirt.io: ""
+  name: kubevirt-operator
+rules:
+- apiGroups:
+  - kubevirt.io
+  resources:
+  - kubevirts
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+  - update
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  - services
+  - endpoints
+  - pods/exec
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - delete
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - patch
+  - delete
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - patch
+- apiGroups:
+  - apps
+  resources:
+  - controllerrevisions
+  verbs:
+  - watch
+  - list
+  - create
+  - delete
+  - patch
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - daemonsets
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - patch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  - clusterrolebindings
+  - roles
+  - rolebindings
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - patch
+  - update
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - patch
+- apiGroups:
+  - security.openshift.io
+  resources:
+  - securitycontextconstraints
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+- apiGroups:
+  - security.openshift.io
+  resourceNames:
+  - privileged
+  resources:
+  - securitycontextconstraints
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - security.openshift.io
+  resourceNames:
+  - kubevirt-handler
+  - kubevirt-controller
+  resources:
+  - securitycontextconstraints
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - delete
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  - mutatingwebhookconfigurations
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - update
+  - patch
+- apiGroups:
+  - apiregistration.k8s.io
+  resources:
+  - apiservices
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - update
+  - patch
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  - prometheusrules
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - update
+  - patch
+- apiGroups:
+  - subresources.kubevirt.io
+  resources:
+  - virtualmachineinstances/pause
+  - virtualmachineinstances/unpause
+  - virtualmachineinstances/addvolume
+  - virtualmachineinstances/removevolume
+  - virtualmachineinstances/freeze
+  - virtualmachineinstances/unfreeze
+  - virtualmachineinstances/softreboot
+  verbs:
+  - update
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - delete
+  - patch
+- apiGroups:
+  - kubevirt.io
+  resources:
+  - virtualmachines
+  - virtualmachineinstances
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+  - update
+- apiGroups:
+  - kubevirt.io
+  resources:
+  - virtualmachines/status
+  verbs:
+  - patch
+- apiGroups:
+  - kubevirt.io
+  resources:
+  - virtualmachineinstancemigrations
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups:
+  - kubevirt.io
+  resources:
+  - virtualmachineinstancepresets
+  verbs:
+  - watch
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - limitranges
+  verbs:
+  - watch
+  - list
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - kubevirt.io
+  resources:
+  - kubevirts
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - snapshot.kubevirt.io
+  resources:
+  - virtualmachinesnapshots
+  - virtualmachinerestores
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - cdi.kubevirt.io
+  resources:
+  - datasources
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - flavor.kubevirt.io
+  resources:
+  - virtualmachineflavors
+  - virtualmachineclusterflavors
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - migrations.kubevirt.io
+  resources:
+  - migrationpolicies
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - get
+  - list
+  - watch
+  - delete
+  - create
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - configmaps
+  - endpoints
+  verbs:
+  - get
+  - list
+  - watch
+  - delete
+  - update
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - update
+  - create
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - pods/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - pods/eviction
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - pods/status
+  verbs:
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - patch
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  verbs:
+  - list
+- apiGroups:
+  - apps
+  resources:
+  - controllerrevisions
+  verbs:
+  - watch
+  - list
+  - create
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - delete
+  - patch
+- apiGroups:
+  - snapshot.kubevirt.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - pool.kubevirt.io
+  resources:
+  - virtualmachinepools
+  - virtualmachinepools/finalizers
+  verbs:
+  - watch
+  - list
+  - create
+  - delete
+  - update
+  - patch
+  - get
+- apiGroups:
+  - kubevirt.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - subresources.kubevirt.io
+  resources:
+  - virtualmachineinstances/addvolume
+  - virtualmachineinstances/removevolume
+  - virtualmachineinstances/freeze
+  - virtualmachineinstances/unfreeze
+  - virtualmachineinstances/softreboot
+  verbs:
+  - update
+- apiGroups:
+  - cdi.kubevirt.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - k8s.cni.cncf.io
+  resources:
+  - network-attachment-definitions
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshots
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - delete
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - flavor.kubevirt.io
+  resources:
+  - virtualmachineflavors
+  - virtualmachineclusterflavors
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - migrations.kubevirt.io
+  resources:
+  - migrationpolicies
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+- apiGroups:
+  - kubevirt.io
+  resources:
+  - virtualmachineinstances
+  verbs:
+  - update
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - patch
+  - list
+  - watch
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - kubevirt.io
+  resources:
+  - kubevirts
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - migrations.kubevirt.io
+  resources:
+  - migrationpolicies
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - subresources.kubevirt.io
+  resources:
+  - version
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - subresources.kubevirt.io
+  resources:
+  - virtualmachineinstances/console
+  - virtualmachineinstances/vnc
+  - virtualmachineinstances/guestosinfo
+  - virtualmachineinstances/filesystemlist
+  - virtualmachineinstances/userlist
+  verbs:
+  - get
+- apiGroups:
+  - subresources.kubevirt.io
+  resources:
+  - virtualmachineinstances/pause
+  - virtualmachineinstances/unpause
+  - virtualmachineinstances/addvolume
+  - virtualmachineinstances/removevolume
+  - virtualmachineinstances/freeze
+  - virtualmachineinstances/unfreeze
+  - virtualmachineinstances/softreboot
+  verbs:
+  - update
+- apiGroups:
+  - subresources.kubevirt.io
+  resources:
+  - virtualmachines/start
+  - virtualmachines/stop
+  - virtualmachines/restart
+  - virtualmachines/addvolume
+  - virtualmachines/removevolume
+  verbs:
+  - update
+- apiGroups:
+  - kubevirt.io
+  resources:
+  - virtualmachines
+  - virtualmachineinstances
+  - virtualmachineinstancepresets
+  - virtualmachineinstancereplicasets
+  - virtualmachineinstancemigrations
+  verbs:
+  - get
+  - delete
+  - create
+  - update
+  - patch
+  - list
+  - watch
+  - deletecollection
+- apiGroups:
+  - snapshot.kubevirt.io
+  resources:
+  - virtualmachinesnapshots
+  - virtualmachinesnapshotcontents
+  - virtualmachinerestores
+  verbs:
+  - get
+  - delete
+  - create
+  - update
+  - patch
+  - list
+  - watch
+  - deletecollection
+- apiGroups:
+  - flavor.kubevirt.io
+  resources:
+  - virtualmachineflavors
+  - virtualmachineclusterflavors
+  verbs:
+  - get
+  - delete
+  - create
+  - update
+  - patch
+  - list
+  - watch
+  - deletecollection
+- apiGroups:
+  - pool.kubevirt.io
+  resources:
+  - virtualmachinepools
+  verbs:
+  - get
+  - delete
+  - create
+  - update
+  - patch
+  - list
+  - watch
+  - deletecollection
+- apiGroups:
+  - migrations.kubevirt.io
+  resources:
+  - migrationpolicies
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - subresources.kubevirt.io
+  resources:
+  - virtualmachineinstances/console
+  - virtualmachineinstances/vnc
+  - virtualmachineinstances/guestosinfo
+  - virtualmachineinstances/filesystemlist
+  - virtualmachineinstances/userlist
+  verbs:
+  - get
+- apiGroups:
+  - subresources.kubevirt.io
+  resources:
+  - virtualmachineinstances/pause
+  - virtualmachineinstances/unpause
+  - virtualmachineinstances/addvolume
+  - virtualmachineinstances/removevolume
+  - virtualmachineinstances/freeze
+  - virtualmachineinstances/unfreeze
+  - virtualmachineinstances/softreboot
+  verbs:
+  - update
+- apiGroups:
+  - subresources.kubevirt.io
+  resources:
+  - virtualmachines/start
+  - virtualmachines/stop
+  - virtualmachines/restart
+  - virtualmachines/addvolume                                                                                                                                                                                                           |
+  - virtualmachines/removevolume
+  verbs:
+  - update
+- apiGroups:
+  - kubevirt.io
+  resources:
+  - virtualmachines
+  - virtualmachineinstances
+  - virtualmachineinstancepresets
+  - virtualmachineinstancereplicasets
+  - virtualmachineinstancemigrations
+  verbs:
+  - get
+  - delete
+  - create
+  - update
+  - patch
+  - list
+  - watch
+- apiGroups:
+  - snapshot.kubevirt.io
+  resources:
+  - virtualmachinesnapshots
+  - virtualmachinesnapshotcontents
+  - virtualmachinerestores
+  verbs:
+  - get
+  - delete
+  - create
+  - update
+  - patch
+  - list
+  - watch
+- apiGroups:
+  - flavor.kubevirt.io
+  resources:
+  - virtualmachineflavors
+  - virtualmachineclusterflavors
+  verbs:
+  - get
+  - delete
+  - create
+  - update
+  - patch
+  - list
+  - watch
+- apiGroups:
+  - pool.kubevirt.io
+  resources:
+  - virtualmachinepools
+  verbs:
+  - get
+  - delete
+  - create
+  - update
+  - patch
+  - list
+  - watch
+- apiGroups:
+  - kubevirt.io
+  resources:
+  - kubevirts
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - migrations.kubevirt.io
+  resources:
+  - migrationpolicies
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - subresources.kubevirt.io
+  resources:
+  - virtualmachineinstances/guestosinfo
+  - virtualmachineinstances/filesystemlist
+  - virtualmachineinstances/userlist
+  verbs:
+  - get
+- apiGroups:
+  - kubevirt.io
+  resources:
+  - virtualmachines
+  - virtualmachineinstances
+  - virtualmachineinstancepresets
+  - virtualmachineinstancereplicasets
+  - virtualmachineinstancemigrations
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - snapshot.kubevirt.io
+  resources:
+  - virtualmachinesnapshots
+  - virtualmachinesnapshotcontents
+  - virtualmachinerestores
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - flavor.kubevirt.io
+  resources:
+  - virtualmachineflavors
+  - virtualmachineclusterflavors
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - pool.kubevirt.io
+  resources:
+  - virtualmachinepools
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - migrations.kubevirt.io
+  resources:
+  - migrationpolicies
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/clusterrole2.yaml

@@ -0,0 +1,39 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 202 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kubevirt.io:operator
+  labels:
+    operator.kubevirt.io: ""
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - kubevirts
+    verbs:
+      - get
+      - delete
+      - create
+      - update
+      - patch
+      - list
+      - watch
+      - deletecollection

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/clusterrole3.yaml

@@ -0,0 +1,37 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations the License.
+
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    kubevirt.io: ""
+  name: kubevirt-registry-cr
+  namespace: kube-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - patch
+  - delete

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/clusterrolebinding.yaml

@@ -0,0 +1,32 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    kubevirt.io: ""
+  name: kubevirt-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubevirt-operator
+subjects:
+- kind: ServiceAccount
+  name: kubevirt-operator
+  namespace: kubevirt

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/deployment.yaml

@@ -0,0 +1,123 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 202 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    kubevirt.io: virt-operator
+  name: virt-operator
+  namespace: kubevirt
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      kubevirt.io: virt-operator
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        kubevirt.io: virt-operator
+        name: virt-operator
+        prometheus.kubevirt.io: "true"
+      name: virt-operator
+    spec:
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: kubevirt.io
+                  operator: In
+                  values:
+                  - virt-operator
+              topologyKey: kubernetes.io/hostname
+            weight: 1
+      containers:
+      - command:
+        - virt-operator
+        - --port
+        - "8443"
+        - -v
+        - "2"
+        env:
+        - name: OPERATOR_IMAGE
+          value: {{ .Values.image }}
+        - name: WATCH_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.annotations['olm.targetNamespaces']
+        image: {{ .Values.image }}
+        imagePullPolicy: IfNotPresent
+        name: virt-operator
+        ports:
+        - containerPort: {{ .Values.containerPorts.metricsPort }}
+          name: metrics
+          protocol: TCP
+        - containerPort: {{ .Values.containerPorts.webhooksPort }}
+          name: webhooks
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: /metrics
+            port: {{ .Values.containerPorts.readinessProbePort }}
+            scheme: HTTPS
+          initialDelaySeconds: 5
+          timeoutSeconds: 10
+        resources:
+          requests:
+            memory: {{ .Values.resources.requests.memory }}
+        volumeMounts:
+        - mountPath: /etc/virt-operator/certificates
+          name: kubevirt-operator-certs
+          readOnly: true
+        - mountPath: /profile-data
+          name: profile-data
+      initContainers:
+        - name: virtctl-init-container
+          image: {{ .Values.virtctlImage }}
+          imagePullPolicy: IfNotPresent
+          volumeMounts:
+            - name: controller-dir
+              mountPath: /var/opt/
+          command: ['sh', '-c', "mkdir -p /var/opt/kubevirt/; mv /virtctl-v* /var/opt/kubevirt; chmod 755 /var/opt/kubevirt;"]
+      priorityClassName: kubevirt-cluster-critical
+      securityContext:
+        runAsNonRoot: false
+      serviceAccountName: kubevirt-operator
+{{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 6 }}
+{{- end }}
+{{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ .Values.nodeSelector | toYaml | trim | indent 8 }}
+{{- end }}
+      volumes:
+      - name: kubevirt-operator-certs
+        secret:
+          optional: true
+          secretName: kubevirt-operator-certs
+      - emptyDir: {}
+        name: profile-data
+      - name: controller-dir
+        hostPath:
+          path: /var/opt
+          type: Directory

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/kubevirt.yaml

@@ -0,0 +1,34 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 202 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: kubevirt.io/v1
+kind: KubeVirt
+metadata:
+  name: kubevirt
+  namespace: kubevirt
+spec:
+  certificateRotateStrategy: {}
+  configuration:
+    developerConfiguration:
+      featureGates: {{ .Values.featureGates }}
+      useEmulation: {{ .Values.useEmulation }}
+  customizeComponents: {}
+  imagePullPolicy: IfNotPresent
+  infra:
+    replicas: {{ .Values.replicas }}
+  workloadUpdateStrategy: {}

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/namespace.yaml

@@ -0,0 +1,30 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 202 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    kubevirt.io: ""
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    meta.helm.sh/release-name: kubevirt-app
+    meta.helm.sh/release-namespace: kubevirt
+  name: kubevirt
+spec:
+  finalizers:

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/priorityclass.yaml

@@ -0,0 +1,25 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 202 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+  name: kubevirt-cluster-critical
+value: 1000000000
+globalDefault: false
+description: "This priority class should be used for core kubevirt components only."

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/role.yaml

@@ -0,0 +1,48 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 202 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    kubevirt.io: ""
+  name: kubevirt-operator
+  namespace: kubevirt
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - patch
+  - delete

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/rolebinding.yaml

@@ -0,0 +1,33 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 202 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    kubevirt.io: ""
+  name: kubevirt-operator-rolebinding
+  namespace: kubevirt
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kubevirt-operator
+subjects:
+- kind: ServiceAccount
+  name: kubevirt-operator
+  namespace: kubevirt

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/rolebinding2.yaml

@@ -0,0 +1,31 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 202 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: kubevirt-registry-rolebinding
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubevirt-registry-cr
+subjects:
+- kind: ServiceAccount
+  name: kubevirt-operator
+  namespace: kubevirt

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/serviceaccount.yaml

@@ -0,0 +1,27 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    kubevirt.io: ""
+  name: kubevirt-operator
+  namespace: kubevirt
+imagePullSecrets:
+  - name: {{ .Values.imagePullSecrets }}

stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/values.yaml

@@ -0,0 +1,41 @@
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# Default values for kubevirt-app.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+---
+replicas: 1
+
+virtctlImage: docker.io/starlingx/virtctl_init_container:v0.53.1
+image: quay.io/kubevirt/virt-operator:v0.53.1
+cdiOperatorImage: quay.io/kubevirt/cdi-operator:v1.54.0
+cdiControlerImage: quay.io/kubevirt/cdi-controller:v1.54.0
+cdiImporterImage: quay.io/kubevirt/cdi-importer:v1.54.0
+cdiClonerImage: quay.io/kubevirt/cdi-cloner:v1.54.0
+cdiApiServerImage: quay.io/kubevirt/cdi-apiserver:v1.54.0
+cdiUploadServerImage: quay.io/kubevirt/cdi-uploadserver:v1.54.0
+cdiUploadProxyImage: quay.io/kubevirt/cdi-uploadproxy:v1.54.0
+
+imagePullSecrets: default-registry-key
+
+resources:
+   requests:
+     memory: 150Mi
+
+nodeSelector: { node-role.kubernetes.io/control-plane: "" }
+
+tolerations:
+  - key: "CriticalAddonsOnly"
+    operator: "Exists"
+  - key: "node-role.kubernetes.io/control-plane"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+containerPorts:
+  metricsPort: 8443
+  webhooksPort: 8444
+  readinessProbePort: 8443
+  cdiMetricsPort: 8080

test-requirements.txt

@@ -0,0 +1,4 @@
+# hacking pulls in flake8
+hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
+bashate >= 0.2
+yamllint>=0.5.2

tox.ini

@@ -0,0 +1,48 @@
+[tox]
+envlist = linters
+minversion = 2.3
+skipsdist = True
+sitepackages=False
+toxhelmdir = {toxinidir}/helm-charts-rendered
+
+[testenv]
+stxdir = {toxinidir}
+kubevirtdir = {[testenv]stxdir}/
+helmdir = {[testenv]kubevirtdir}stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/
+install_command = pip install -U {opts} {packages}
+setenv =
+   VIRTUAL_ENV={envdir}
+   OS_STDOUT_CAPTURE=1
+   OS_STDERR_CAPTURE=1
+   OS_DEBUG=1
+   OS_LOG_CAPTURE=1
+deps =
+  -r{toxinidir}/requirements.txt
+  -r{toxinidir}/test-requirements.txt
+whitelist_externals =
+  bash
+
+[testenv:bashate]
+# Treat all E* codes as Errors rather than warnings using: -e 'E*'
+commands =
+  bash -c "find {toxinidir}                   \
+         -not \( -type d -name .?\* -prune \) \
+         -type f                              \
+         -not -name \*~                       \
+         -not -name \*.md                     \
+         -name \*.sh                          \
+         -print0 | xargs -r -n 1 -0 bashate -v\
+         -e 'E*'"
+
+[testenv:linters]
+commands =
+    {[testenv:bashate]commands}
+    {[testenv:yamllint]commands}
+
+[testenv:yamllint]
+basepython=python3
+commands = bash -c "find ./ -iname '*.yaml' -type f -not -name 'metadata.yaml' -print0 | xargs -0 cat |  sed  's/\s*\{\{.*\}\}//' | yamllint -d relaxed -f parsable - ;[ $? -eq 0 ] && exit 0 || exit 1"
+
+[testenv:pylint]
+basepython = python3
+description = Dummy environment to allow pylint to be run in subdir tox