starlingx/app-kubevirt
Code Issues Proposed changes

Up version and enhance KubeVirt and CDI

Browse Source 
- Add support for imagePullSecrets for KubeVirt and CDI.
- Update Helm Charts to match KubeVirt v0.59.0.
- Update Helm Charts to match CDI v1.57.0.
- Add a symlink for `virtctl` during installation.
- Framework creates the namespaces; Helm manages them.
- Update `values.yaml` to scope KubeVirt and CDI values.
- Upgrade `virtctl` and symlink it.
- Add support for Helm chart overrides.
- Add support for namespace label
  `app.starlingx.io/component`.
- Add overrides for certificate rotation policy.
- Add support for application overrides
- Enable plugin tests
- Enable Zuul supported tox testing for flake8,
  pylint, bandit, and yamllint

Test Plan:

PASS: Install the kubevirt-app on AIO-SX.
PASS: Cleanly remove the kubevirt-app.
PASS: Import Ubuntu image, create an instance of the
      Ubuntu VM, login using `virtctl console`, restart VM.
PASS: Use `cdi-uploadproxy` for CirrOS VM image, create an
      instance, login using `virtctl console`.
PASS: Verify KubeVirt and CDI namespaces have default label.
PASS: After changing the component type to `application`,
      verify pods restart and type is updated.
PASS: After reverting type to `platform`, verify update and
      pod restart.
PASS: Invalid type shouldn't apply the label.
PASS: Override CDI certificate duration and `renewBefore`,
      then verify values.
PASS: Override KubeVirt certificate duration and
      `renewBefore`, then verify values.

Story: 2010931
Task: 48855
Task: 48858
Task: 48860
Task: 48862
Task: 48863
Task: 48873
Task: 48874
Task: 48875
Task: 48876
Task: 48989

Change-Id: I2682299de234ccdb3157e3572c3b90bc66646b39
Signed-off-by: Gleb Aronsky <gleb.aronsky@windriver.com>
This commit is contained in:
Gleb Aronsky 2023-05-23 13:17:37 -07:00
parent bfa3d4a02d
commit 5b2dd4c601
51 changed files with 4241 additions and 2888 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
.zuul.yaml
View File

@ -1,33 +1,78 @@
---
- project:
vars:
ensure_tox_version: '<4'
check:
jobs:
- openstack-tox-linters
- k8sapp-kubevirt-tox-py39
- k8sapp-kubevirt-tox-flake8
- k8sapp-kubevirt-tox-pylint
gate:
jobs:
- openstack-tox-linters
- k8sapp-kubevirt-tox-py39
- k8sapp-kubevirt-tox-flake8
- k8sapp-kubevirt-tox-pylint
- job:
name: k8sapp-kubevirt-tox-py39
parent: tox-py39
description: |
Run py39 for KubeVirt app
Run py39 for kubevirt app
nodeset: debian-bullseye
required-projects:
- starlingx/config
- starlingx/fault
- starlingx/root
- starlingx/update
- starlingx/utilities
files:
- python3-k8sapp-kubevirt/*
vars:
tox_envlist: py39
tox_extra_args: -c python3-k8sapp-kubevirt/k8sapp_kubevirt/tox.ini
tox_constraints_file: '{{ ansible_user_dir }}/src/opendev.org/starlingx/root/build-tools/requirements/debian/upper-constraints.txt'
- job:
name: k8sapp-kubevirt-tox-flake8
parent: tox
description: |
Run flake8 for kubevirt
nodeset: debian-bullseye
files:
- python3-k8sapp-kubevirt/*
vars:
tox_envlist: py39
python_version: 3.9
tox_envlist: flake8
tox_extra_args: -c python3-k8sapp-kubevirt/k8sapp_kubevirt/tox.ini
- job:
name: k8sapp-kubevirt-tox-pylint
parent: tox
description: |
Run pylint test for k8sapp_kubevirt
Run pylint test for k8sapp_kubevirt
required-projects:
- starlingx/config
- starlingx/fault
- starlingx/root
- starlingx/update
- starlingx/utilities
nodeset: debian-bullseye
files:
- python3-k8sapp-kubevirt/*
vars:
tox_envlist: pylint
tox_extra_args: -c python3-k8sapp-kubevirt/k8sapp_kubevirt/tox.ini
tox_constraints_file: '{{ ansible_user_dir }}/src/opendev.org/starlingx/root/build-tools/requirements/debian/upper-constraints.txt'
- job:
name: k8sapp-kubevirt-tox-bandit
parent: tox
description: |
Run bandit for kubevirt
nodeset: debian-bullseye
files:
- python3-k8sapp-kubevirt/*
vars:
tox_envlist: bandit
tox_extra_args: -c python3-k8sapp-kubevirt/k8sapp_kubevirt/tox.ini

10
bindep.txt Normal file
View File

@ -0,0 +1,10 @@
# This is a cross-platform list tracking distribution packages needed for install and tests;
# see https://docs.openstack.org/infra/bindep/ for additional information.
libffi-dev [platform:dpkg]
libldap2-dev [platform:dpkg]
libxml2-dev [platform:dpkg]
libxslt1-dev [platform:dpkg]
libsasl2-dev [platform:dpkg]
libffi-devel [platform:rpm]
python3-all-dev [platform:dpkg]

35
python3-k8sapp-kubevirt/k8sapp_kubevirt/.gitignore vendored Normal file
View File

@ -0,0 +1,35 @@
# Compiled files
*.py[co]
*.a
*.o
*.so
# Sphinx
_build
doc/source/api/
# Packages/installer info
*.egg
*.egg-info
dist
build
eggs
parts
var
sdist
develop-eggs
.installed.cfg
# Other
*.DS_Store
.stestr
.testrepository
.tox
.venv
.*.swp
.coverage
bandit.xml
cover
AUTHORS
ChangeLog
*.sqlite

4
python3-k8sapp-kubevirt/k8sapp_kubevirt/.stestr.conf Normal file
View File

@ -0,0 +1,4 @@
[DEFAULT]
test_path=./k8sapp_kubevirt/tests
top_dir=./k8sapp_kubevirt
#parallel_class=True

8
python3-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/__init__.py
View File

@ -1,8 +0,0 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# All Rights Reserved.
#

8
python3-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/common/__init__.py
View File

@ -1,8 +0,0 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# All Rights Reserved.
#

29
python3-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/common/constants.py
View File

@ -1,25 +1,42 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
# Copyright (c) 2023 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# All Rights Reserved.
#
""" Kubevirt application predefined constants """
HELM_APP_KUBEVIRT = 'kubevirt'
HELM_APP_KUBEVIRT = 'kubevirt-app'
HELM_APP_KUBEVIRT_CR = 'kubevirt.kubevirt.io/kubevirt'
HELM_APP_KUBEVIRT_CRD = 'kubevirts.kubevirt.io'
HELM_RELEASE_KUBEVIRT = 'kubevirt'
HELM_CHART_KUBEVIRT = 'kubevirt'
HELM_CHART_CDI = 'cdi'
HELM_CHART_COMPONENT_LABEL = 'app.starlingx.io/component'
HELM_CHART_COMPONENT_APPLICATION = 'application'
HELM_CHART_COMPONENT_PLATFORM = 'platform'
HELM_NS_KUBEVIRT = 'kubevirt'
HELM_RELEASE_NS = 'kube-system'
HELM_RELEASE_TOOL_KIT_GROUP = 'helm.toolkit.fluxcd.io'
HELM_RELEASE_TOOL_KIT_VERSION = 'v2beta1'
HELM_RELEASE_TOOL_KIT_PLURAL = 'helmreleases'
HELM_APP_CDI = 'cdi'
HELM_APP_CDI_CR = 'cdi.cdi.kubevirt.io/cdi'
HELM_APP_CDI_CRD = 'cdis.cdi.kubevirt.io'
HELM_NS_CDI = 'cdi'
HELM_APP_CDI_UPLOAD_API_V1_ALPHA_1 = 'v1alpha1.upload.cdi.kubevirt.io'
HELM_APP_CDI_UPLOAD_API_V1_BETA_1 = 'v1beta1.upload.cdi.kubevirt.io'
HELM_VIRTCTL_DIR = '/var/opt/kubevirt/'
HELM_VIRTCTL_FILE_NAME = 'virtctl-v0.53.1-linux-amd64'
HELM_VIRTCTL_FILE_NAME = 'virtctl-v0.59.0-linux-amd64'
HELM_VIRTCTL_LINK_NAME = 'virtctl'
HELM_VIRTCTL_PATH = HELM_VIRTCTL_DIR + HELM_VIRTCTL_FILE_NAME
HELM_VIRTCTL_LINK_PATH = HELM_VIRTCTL_DIR + HELM_VIRTCTL_LINK_NAME
CDI_CERTIFICATE_ROTATE_CA_DURATION = '720h'
CDI_CERTIFICATE_ROTATE_CA_RENEW_BEFORE = '360h'
CDI_CERTIFICATE_ROTATE_SERVER_DURATION = '720h'
CDI_CERTIFICATE_ROTATE_SERVER_RENEW_BEFORE = '360h'
KUBEVIRT_CERTIFICATE_ROTATE_CA_DURATION = '720h'
KUBEVIRT_CERTIFICATE_ROTATE_CA_RENEW_BEFORE = '360h'
KUBEVIRT_CERTIFICATE_ROTATE_SERVER_DURATION = '720h'
KUBEVIRT_CERTIFICATE_ROTATE_SERVER_RENEW_BEFORE = '360h'

5
python3-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/helm/__init__.py
View File

@ -1,5 +0,0 @@
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

70
python3-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/helm/kubevirt.py
View File

@ -1,16 +1,23 @@
# Copyright (c) 2022 Wind River Systems, Inc.
# Copyright (c) 2023 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from k8sapp_kubevirt.common import constants as app_constants
"""
This module provides functionality related to KubeVirt Helm charts and deployment.
"""
from oslo_log import log as logging
from sysinv.common import exception
from sysinv.common import utils
from sysinv.helm import base
from oslo_log import log as logging
from sysinv.db import api as dbapi
from sysinv.helm import base
from k8sapp_kubevirt.common import constants as app_constants
LOG = logging.getLogger(__name__)
class KubeVirtHelm(base.FluxCDBaseHelm):
"""Class to encapsulate helm operations for the kubevirt chart"""
@ -18,31 +25,64 @@ class KubeVirtHelm(base.FluxCDBaseHelm):
HELM_RELEASE = app_constants.HELM_RELEASE_KUBEVIRT
SERVICE_NAME = 'kubevirt'
SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \
[app_constants.HELM_NS_KUBEVIRT] + [app_constants.HELM_NS_CDI]
SUPPORTED_APP_NAMESPACES = {
app_constants.HELM_APP_KUBEVIRT:
base.BaseHelm.SUPPORTED_NAMESPACES + [app_constants.HELM_NS_KUBEVIRT] + [app_constants.HELM_NS_CDI],
base.BaseHelm.SUPPORTED_NAMESPACES + [
app_constants.HELM_NS_KUBEVIRT] + [app_constants.HELM_NS_CDI],
}
def get_namespaces(self):
"""Returns the supported namespaces for this application."""
return self.SUPPORTED_NAMESPACES
def get_overrides(self, namespace=None):
"""Returns application overrides for the given namespace parameter.
:param namespace: The namespace for which overrides are requested (optional).
:return: Application overrides.
"""
overrides = {
app_constants.HELM_NS_KUBEVIRT: {
app_constants.HELM_CHART_KUBEVIRT: {
'featureGates': ['Snapshot'],
'useEmulation': utils.is_virtual(),
'replicas': '1' if utils.is_single_controller(dbapi.get_instance()) else '2'
'replicas': '1' if utils.is_single_controller(dbapi.get_instance()) else '2',
app_constants.HELM_CHART_COMPONENT_LABEL:
app_constants.HELM_CHART_COMPONENT_PLATFORM,
'certificateRotate': {
'ca': {
'duration': app_constants.KUBEVIRT_CERTIFICATE_ROTATE_CA_DURATION,
'renewBefore': app_constants.KUBEVIRT_CERTIFICATE_ROTATE_CA_RENEW_BEFORE,
},
'server': {
'duration': app_constants.KUBEVIRT_CERTIFICATE_ROTATE_SERVER_DURATION,
'renewBefore':
app_constants.KUBEVIRT_CERTIFICATE_ROTATE_SERVER_RENEW_BEFORE,
}
}
},
app_constants.HELM_CHART_CDI: {
'featureGates': ['HonorWaitForFirstConsumer'],
'replicas': '1' if utils.is_single_controller(dbapi.get_instance()) else '2',
app_constants.HELM_CHART_COMPONENT_LABEL:
app_constants.HELM_CHART_COMPONENT_PLATFORM,
'certificateRotate': {
'ca': {
'duration': app_constants.CDI_CERTIFICATE_ROTATE_CA_DURATION,
'renewBefore': app_constants.CDI_CERTIFICATE_ROTATE_CA_RENEW_BEFORE,
},
'server': {
'duration': app_constants.CDI_CERTIFICATE_ROTATE_SERVER_DURATION,
'renewBefore': app_constants.CDI_CERTIFICATE_ROTATE_SERVER_RENEW_BEFORE,
}
}
}
}
if namespace in self.SUPPORTED_NAMESPACES:
return overrides[namespace]
elif namespace:
raise exception.InvalidHelmNamespace(chart=self.CHART,
namespace=namespace)
else:
return overrides
if namespace:
if namespace in self.SUPPORTED_NAMESPACES:
return overrides[namespace]
raise exception.InvalidHelmNamespace(chart=self.CHART, namespace=namespace)
return overrides

8
python3-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/lifecycle/__init__.py
View File

@ -1,8 +0,0 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# All Rights Reserved.
#

284
python3-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/lifecycle/lifecycle_kubevirt.py
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2022 Wind River Systems, Inc.
# Copyright (c) 2022-2023 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -9,20 +9,29 @@
""" System inventory App lifecycle operator."""
import os
import yaml
from k8sapp_kubevirt.common import constants as app_constants
from kubernetes import client
from oslo_log import log as logging
from sysinv.common import constants
from sysinv.common import exception
from sysinv.common import kubernetes
from sysinv.common import utils as cutils
from sysinv.helm import lifecycle_base as base
from sysinv.helm.lifecycle_constants import LifecycleConstants
from k8sapp_kubevirt.common import constants as app_constants
LOG = logging.getLogger(__name__)
class KubeVirtAppLifecycleOperator(base.AppLifecycleOperator):
"""Custom KubeVirt-specific AppLifecycleOperator class.
This class is derived from the base AppLifecycleOperator and provides
KubeVirt-specific lifecycle actions for applications.
:param base.AppLifecycleOperator: The base class to inherit from.
"""
def app_lifecycle_actions(self, context, conductor_obj, app_op, app, hook_info):
"""Perform lifecycle actions for an operation
@ -33,72 +42,239 @@ class KubeVirtAppLifecycleOperator(base.AppLifecycleOperator):
:param hook_info: LifecycleHookInfo object
"""
if hook_info.lifecycle_type == constants.APP_LIFECYCLE_TYPE_OPERATION:
if hook_info.operation == constants.APP_REMOVE_OP:
if hook_info.relative_timing == constants.APP_LIFECYCLE_TIMING_PRE:
return self.pre_remove(app)
elif hook_info.relative_timing == constants.APP_LIFECYCLE_TIMING_POST:
return self.post_remove(app)
super(KubeVirtAppLifecycleOperator, self).app_lifecycle_actions(
context, conductor_obj, app_op, app, hook_info
)
# Define a dictionary to map values to lifecycle functions
action_map = {
(constants.APP_LIFECYCLE_TYPE_FLUXCD_REQUEST, constants.APP_APPLY_OP,
constants.APP_LIFECYCLE_TIMING_PRE): self.pre_apply,
(constants.APP_LIFECYCLE_TYPE_FLUXCD_REQUEST, constants.APP_APPLY_OP,
constants.APP_LIFECYCLE_TIMING_POST): lambda: self.post_apply(app_op, app),
(constants.APP_LIFECYCLE_TYPE_OPERATION, constants.APP_REMOVE_OP,
constants.APP_LIFECYCLE_TIMING_PRE): lambda: self.pre_remove(app),
(constants.APP_LIFECYCLE_TYPE_OPERATION, constants.APP_REMOVE_OP,
constants.APP_LIFECYCLE_TIMING_POST): lambda: self.post_remove(app)
}
# Get the appropriate lifecylce function from the dictionary based on the values
action_function = action_map.get((hook_info.lifecycle_type, hook_info.operation,
hook_info.relative_timing))
if action_function is not None:
action_function()
super().app_lifecycle_actions(context, conductor_obj, app_op, app, hook_info)
def pre_apply(self):
"""Prepare KubeVirt namespaces for Helm management.
Patches CDI and KubeVirt namespaces with labels and annotations for Helm
before applying the KubeVirt application.
"""
LOG.debug(f"Executing pre_apply for {app_constants.HELM_APP_KUBEVIRT} app")
# Create a Kubernetes client object
client_v1 = client.CoreV1Api()
patches = [{"metadata": {"labels": {"app.kubernetes.io/managed-by": "Helm"}}},
{"metadata": {"annotations": {"meta.helm.sh/release-name":
app_constants.HELM_APP_KUBEVIRT}}},
{"metadata": {"annotations": {"meta.helm.sh/release-namespace":
app_constants.HELM_RELEASE_NS}}}]
for patch in patches:
client_v1.patch_namespace(name=app_constants.HELM_NS_KUBEVIRT, body=patch)
client_v1.patch_namespace(name=app_constants.HELM_NS_CDI, body=patch)
LOG.debug(f"Patched namespaces {app_constants.HELM_NS_KUBEVIRT} \
and {app_constants.HELM_NS_CDI}")
def post_apply(self, app_op, app):
"""Perform post-apply actions for the KubeVirt application. """
LOG.debug(f"Executing post_apply for {app_constants.HELM_APP_KUBEVIRT} app")
self.update_namespace_override(app_op, app, app_constants.HELM_NS_KUBEVIRT)
self.update_namespace_override(app_op, app, app_constants.HELM_NS_CDI)
def update_namespace_override(self, app_op, app, namespace):
"""Update the namespace override based on Helm chart user overrides.
This method updates the namespace label based on user overrides specified
in the Helm chart. It ensures that the namespace label is either 'platform'
or 'application' and may restart pods when the label changes.
:param app_op: The AppOperator instance.
:param app: The Application object.
:param namespace: The namespace to update.
"""
dbapi_instance = app_op._dbapi
db_app_id = dbapi_instance.kube_app_get(app.name).id
# chart overrides
chart_overrides = self._get_helm_user_overrides(
dbapi_instance,
db_app_id,
namespace)
override_label = {}
client_core = app_op._kube._get_kubernetesclient_core()
# Namespaces variables
read_namespace = client_core.read_namespace(namespace)
# Old namespace variable
old_namespace_label = read_namespace.metadata.labels.get(
app_constants.HELM_CHART_COMPONENT_LABEL, None)
if app_constants.HELM_CHART_COMPONENT_LABEL in chart_overrides:
# User Override variables
dict_chart_overrides = yaml.safe_load(chart_overrides)
override_label = dict_chart_overrides.get(app_constants.HELM_CHART_COMPONENT_LABEL)
if override_label == app_constants.HELM_CHART_COMPONENT_APPLICATION:
read_namespace.metadata.labels.update({app_constants.HELM_CHART_COMPONENT_LABEL:
app_constants.HELM_CHART_COMPONENT_APPLICATION})
app_op._kube.kube_patch_namespace(namespace, read_namespace)
elif override_label == app_constants.HELM_CHART_COMPONENT_PLATFORM:
read_namespace.metadata.labels.update({app_constants.HELM_CHART_COMPONENT_LABEL:
app_constants.HELM_CHART_COMPONENT_PLATFORM})
app_op._kube.kube_patch_namespace(namespace, read_namespace)
elif not override_label:
read_namespace.metadata.labels.update({app_constants.HELM_CHART_COMPONENT_LABEL:
app_constants.HELM_CHART_COMPONENT_PLATFORM})
app_op._kube.kube_patch_namespace(namespace, read_namespace)
else:
LOG.warning(f'WARNING: Namespace label {override_label} not supported')
namespace_label = read_namespace.metadata.labels.get(
app_constants.HELM_CHART_COMPONENT_LABEL)
if old_namespace_label != namespace_label:
self._delete_pods(app_op, client_core, namespace)
def _get_helm_user_overrides(self, dbapi_instance, db_app_id, namespace):
"""Retrieve Helm user overrides for the specified namespace.
This method attempts to retrieve Helm user overrides for the given namespace
from the database. If no overrides are found, it creates them and returns an
empty string.
:param dbapi_instance: The database API instance.
:param db_app_id: The application ID in the database.
:param namespace: The namespace for which Helm user overrides are needed.
:return: Helm user overrides as a string.
"""
try:
overrides = dbapi_instance.helm_override_get(
app_id=db_app_id,
name=app_constants.HELM_APP_KUBEVIRT,
namespace=namespace,
)
except exception.HelmOverrideNotFound:
values = {
"name": app_constants.HELM_APP_KUBEVIRT,
"namespace": namespace,
"db_app_id": db_app_id,
}
overrides = dbapi_instance.helm_override_create(values=values)
return overrides.user_overrides or ""
def _delete_pods(self, app_op, client_core, namespace):
"""Delete pods in the specified namespace to force restart on label change.
This method lists pods in the given namespace and deletes them with a grace period
of 0 seconds, effectively forcing a restart when there is a label change on the namespace.
:param app_op: The AppOperator object.
:param client_core: The Kubernetes CoreV1Api client.
:param namespace: The namespace in which pods should be deleted.
"""
# pod list
system_pods = client_core.list_namespaced_pod(namespace)
# On namespace label change delete pods to force restart
for pod in system_pods.items:
app_op._kube.kube_delete_pod(
name=pod.metadata.name,
namespace=namespace,
grace_periods_seconds=0
)
def pre_remove(self, app):
# Due to ordering of deletes, to prevent the namespace finalizer from waiting indefinitely,
# we need to ensure that the kubevirt and cdi custom resource.
"""Pre application removal tasks.
LOG.debug(
"Executing pre_remove for {} app".format(app_constants.HELM_APP_KUBEVIRT)
)
cmd = ['kubectl', '--kubeconfig', kubernetes.KUBERNETES_ADMIN_CONF,
'delete', app_constants.HELM_APP_CDI_CR, '-n', app_constants.HELM_NS_CDI]
stdout, stderr = cutils.trycmd(*cmd)
LOG.debug("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr))
Due to the ordering of deletes, to prevent the namespace finalizer from
waiting indefinitely, we need to ensure that the kubevirt and cdi custom
resources are deleted, and the finalizer removed from the
helmreleases.helm.toolkit.fluxcd.io resource, in the kubevirt namespace.
cmd = ['kubectl', '--kubeconfig', kubernetes.KUBERNETES_ADMIN_CONF,
'delete', app_constants.HELM_APP_KUBEVIRT_CR, '-n', app_constants.HELM_NS_KUBEVIRT]
:param app: The application object.
"""
LOG.debug(f"Executing pre_remove for {app_constants.HELM_APP_KUBEVIRT} app")
cmd = [
'kubectl', '--kubeconfig', kubernetes.KUBERNETES_ADMIN_CONF,
'delete', app_constants.HELM_APP_CDI_CR, '-n', app_constants.HELM_NS_CDI
]
stdout, stderr = cutils.trycmd(*cmd)
LOG.debug("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr))
LOG.debug(f"{app.name} app: cmd={cmd} stdout={stdout} stderr={stderr}")
cmd = [
'kubectl', '--kubeconfig', kubernetes.KUBERNETES_ADMIN_CONF,
'delete', app_constants.HELM_APP_KUBEVIRT_CR, '-n', app_constants.HELM_NS_KUBEVIRT
]
stdout, stderr = cutils.trycmd(*cmd)
LOG.debug(f"{app.name} app: cmd={cmd} stdout={stdout} stderr={stderr}")
def post_remove(self, app):
LOG.debug(
"Executing post_remove for {} app".format(app_constants.HELM_APP_KUBEVIRT)
)
"""Execute post-remove actions for the applications
# Due to ordering of deletes, to prevent the namespace finalizer from waiting indefinitely,
# we need to ensure we delete 2 APIs
cmd = ['kubectl', '--kubeconfig', kubernetes.KUBERNETES_ADMIN_CONF,
'delete', 'apiservices.apiregistration.k8s.io', app_constants.HELM_APP_CDI_UPLOAD_API_V1_ALPHA_1]
stdout, stderr = cutils.trycmd(*cmd)
LOG.debug("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr))
cmd = ['kubectl', '--kubeconfig', kubernetes.KUBERNETES_ADMIN_CONF,
'delete', 'apiservices.apiregistration.k8s.io', app_constants.HELM_APP_CDI_UPLOAD_API_V1_BETA_1]
stdout, stderr = cutils.trycmd(*cmd)
LOG.debug("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr))
# Helm doesn't delete CRDs. To clean up after application-remove, we need to explicitly delete the CRDs.
cmd = ['kubectl', '--kubeconfig', kubernetes.KUBERNETES_ADMIN_CONF,
'delete','crd', app_constants.HELM_APP_CDI_CRD]
stdout, stderr = cutils.trycmd(*cmd)
LOG.debug("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr))
This method is responsible for performing cleanup actions after an
application has been removed. It includes deleting Custom Resource Definitions
(CRDs), removing symbolic links and binaries, and cleaning up directories.
cmd = ['kubectl', '--kubeconfig', kubernetes.KUBERNETES_ADMIN_CONF,
'delete','crd', app_constants.HELM_APP_KUBEVIRT_CRD]
:param app: The application object.
"""
LOG.debug(f"Executing post_remove for {app_constants.HELM_APP_KUBEVIRT} app")
# Helm doesn't delete CRDs. To clean up after application-remove, we need to explicitly
# delete the CRDs.
cmd = [
'kubectl', '--kubeconfig', kubernetes.KUBERNETES_ADMIN_CONF,
'delete', 'crd', app_constants.HELM_APP_CDI_CRD
]
stdout, stderr = cutils.trycmd(*cmd)
LOG.debug("{} app: cmd={} stdout={} stderr={}".format(app.name, cmd, stdout, stderr))
# CDI and KubeVirt CRDs are independent of each other; the CRD for CDI can be
# safely deleted even if deleting the KubeVirt CRD fails above.
cmd = [
'kubectl', '--kubeconfig', kubernetes.KUBERNETES_ADMIN_CONF,
'delete', 'crd', app_constants.HELM_APP_KUBEVIRT_CRD
]
stdout, stderr = cutils.trycmd(*cmd)
LOG.debug(f"{app.name} app: cmd={cmd} stdout={stdout} stderr={stderr}")
# Remove virtctl sym link
if os.path.exists(app_constants.HELM_VIRTCTL_LINK_PATH):
os.remove(app_constants.HELM_VIRTCTL_LINK_PATH)
else:
LOG.warning(f"Failed to delete {app_constants.HELM_VIRTCTL_LINK_PATH}")
# Remove virtctl binary
if os.path.exists(app_constants.HELM_VIRTCTL_PATH):
os.remove(app_constants.HELM_VIRTCTL_PATH)
os.remove(app_constants.HELM_VIRTCTL_PATH)
else:
LOG.warning("Failed to delete {}".format(app_constants.HELM_VIRTCTL_PATH))
LOG.warning(f"Failed to delete {app_constants.HELM_VIRTCTL_PATH}")
# Remove /var/opt/kubevirt if it is empty
dir = os.listdir(app_constants.HELM_VIRTCTL_DIR)
if len(dir) == 0:
os.rmdir(app_constants.HELM_VIRTCTL_DIR)
LOG.debug("Deleted directory {}".format(app_constants.HELM_VIRTCTL_DIR))
directory = os.listdir(app_constants.HELM_VIRTCTL_DIR)
if len(directory) == 0:
os.rmdir(app_constants.HELM_VIRTCTL_DIR)
LOG.debug(f"Deleted directory {app_constants.HELM_VIRTCTL_DIR}")
else:
LOG.warning("Directory {} is not empty - will not be deleted.".format(app_constants.HELM_VIRTCTL_DIR))
LOG.info(f"Directory {app_constants.HELM_VIRTCTL_DIR} is not empty \
- will not be deleted.")

0
python3-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/tests/__init__.py Normal file
View File

34
python3-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/tests/test_kubevirt.py Normal file
View File

@ -0,0 +1,34 @@
#
# Copyright (c) 2023 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
"""Module for application testing."""
from sysinv.db import api as dbapi
from sysinv.tests.db import base as dbbase
from sysinv.tests.db import utils as dbutils
from sysinv.tests.helm import base
from k8sapp_kubevirt.tests import test_plugins
class KubevirtTestCase(test_plugins.K8SAppKubevirtAppMixin,
base.HelmTestCaseMixin):
"""Base Test Case Class."""
def setUp(self):
"""Common Test Case Setup."""
super().setUp()
self.app = dbutils.create_test_app(name='kubevirt')
self.dbapi = dbapi.get_instance()
# pylint: disable=too-many-ancestors
class KubevirtTestCaseDummy(KubevirtTestCase,
dbbase.ProvisionedControllerHostTestCase):
"""Dummy Test Case Class"""
def test_dummy(self):
"""Dummy Test Case."""
# without a test zuul will fail

53
python3-k8sapp-kubevirt/k8sapp_kubevirt/k8sapp_kubevirt/tests/test_plugins.py Normal file
View File

@ -0,0 +1,53 @@
#
# Copyright (c) 2023 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
"""Module provides high-level plugin test framework."""
from sysinv.tests.db import base as dbbase
from k8sapp_kubevirt.common import constants as app_constants
# pylint: disable=useless-object-inheritance
class K8SAppKubevirtAppMixin(object):
"""Class for specific plugin testcases."""
app_name = app_constants.HELM_APP_KUBEVIRT
path_name = app_name + '.tgz'
# pylint: disable=invalid-name,useless-parent-delegation
def setUp(self):
"""Setup test cases."""
super().setUp()
def test_stub(self):
"""Test Case Stub."""
# Replace this with a real unit test.
# Test Configuration:
# - Controller
# - IPv6
# - Ceph Storage
# - kubevirt app
# pylint: disable=too-many-ancestors
class K8sAppKubevirtControllerTestCase(K8SAppKubevirtAppMixin,
dbbase.BaseIPv6Mixin,
dbbase.BaseCephStorageBackendMixin,
dbbase.ControllerHostTestCase):
"""Class to test IPv6 Standard w/Ceph."""
# Test Configuration:
# - AIO
# - IPv4
# - Ceph Storage
# - kubevirt app
# pylint: disable=too-many-ancestors
class K8SAppKubevirtAIOTestCase(K8SAppKubevirtAppMixin,
dbbase.BaseCephStorageBackendMixin,
dbbase.AIOSimplexHostTestCase):
"""Class to test IPv4 AIO w/Ceph."""

829
python3-k8sapp-kubevirt/k8sapp_kubevirt/pylint.rc
View File

@ -1,320 +1,631 @@
[MASTER]
# Specify a configuration file.
rcfile=pylint.rc
[MAIN]
# Analyse import fallback blocks. This can be used to support both Python 2 and
# 3 compatible code, which means that the block might have code that exists
# only in one or another interpreter, leading to false positives when analysed.
analyse-fallback-blocks=no
# Clear in-memory caches upon conclusion of linting. Useful if running pylint
# in a server-like mode.
clear-cache-post-run=no
# Load and enable all available extensions. Use --list-extensions to see a list
# all available extensions.
#enable-all-extensions=
# In error mode, messages with a category besides ERROR or FATAL are
# suppressed, and no reports are done by default. Error mode is compatible with
# disabling specific errors.
#errors-only=
# Always return a 0 (non-error) status code, even if lint errors are found.
# This is primarily useful in continuous integration scripts.
#exit-zero=
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code.
extension-pkg-allow-list=
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code. (This is an alternative name to extension-pkg-allow-list
# for backward compatibility.)
extension-pkg-whitelist=
# Return non-zero exit code if any of these messages/categories are detected,
# even if score is above --fail-under value. Syntax same as enable. Messages
# specified are enabled, while categories only check already-enabled messages.
fail-on=
# Specify a score threshold under which the program will exit with error.
fail-under=10
# Interpret the stdin as a python script, whose filename needs to be passed as
# the module_or_package argument.
#from-stdin=
# Files or directories to be skipped. They should be base names, not paths.
ignore=CVS
# Add files or directories matching the regular expressions patterns to the
# ignore-list. The regex matches against paths and can be in Posix or Windows
# format. Because '\\' represents the directory delimiter on Windows systems,
# it can't be used as an escape character.
ignore-paths=
# Files or directories matching the regular expression patterns are skipped.
# The regex matches against base names, not paths. The default value ignores
# Emacs file locks
ignore-patterns=^\.#
# List of module names for which member attributes should not be checked
# (useful for modules/projects where namespaces are manipulated during runtime
# and thus existing member attributes cannot be deduced by static analysis). It
# supports qualified module names, as well as Unix pattern matching.
ignored-modules=
# Python code to execute, usually for sys.path manipulation such as
# pygtk.require().
#init-hook=
# Add files or directories to the blacklist. Should be base names, not paths.
ignore=tests
# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the
# number of processors available to use, and will cap the count on Windows to
# avoid hangs.
jobs=1
# Control the amount of potential inferred values when inferring a single
# object. This can help the performance when dealing with large functions or
# complex, nested conditions.
limit-inference-results=100
# List of plugins (as comma separated values of python module names) to load,
# usually to register additional checkers.
load-plugins=
# Pickle collected data for later comparisons.
persistent=yes
# List of plugins (as comma separated values of python modules names) to load,
# usually to register additional checkers.
load-plugins=
# Minimum Python version to use for version dependent checks. Will default to
# the version used to run pylint.
py-version=3.9
# Use multiple processes to speed up Pylint.
jobs=4
# Discover python modules and packages in the file system subtree.
recursive=no
# Add paths to the list of the source roots. Supports globbing patterns. The
# source root is an absolute path or a path relative to the current working
# directory used to determine a package namespace for modules located under the
# source root.
source-roots=
# When enabled, pylint would attempt to guess common misconfiguration and emit
# user-friendly hints instead of false-positive error messages.
suggestion-mode=yes
# Allow loading of arbitrary C extensions. Extensions are imported into the
# active Python interpreter and may run arbitrary code.
unsafe-load-any-extension=no
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code
extension-pkg-whitelist=lxml.etree,greenlet
[MESSAGES CONTROL]
# Enable the message, report, category or checker with the given id(s). You can
# either give multiple identifier separated by comma (,) or put this option
# multiple time.
#
# Python3 checker:
#
# E1601: print-statement
# E1602: parameter-unpacking
# E1603: unpacking-in-except
# E1604: old-raise-syntax
# E1605: backtick
# E1606: long-suffix
# E1607: old-ne-operator
# E1608: old-octal-literal
# E1609: import-star-module-level
# E1610: non-ascii-bytes-literal
# E1611: invalid-unicode-literal
# W1601: apply-builtin
# W1602: basestring-builtin
# W1603: buffer-builtin
# W1604: cmp-builtin
# W1605: coerce-builtin
# W1606: execfile-builtin
# W1607: file-builtin
# W1608: long-builtin
# W1609: raw_input-builtin
# W1610: reduce-builtin
# W1611: standarderror-builtin
# W1612: unicode-builtin
# W1613: xrange-builtin
# W1614: coerce-method
# W1615: delslice-method
# W1616: getslice-method
# W1617: setslice-method
# W1618: no-absolute-import
# W1619: old-division
# W1620: dict-iter-method
# W1621: dict-view-method
# W1622: next-method-called
# W1623: metaclass-assignment
# W1624: indexing-exception
# W1625: raising-string
# W1626: reload-builtin
# W1627: oct-method
# W1628: hex-method
# W1629: nonzero-method
# W1630: cmp-method
# W1632: input-builtin
# W1633: round-builtin
# W1634: intern-builtin
# W1635: unichr-builtin
# W1636: map-builtin-not-iterating
# W1637: zip-builtin-not-iterating
# W1638: range-builtin-not-iterating
# W1639: filter-builtin-not-iterating
# W1640: using-cmp-argument
# W1641: eq-without-hash
# W1642: div-method
# W1643: idiv-method
# W1644: rdiv-method
# W1645: exception-message-attribute
# W1646: invalid-str-codec
# W1647: sys-max-int
# W1648: bad-python3-import
# W1649: deprecated-string-function
# W1650: deprecated-str-translate-call
# W1651: deprecated-itertools-function
# W1652: deprecated-types-field
# W1653: next-method-defined
# W1654: dict-items-not-iterating
# W1655: dict-keys-not-iterating
# W1656: dict-values-not-iterating
# W1657: deprecated-operator-function
# W1658: deprecated-urllib-function
# W1659: xreadlines-attribute
# W1660: deprecated-sys-function
# W1661: exception-escape
# W1662: comprehension-escape
enable=E1603,E1609,E1610,E1602,E1606,E1608,E1607,E1605,E1604,E1601,E1611,W1652,
W1651,W1649,W1657,W1660,W1658,W1659,W1623,W1622,W1620,W1621,W1645,W1641,
W1624,W1648,W1625,W1611,W1662,W1661,W1650,W1640,W1630,W1614,W1615,W1642,
W1616,W1628,W1643,W1629,W1627,W1644,W1617,W1601,W1602,W1603,W1604,W1605,
W1654,W1655,W1656,W1619,W1606,W1607,W1639,W1632,W1634,W1608,W1636,
W1653,W1646,W1638,W1609,W1610,W1626,W1633,W1647,W1635,W1612,W1613,W1637
# Disable the message, report, category or checker with the given id(s). You
# can either give multiple identifier separated by comma (,) or put this option
# multiple time (only on the command line, not in the configuration file where
# it should appear only once).
# See "Messages Control" section of
# https://pylint.readthedocs.io/en/latest/user_guide
# We are disabling (C)onvention
# We are disabling (R)efactor
# W1618: no-absolute-import
disable=C, R, W1618
[REPORTS]
# Set the output format. Available formats are text, parseable, colorized, msvs
# (visual studio) and html
output-format=text
# Put messages in a separate file for each module / package specified on the
# command line instead of printing them on stdout. Reports (if any) will be
# written in a file name "pylint_global.[txt|html]".
files-output=no
# Tells whether to display a full report or only the messages
reports=yes
# Python expression which should return a note less than 10 (10 is the highest
# note). You have access to the variables errors warning, statement which
# respectively contain the number of errors / warnings messages and the total
# number of statements analyzed. This is used by the global evaluation report
# (RP0004).
evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
[SIMILARITIES]
# Minimum lines number of a similarity.
min-similarity-lines=4
# Ignore comments when computing similarities.
ignore-comments=yes
# Ignore docstrings when computing similarities.
ignore-docstrings=yes
[FORMAT]
# Maximum number of characters on a single line.
max-line-length=85
# Maximum number of lines in a module
max-module-lines=1000
# String used as indentation unit. This is usually 4 spaces or "\t" (1 tab).
indent-string=' '
[TYPECHECK]
# Tells whether missing members accessed in mixin class should be ignored. A
# mixin class is detected if its name ends with "mixin" (case insensitive).
ignore-mixin-members=yes
# List of module names for which member attributes should not be checked
# (useful for modules/projects where namespaces are manipulated during runtime
# and thus existing member attributes cannot be deduced by static analysis
ignored-modules=distutils,eventlet.green.subprocess,six,six.moves
# List of classes names for which member attributes should not be checked
# (useful for classes with attributes dynamically set).
# pylint is confused by sqlalchemy Table, as well as sqlalchemy Enum types
# ie: (unprovisioned, identity)
# LookupDict in requests library confuses pylint
ignored-classes=SQLObject, optparse.Values, thread._local, _thread._local,
Table, unprovisioned, identity, LookupDict
# List of members which are set dynamically and missed by pylint inference
# system, and so shouldn't trigger E0201 when accessed. Python regular
# expressions are accepted.
generated-members=REQUEST,acl_users,aq_parent
# In verbose mode, extra non-checker-related info will be displayed.
#verbose=
[BASIC]
# List of builtins function names that should not be used, separated by a comma
bad-functions=map,filter,apply,input
# Regular expression which should only match correct module names
module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
# Naming style matching correct argument names.
argument-naming-style=snake_case
# Regular expression which should only match correct module level names
const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$
# Regular expression matching correct argument names. Overrides argument-
# naming-style. If left empty, argument names will be checked with the set
# naming style.
#argument-rgx=
# Regular expression which should only match correct class names
class-rgx=[A-Z_][a-zA-Z0-9]+$
# Naming style matching correct attribute names.
attr-naming-style=snake_case
# Regular expression which should only match correct function names
function-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression matching correct attribute names. Overrides attr-naming-
# style. If left empty, attribute names will be checked with the set naming
# style.
#attr-rgx=
# Regular expression which should only match correct method names
method-rgx=[a-z_][a-z0-9_]{2,30}$
# Bad variable names which should always be refused, separated by a comma.
bad-names=foo,
bar,
baz,
toto,
tutu,
tata
# Regular expression which should only match correct instance attribute names
attr-rgx=[a-z_][a-z0-9_]{2,30}$
# Bad variable names regexes, separated by a comma. If names match any regex,
# they will always be refused
bad-names-rgxs=
# Regular expression which should only match correct argument names
argument-rgx=[a-z_][a-z0-9_]{2,30}$
# Naming style matching correct class attribute names.
class-attribute-naming-style=any
# Regular expression which should only match correct variable names
variable-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression matching correct class attribute names. Overrides class-
# attribute-naming-style. If left empty, class attribute names will be checked
# with the set naming style.
#class-attribute-rgx=
# Regular expression which should only match correct list comprehension /
# generator expression variable names
inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
# Naming style matching correct class constant names.
class-const-naming-style=UPPER_CASE
# Good variable names which should always be accepted, separated by a comma
good-names=i,j,k,ex,Run,_
# Regular expression matching correct class constant names. Overrides class-
# const-naming-style. If left empty, class constant names will be checked with
# the set naming style.
#class-const-rgx=
# Bad variable names which should always be refused, separated by a comma
bad-names=foo,bar,baz,toto,tutu,tata
# Naming style matching correct class names.
class-naming-style=PascalCase
# Regular expression which should only match functions or classes name which do
# not require a docstring
no-docstring-rgx=__.*__
# Regular expression matching correct class names. Overrides class-naming-
# style. If left empty, class names will be checked with the set naming style.
#class-rgx=
# Naming style matching correct constant names.
const-naming-style=UPPER_CASE
[MISCELLANEOUS]
# List of note tags to take in consideration, separated by a comma.
notes=FIXME,XXX,TODO
# Regular expression matching correct constant names. Overrides const-naming-
# style. If left empty, constant names will be checked with the set naming
# style.
#const-rgx=
# Minimum line length for functions/classes that require docstrings, shorter
# ones are exempt.
docstring-min-length=-1
[VARIABLES]
# Tells whether we should check for unused import in __init__ files.
init-import=no
# Naming style matching correct function names.
function-naming-style=snake_case
# A regular expression matching the beginning of the name of dummy variables
# (i.e. not used).
dummy-variables-rgx=_|dummy
# Regular expression matching correct function names. Overrides function-
# naming-style. If left empty, function names will be checked with the set
# naming style.
#function-rgx=
# List of additional names supposed to be defined in builtins. Remember that
# you should avoid to define new builtins when possible.
additional-builtins=
# Good variable names which should always be accepted, separated by a comma.
good-names=i,
j,
k,
ex,
Run,
_
# Good variable names regexes, separated by a comma. If names match any regex,
# they will always be accepted
good-names-rgxs=
[IMPORTS]
# Deprecated modules which should not be used, separated by a comma
deprecated-modules=regsub,string,TERMIOS,Bastion,rexec
# Include a hint for the correct naming format with invalid-name.
include-naming-hint=no
# Create a graph of every (i.e. internal and external) dependencies in the
# given file (report RP0402 must not be disabled)
import-graph=
# Naming style matching correct inline iteration names.
inlinevar-naming-style=any
# Create a graph of external dependencies in the given file (report RP0402 must
# not be disabled)
ext-import-graph=
# Regular expression matching correct inline iteration names. Overrides
# inlinevar-naming-style. If left empty, inline iteration names will be checked
# with the set naming style.
#inlinevar-rgx=
# Create a graph of internal dependencies in the given file (report RP0402 must
# not be disabled)
int-import-graph=
# Naming style matching correct method names.
method-naming-style=snake_case
# Regular expression matching correct method names. Overrides method-naming-
# style. If left empty, method names will be checked with the set naming style.
#method-rgx=
[DESIGN]
# Maximum number of arguments for function / method
max-args=5
# Naming style matching correct module names.
module-naming-style=snake_case
# Argument names that match this expression will be ignored. Default to name
# with leading underscore
ignored-argument-names=_.*
# Regular expression matching correct module names. Overrides module-naming-
# style. If left empty, module names will be checked with the set naming style.
#module-rgx=
# Maximum number of locals for function / method body
max-locals=15
# Colon-delimited sets of names that determine each other's naming style when
# the name regexes allow several styles.
name-group=
# Maximum number of return / yield for function / method body
max-returns=6
# Regular expression which should only match function or class names that do
# not require a docstring.
no-docstring-rgx=^_
# Maximum number of branch for function / method body
max-branchs=12
# List of decorators that produce properties, such as abc.abstractproperty. Add
# to this list to register other decorators that produce valid properties.
# These decorators are taken in consideration only for invalid-name.
property-classes=abc.abstractproperty
# Maximum number of statements in function / method body
max-statements=50
# Regular expression matching correct type alias names. If left empty, type
# alias names will be checked with the set naming style.
#typealias-rgx=
# Maximum number of parents for a class (see R0901).
max-parents=7
# Regular expression matching correct type variable names. If left empty, type
# variable names will be checked with the set naming style.
#typevar-rgx=
# Maximum number of attributes for a class (see R0902).
max-attributes=7
# Naming style matching correct variable names.
variable-naming-style=snake_case
# Minimum number of public methods for a class (see R0903).
min-public-methods=2
# Maximum number of public methods for a class (see R0904).
max-public-methods=20
# Regular expression matching correct variable names. Overrides variable-
# naming-style. If left empty, variable names will be checked with the set
# naming style.
#variable-rgx=
[CLASSES]
# Warn about protected attribute access inside special methods
check-protected-access-in-special-methods=no
# List of method names used to declare (i.e. assign) instance attributes.
defining-attr-methods=__init__,__new__,setUp
defining-attr-methods=__init__,
__new__,
setUp,
asyncSetUp,
__post_init__
# List of member names, which should be excluded from the protected access
# warning.
exclude-protected=_asdict,_fields,_replace,_source,_make,os._exit
# List of valid names for the first argument in a class method.
valid-classmethod-first-arg=cls
# List of valid names for the first argument in a metaclass class method.
valid-metaclass-classmethod-first-arg=mcs
[DESIGN]
# List of regular expressions of class ancestor names to ignore when counting
# public methods (see R0903)
exclude-too-few-public-methods=
# List of qualified class names to ignore when counting class parents (see
# R0901)
ignored-parents=
# Maximum number of arguments for function / method.
max-args=5
# Maximum number of attributes for a class (see R0902).
max-attributes=7
# Maximum number of boolean expressions in an if statement (see R0916).
max-bool-expr=5
# Maximum number of branch for function / method body.
max-branches=12
# Maximum number of locals for function / method body.
max-locals=15
# Maximum number of parents for a class (see R0901).
max-parents=7
# Maximum number of public methods for a class (see R0904).
max-public-methods=20
# Maximum number of return / yield for function / method body.
max-returns=6
# Maximum number of statements in function / method body.
max-statements=50
# Minimum number of public methods for a class (see R0903).
min-public-methods=2
[EXCEPTIONS]
# Exceptions that will emit a warning when being caught. Defaults to
# "Exception"
overgeneral-exceptions=Exception
# Exceptions that will emit a warning when caught.
overgeneral-exceptions=builtins.BaseException,builtins.Exception
[FORMAT]
# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
expected-line-ending-format=
# Regexp for a line that is allowed to be longer than the limit.
ignore-long-lines=^\s*(# )?<?https?://\S+>?$
# Number of spaces of indent required inside a hanging or continued line.
indent-after-paren=4
# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1
# tab).
indent-string=' '
# Maximum number of characters on a single line.
max-line-length=100
# Maximum number of lines in a module.
max-module-lines=1000
# Allow the body of a class to be on the same line as the declaration if body
# contains single statement.
single-line-class-stmt=no
# Allow the body of an if to be on the same line as the test if there is no
# else.
single-line-if-stmt=no
[IMPORTS]
# List of modules that can be imported at any level, not just the top level
# one.
allow-any-import-level=
# Allow explicit reexports by alias from a package __init__.
allow-reexport-from-package=no
# Allow wildcard imports from modules that define __all__.
allow-wildcard-with-all=no
# Deprecated modules which should not be used, separated by a comma.
deprecated-modules=
# Output a graph (.gv or any supported image format) of external dependencies
# to the given file (report RP0402 must not be disabled).
ext-import-graph=
# Output a graph (.gv or any supported image format) of all (i.e. internal and
# external) dependencies to the given file (report RP0402 must not be
# disabled).
import-graph=
# Output a graph (.gv or any supported image format) of internal dependencies
# to the given file (report RP0402 must not be disabled).
int-import-graph=
# Force import order to recognize a module as part of the standard
# compatibility libraries.
known-standard-library=
# Force import order to recognize a module as part of a third party library.
known-third-party=enchant
# Couples of modules and preferred modules, separated by a comma.
preferred-modules=
[LOGGING]
# The type of string formatting that logging methods do. `old` means using %
# formatting, `new` is for `{}` formatting.
logging-format-style=old
# Logging modules to check that the string format arguments are in logging
# function parameter format.
logging-modules=logging
[MESSAGES CONTROL]
# Only show warnings with the listed confidence levels. Leave empty to show
# all. Valid levels: HIGH, CONTROL_FLOW, INFERENCE, INFERENCE_FAILURE,
# UNDEFINED.
confidence=HIGH,
CONTROL_FLOW,
INFERENCE,
INFERENCE_FAILURE,
UNDEFINED
# Disable the message, report, category or checker with the given id(s). You
# can either give multiple identifiers separated by comma (,) or put this
# option multiple times (only on the command line, not in the configuration
# file where it should appear only once). You can also use "--disable=all" to
# disable everything first and then re-enable specific checks. For example, if
# you want to run only the similarities checker, you can use "--disable=all
# --enable=similarities". If you want to run only the classes checker, but have
# no Warning level messages displayed, use "--disable=all --enable=classes
# --disable=W".
disable=raw-checker-failed,
bad-inline-option,
locally-disabled,
file-ignored,
suppressed-message,
useless-suppression,
deprecated-pragma,
use-symbolic-message-instead,
R0913, E0401, W0212
# Enable the message, report, category or checker with the given id(s). You can
# either give multiple identifier separated by comma (,) or put this option
# multiple time (only on the command line, not in the configuration file where
# it should appear only once). See also the "--disable" option for examples.
enable=c-extension-no-member, C0301
[METHOD_ARGS]
# List of qualified names (i.e., library.method) which require a timeout
# parameter e.g. 'requests.api.get,requests.api.post'
timeout-methods=requests.api.delete,requests.api.get,requests.api.head,requests.api.options,requests.api.patch,requests.api.post,requests.api.put,requests.api.request
[MISCELLANEOUS]
# List of note tags to take in consideration, separated by a comma.
notes=FIXME,
XXX,
TODO
# Regular expression of note tags to take in consideration.
notes-rgx=
[REFACTORING]
# Maximum number of nested blocks for function / method body
max-nested-blocks=5
# Complete name of functions that never returns. When checking for
# inconsistent-return-statements if a never returning function is called then
# it will be considered as an explicit return statement and no message will be
# printed.
never-returning-functions=sys.exit,argparse.parse_error
[REPORTS]
# Python expression which should return a score less than or equal to 10. You
# have access to the variables 'fatal', 'error', 'warning', 'refactor',
# 'convention', and 'info' which contain the number of messages in each
# category, as well as 'statement' which is the total number of statements
# analyzed. This score is used by the global evaluation report (RP0004).
evaluation=max(0, 0 if fatal else 10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10))
# Template used to display messages. This is a python new-style format string
# used to format the message information. See doc for all details.
msg-template=
# Set the output format. Available formats are text, parseable, colorized, json
# and msvs (visual studio). You can also give a reporter class, e.g.
# mypackage.mymodule.MyReporterClass.
#output-format=
# Tells whether to display a full report or only the messages.
reports=no
# Activate the evaluation score.
score=yes
[SIMILARITIES]
# Comments are removed from the similarity computation
ignore-comments=yes
# Docstrings are removed from the similarity computation
ignore-docstrings=yes
# Imports are removed from the similarity computation
ignore-imports=yes
# Signatures are removed from the similarity computation
ignore-signatures=yes
# Minimum lines number of a similarity.
min-similarity-lines=4
[SPELLING]
# Limits count of emitted suggestions for spelling mistakes.
max-spelling-suggestions=4
# Spelling dictionary name. No available dictionaries : You need to install
# both the python package and the system dependency for enchant to work..
spelling-dict=
# List of comma separated words that should be considered directives if they
# appear at the beginning of a comment and should not be checked.
spelling-ignore-comment-directives=fmt: on,fmt: off,noqa:,noqa,nosec,isort:skip,mypy:
# List of comma separated words that should not be checked.
spelling-ignore-words=
# A path to a file that contains the private dictionary; one word per line.
spelling-private-dict-file=
# Tells whether to store unknown words to the private dictionary (see the
# --spelling-private-dict-file option) instead of raising a message.
spelling-store-unknown-words=no
[STRING]
# This flag controls whether inconsistent-quotes generates a warning when the
# character used as a quote delimiter is used inconsistently within a module.
check-quote-consistency=no
# This flag controls whether the implicit-str-concat should generate a warning
# on implicit string concatenation in sequences defined over several lines.
check-str-concat-over-line-jumps=no
[TYPECHECK]
# List of decorators that produce context managers, such as
# contextlib.contextmanager. Add to this list to register other decorators that
# produce valid context managers.
contextmanager-decorators=contextlib.contextmanager
# List of members which are set dynamically and missed by pylint inference
# system, and so shouldn't trigger E1101 when accessed. Python regular
# expressions are accepted.
generated-members=
# Tells whether to warn about missing members when the owner of the attribute
# is inferred to be None.
ignore-none=yes
# This flag controls whether pylint should warn about no-member and similar
# checks whenever an opaque object is returned when inferring. The inference
# can return multiple potential results while evaluating a Python object, but
# some branches might not be evaluated, which results in partial inference. In
# that case, it might be useful to still emit no-member and other checks for
# the rest of the inferred objects.
ignore-on-opaque-inference=yes
# List of symbolic message names to ignore for Mixin members.
ignored-checks-for-mixins=no-member,
not-async-context-manager,
not-context-manager,
attribute-defined-outside-init
# List of class names for which member attributes should not be checked (useful
# for classes with dynamically set attributes). This supports the use of
# qualified names.
ignored-classes=optparse.Values,thread._local,_thread._local,argparse.Namespace
# Show a hint with possible names when a member name was not found. The aspect
# of finding the hint is based on edit distance.
missing-member-hint=yes
# The minimum edit distance a name should have in order to be considered a
# similar match for a missing member name.
missing-member-hint-distance=1
# The total number of similar names that should be taken in consideration when
# showing a hint for a missing member.
missing-member-max-choices=1
# Regex pattern to define which classes are considered mixins.
mixin-class-rgx=.*[Mm]ixin
# List of decorators that change the signature of a decorated function.
signature-mutators=
[VARIABLES]
# List of additional names supposed to be defined in builtins. Remember that
# you should avoid defining new builtins when possible.
additional-builtins=
# Tells whether unused global variables should be treated as a violation.
allow-global-unused-variables=yes
# List of names allowed to shadow builtins
allowed-redefined-builtins=
# List of strings which can identify a callback function by name. A callback
# name must start or end with one of those strings.
callbacks=cb_,
_cb
# A regular expression matching the name of dummy variables (i.e. expected to
# not be used).
dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_
# Argument names that match this expression will be ignored.
ignored-argument-names=_.*|^ignored_|^unused_
# Tells whether we should check for unused import in __init__ files.
init-import=no
# List of qualified module names which can have objects that can redefine
# builtins.
redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io

4
python3-k8sapp-kubevirt/k8sapp_kubevirt/requirements.txt
View File

@ -1,2 +1,2 @@
pbr>=0.5
PyYAML==3.10
pbr>=5.1.3
PyYAML==6.0.0

4
python3-k8sapp-kubevirt/k8sapp_kubevirt/setup.cfg
View File

@ -8,10 +8,8 @@ classifier =
License :: OSI Approved :: Apache Software License
Operating System :: POSIX :: Linux
Programming Language :: Python
Programming Language :: Python :: 2
Programming Language :: Python :: 2.7
Programming Language :: Python :: 3
Programming Language :: Python :: 3.6
Programming Language :: Python :: 3.9
[files]
packages =

4
python3-k8sapp-kubevirt/k8sapp_kubevirt/setup.py
View File

@ -1,9 +1,11 @@
#
# copyright (c) 2022 Wind River Systems, Inc.
# copyright (c) 2022-2023 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
import setuptools
setuptools.setup(
setup_requires=['pbr>=2.0.0'],
pbr=True)

19
python3-k8sapp-kubevirt/k8sapp_kubevirt/test-requirements.txt
View File

@ -1,23 +1,20 @@
# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
pycodestyle<2.6.0 # MIT License
hacking>=1.1.0,<=2.0.0 # Apache-2.0
astroid
bandit<1.7.2;python_version>="3.0"
coverage>=3.6
discover
fixtures>=3.0.0 # Apache-2.0/BSD
mock>=2.0.0 # BSD
passlib>=1.7.0
psycopg2-binary
python-barbicanclient>=4.5.2 # Apache-2.0
python-subunit>=1.4.0
python-subunit>=0.0.18
requests-mock>=0.6.0 # Apache-2.0
sphinx
oslosphinx
oslotest>=3.2.0 # Apache-2.0
stestr>=1.0.0 # Apache-2.0
testrepository>=0.0.18
testtools!=1.2.0,>=0.9.36
pytest
pyudev
migrate
python-ldap>=3.1.0
markupsafe
isort<5;python_version>="3.0"
pylint
pycryptodomex

124
python3-k8sapp-kubevirt/k8sapp_kubevirt/tox.ini
View File

@ -1,28 +1,32 @@
[tox]
envlist = pylint
minversion = 2.3
envlist = flake8,py39,pylint,bandit,yamllint
minversion = 2.9
skipsdist = True
# tox does not work if the path to the workdir is too long, so move it to /tmp
toxworkdir = /tmp/{env:USER}_k8sapp_kubevirt
toxworkdir = /tmp/{env:USER}_k8skubvirt
stxdir = {toxinidir}/../../..
distshare={toxworkdir}/.tox/distshare
[testenv]
sitepackages = False
basepython = python3.9
usedevelop = True
# these need to be separated by a newline....
allowlist_externals = bash
find
install_command = pip install -v -v -v \
-c{toxinidir}/upper-constraints.txt \
-c{env:UPPER_CONSTRAINTS_FILE:https://opendev.org/starlingx/root/raw/branch/master/build-tools/requirements/debian/upper-constraints.txt} \
{opts} {packages}
commands =
find . -type f -name "*.pyc" -delete
# Note the hash seed is set to 0 until can be tested with a
# random hash seed successfully.
setenv = VIRTUAL_ENV={envdir}
PYTHONHASHSEED=0
PIP_RESOLVER_DEBUG=0
PYTHONDONTWRITEBYTECODE=1
OS_TEST_PATH=./k8sapp_kubevirt/tests
LANG=en_US.UTF-8
LANGUAGE=en_US:en
LC_ALL=C
@ -32,12 +36,106 @@ setenv = VIRTUAL_ENV={envdir}
deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
-e{[tox]stxdir}/config/sysinv/sysinv/sysinv
-e{[tox]stxdir}/config/tsconfig/tsconfig
-e{[tox]stxdir}/fault/fm-api/source
-e{[tox]stxdir}/fault/python-fmclient/fmclient
-e{[tox]stxdir}/utilities/ceph/python-cephclient/python-cephclient
-e{[tox]stxdir}/update/sw-patch/cgcs-patch
commands =
find . -type f -name "*.pyc" -delete
[flake8]
exclude = build,dist,tools,.eggs
max-line-length=100
[testenv:flake8]
deps = -r{toxinidir}/test-requirements.txt
commands =
flake8 {posargs} .
[testenv:py39]
commands =
{[testenv]commands}
stestr run {posargs}
stestr slowest
[testenv:pep8]
deps = {[testenv:flake8]deps}
commands = {[testenv:flake8]commands}
[testenv:venv]
commands = {posargs}
[bandit]
# The following bandit tests are being skipped:
# B101: Test for use of assert
# B103: Test for setting permissive file permissions
# B104: Test for binding to all interfaces
# B105: Test for use of hard-coded password strings
# B108: Test for insecure usage of tmp file/directory
# B110: Try, Except, Pass detected.
# B303: Use of insecure MD2, MD4, MD5, or SHA1 hash function.
# B307: Blacklisted call to eval.
# B310: Audit url open for permitted schemes
# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes
# B314: Blacklisted calls to xml.etree.ElementTree
# B318: Blacklisted calls to xml.dom.minidom
# B320: Blacklisted calls to lxml.etree
# B404: Import of subprocess module
# B405: import xml.etree
# B408: import xml.minidom
# B410: import lxml
# B506: Test for use of yaml load
# B602: Test for use of popen with shell equals true
# B603: Test for use of subprocess without shell equals true
# B604: Test for any function with shell equals true
# B605: Test for starting a process with a shell
# B607: Test for starting a process with a partial path
# B608: Possible SQL injection vector through string-based query
#
# Note: 'skips' entry cannot be split across multiple lines
#
#skips = B101,B103,B104,B105,B108,B110,B303,B307,B310,B311,B314,B318,B320,B404,B405,B408,B410,B506,B602,B603,B604,B605,B607,B608
#exclude = tests
[testenv:bandit]
deps = -r{toxinidir}/test-requirements.txt
commands = bandit --ini tox.ini -n 5 -r k8sapp_kubevirt
[testenv:pylint]
basepython = python3
sitepackages = False
deps = {[testenv]deps}
pylint
commands =
pylint {posargs} k8sapp_kubevirt --rcfile=./pylint.rc
[testenv:yamllint]
deps = yamllint
commands = bash -c "find ./ -iname '*.yaml' -type f -not -name 'metadata.yaml' -print0 | xargs -0 cat | sed 's/\s*\{\{.*\}\}//' | yamllint -d relaxed -f parsable - ;[ $? -eq 0 ] && exit 0 || exit 1"
[stestr]
test_path = ./k8sapp_kubevirt
[testenv:cover]
# not sure is passenv is still needed
passenv = CURL_CA_BUNDLE
deps = {[testenv]deps}
setenv = {[testenv]setenv}
PYTHON=coverage run --parallel-mode
commands =
{[testenv]commands}
coverage erase
stestr run {posargs}
coverage combine
coverage html -d cover
coverage xml -o cover/coverage.xml
coverage report
[testenv:pip-missing-reqs]
# do not install test-requirements as that will pollute the virtualenv for
# determining missing packages
# this also means that pip-missing-reqs must be installed separately, outside
# of the requirements.txt files
deps = pip_missing_reqs
-rrequirements.txt
commands=pip-missing-reqs -d k8sapp_kubevirt

1
python3-k8sapp-kubevirt/k8sapp_kubevirt/upper-constraints.txt Normal file
View File

@ -0,0 +1 @@
# Override upstream constraints based on StarlingX load

4
stx-kubevirt-app-helm/docker/Dockerfile
View File

@ -6,5 +6,5 @@
# All Rights Reserved.
#
FROM alpine:3.16.2
ADD https://github.com/kubevirt/kubevirt/releases/download/v0.53.1/virtctl-v0.53.1-linux-amd64 .
RUN chmod a+rwx ./virtctl-v0.53.1-linux-amd64
ADD https://github.com/kubevirt/kubevirt/releases/download/v0.59.0/virtctl-v0.59.0-linux-amd64 .
RUN chmod a+rwx ./virtctl-v0.59.0-linux-amd64

1
stx-kubevirt-app-helm/stx-kubevirt-app-helm/fluxcd-manifests/base/helmrepository.yaml
View File

@ -8,6 +8,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: stx-platform
namespace: kube-system
spec:
url: http://192.168.206.1:8080/helm_charts/stx-platform
interval: 1m

1
stx-kubevirt-app-helm/stx-kubevirt-app-helm/fluxcd-manifests/base/kustomization.yaml
View File

@ -6,4 +6,3 @@
---
resources:
- helmrepository.yaml
- namespace.yaml

14
stx-kubevirt-app-helm/stx-kubevirt-app-helm/fluxcd-manifests/base/namespace.yaml
View File

@ -1,14 +0,0 @@
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: v1
kind: Namespace
metadata:
name: kubevirt
labels:
app.kubernetes.io/managed-by: Helm
annotations:
meta.helm.sh/release-name: kubevirt-app
meta.helm.sh/release-namespace: kubevirt

2
stx-kubevirt-app-helm/stx-kubevirt-app-helm/fluxcd-manifests/kubevirt-app/helmrelease.yaml
View File

@ -8,6 +8,7 @@ apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
kind: HelmRelease
metadata:
name: kubevirt-app
namespace: kubevirt
labels:
chart_group: starlingx-kubevirt-charts
spec:
@ -19,6 +20,7 @@ spec:
sourceRef:
kind: HelmRepository
name: stx-platform
namespace: kube-system
interval: 1m
timeout: 30m
test:

2
stx-kubevirt-app-helm/stx-kubevirt-app-helm/fluxcd-manifests/kubevirt-app/kustomization.yaml
View File

@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
#
---
namespace: kubevirt
namespace: kube-system
resources:
- helmrelease.yaml
secretGenerator:

4
stx-kubevirt-app-helm/stx-kubevirt-app-helm/fluxcd-manifests/kustomization.yaml
View File

@ -1,11 +1,11 @@
# Copyright (c) 2022 Wind River Systems, Inc.
# Copyright (c) 2023 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubevirt
namespace: kube-system
resources:
- base
- kubevirt-app

4453
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/crds/cdi-crd.yaml
View File

File diff suppressed because it is too large Load Diff

276
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/crds/crd.yaml
View File

@ -11,7 +11,7 @@
# limitations under the License.
#
# Copyright (c) 2022 Wind River Systems, Inc.
# Copyright (c) 2023 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -183,6 +183,15 @@ spec:
description: DeveloperConfiguration holds developer options
properties:
cpuAllocationRatio:
description: 'For each requested virtual CPU, CPUAllocationRatio
defines how much physical CPU to request per VMI from the
hosting node. The value is in fraction of a CPU thread (or
core on non-hyperthreaded nodes). For example, a value of
1 means 1 physical CPU thread per VMI CPU thread. A value
of 100 would be 1% of a physical thread allocated for each
requested VMI thread. This option has no effect on VMIs
that request dedicated CPUs. More information at: https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio
Defaults to 10'
type: integer
diskVerification:
description: DiskVerification holds container disks verification
@ -198,6 +207,8 @@ spec:
- memoryLimit
type: object
featureGates:
description: FeatureGates is the list of experimental features
to enable. Defaults to none
items:
type: string
type: array
@ -223,6 +234,13 @@ spec:
type: integer
type: object
memoryOvercommit:
description: MemoryOvercommit is the percentage of memory
we want to give VMIs compared to the amount given to its
parent pod (virt-launcher). For example, a value of 102
means the VMI will "see" 2% more memory than its parent
pod. Values under 100 are effectively "undercommits". Overcommits
can lead to memory exhaustion, which in turn can lead to
crashes. Use carefully. Defaults to 100
type: integer
minimumClusterTSCFrequency:
description: Allow overriding the automatically determined
@ -231,18 +249,26 @@ spec:
format: int64
type: integer
minimumReservePVCBytes:
description: MinimumReservePVCBytes is the amount of space,
in bytes, to leave unused on disks. Defaults to 131072 (128KiB)
format: int64
type: integer
nodeSelectors:
additionalProperties:
type: string
description: NodeSelectors allows restricting VMI creation
to nodes that match a set of labels. Defaults to none
type: object
pvcTolerateLessSpaceUpToPercent:
description: LessPVCSpaceToleration determines how much smaller,
in percentage, disk PVCs are allowed to be compared to the
requested size (to account for various overheads). Defaults
to 10
type: integer
useEmulation:
description: UseEmulation can be set to true to allow fallback
to software emulation in case hardware-assisted emulation
is not available.
is not available. Defaults to false
type: boolean
type: object
emulatedMachines:
@ -296,7 +322,13 @@ spec:
description: MediatedDevicesConfiguration holds information about
MDEV types to be defined, if available
properties:
mediatedDeviceTypes:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mediatedDevicesTypes:
description: Deprecated. Use mediatedDeviceTypes instead.
items:
type: string
type: array
@ -307,7 +339,13 @@ spec:
about MDEV types to be defined in a specifc node that
matches the NodeSelector field.
properties:
mediatedDeviceTypes:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mediatedDevicesTypes:
description: Deprecated. Use mediatedDeviceTypes instead.
items:
type: string
type: array
@ -321,7 +359,6 @@ spec:
on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
type: object
required:
- mediatedDevicesTypes
- nodeSelector
type: object
type: array
@ -331,37 +368,80 @@ spec:
format: int32
type: integer
migrations:
description: MigrationConfiguration holds migration options
description: MigrationConfiguration holds migration options. Can
be overridden for specific groups of VMs though migration policies.
Visit https://kubevirt.io/user-guide/operations/migration_policies/
for more information.
properties:
allowAutoConverge:
description: AllowAutoConverge allows the platform to compromise
performance/availability of VMIs to guarantee successful
VMI live migrations. Defaults to false
type: boolean
allowPostCopy:
description: AllowPostCopy enables post-copy live migrations.
Such migrations allow even the busiest VMIs to successfully
live-migrate. However, events like a network failure can
cause a VMI crash. If set to true, migrations will still
start in pre-copy, but switch to post-copy when CompletionTimeoutPerGiB
triggers. Defaults to false
type: boolean
bandwidthPerMigration:
anyOf:
- type: integer
- type: string
description: BandwidthPerMigration limits the amount of network
bandwith live migrations are allowed to use. The value is
in quantity per second. Defaults to 0 (no limit)
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
completionTimeoutPerGiB:
description: CompletionTimeoutPerGiB is the maximum number
of seconds per GiB a migration is allowed to take. If a
live-migration takes longer to migrate than this value multiplied
by the size of the VMI, the migration will be cancelled,
unless AllowPostCopy is true. Defaults to 800
format: int64
type: integer
disableTLS:
description: When set to true, DisableTLS will disable the
additional layer of live migration encryption provided by
KubeVirt. This is usually a bad idea. Defaults to false
type: boolean
network:
description: Network is the name of the CNI network to use
for live migrations. By default, migrations go through the
pod network.
type: string
nodeDrainTaintKey:
description: 'NodeDrainTaintKey defines the taint key that
indicates a node should be drained. Note: this option relies
on the deprecated node taint feature. Default: kubevirt.io/drain'
type: string
parallelMigrationsPerCluster:
description: ParallelMigrationsPerCluster is the total number
of concurrent live migrations allowed cluster-wide. Defaults
to 5
format: int32
type: integer
parallelOutboundMigrationsPerNode:
description: ParallelOutboundMigrationsPerNode is the maximum
number of concurrent outgoing live migrations allowed per
node. Defaults to 2
format: int32
type: integer
progressTimeout:
description: ProgressTimeout is the maximum number of seconds
a live migration is allowed to make no progress. Hitting
this timeout means a migration transferred 0 data for that
many seconds. The migration is then considered stuck and
therefore cancelled. Defaults to 150
format: int64
type: integer
unsafeMigrationOverride:
description: UnsafeMigrationOverride allows live migrations
to occur even if the compatibility check indicates the migration
will be unsafe to the guest. Defaults to false
type: boolean
type: object
minCPUModel:
@ -431,6 +511,25 @@ spec:
type: array
x-kubernetes-list-type: atomic
type: object
seccompConfiguration:
description: SeccompConfiguration holds Seccomp configuration
for Kubevirt components
properties:
virtualMachineInstanceProfile:
description: VirtualMachineInstanceProfile defines what profile
should be used with virt-launcher. Defaults to none
properties:
customProfile:
description: CustomProfile allows to request arbitrary
profile for virt-launcher
properties:
localhostProfile:
type: string
runtimeDefaultProfile:
type: boolean
type: object
type: object
type: object
selinuxLauncherType:
type: string
smbios:
@ -451,6 +550,28 @@ spec:
items:
type: string
type: array
tlsConfiguration:
description: TLSConfiguration holds TLS options
properties:
ciphers:
items:
type: string
type: array
x-kubernetes-list-type: set
minTLSVersion:
description: "MinTLSVersion is a way to specify the minimum
protocol version that is acceptable for TLS connections.
Protocol versions are based on the following most common
TLS configurations: \n https://ssl-config.mozilla.org/
\n Note that SSLv3.0 is not a supported protocol version
due to well known vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE"
enum:
- VersionTLS10
- VersionTLS11
- VersionTLS12
- VersionTLS13
type: string
type: object
virtualMachineInstancesPerNode:
type: integer
webhookConfiguration:
@ -529,6 +650,20 @@ spec:
imagePullPolicy:
description: The ImagePullPolicy to use.
type: string
imagePullSecrets:
description: The imagePullSecrets to pull the container images from
Defaults to none
items:
description: LocalObjectReference contains enough information to
let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
type: array
x-kubernetes-list-type: atomic
imageRegistry:
description: The image registry to pull the container images from
Defaults to the same registry the operator's container image is
@ -1537,6 +1672,11 @@ spec:
components. Useful if KubeVirt is included as part of a product.
If ProductVersion is not specified, KubeVirt's version will be used.
type: string
serviceMonitorNamespace:
description: The namespace the service monitor will be deployed When
ServiceMonitorNamespace is set, then we'll install the service monitor
object in that namespace otherwise we will use the monitoring namespace.
type: string
uninstallStrategy:
description: Specifies if kubevirt can be deleted if workloads are
still present. This is mainly a precaution to avoid accidental data
@ -2795,6 +2935,15 @@ spec:
description: DeveloperConfiguration holds developer options
properties:
cpuAllocationRatio:
description: 'For each requested virtual CPU, CPUAllocationRatio
defines how much physical CPU to request per VMI from the
hosting node. The value is in fraction of a CPU thread (or
core on non-hyperthreaded nodes). For example, a value of
1 means 1 physical CPU thread per VMI CPU thread. A value
of 100 would be 1% of a physical thread allocated for each
requested VMI thread. This option has no effect on VMIs
that request dedicated CPUs. More information at: https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio
Defaults to 10'
type: integer
diskVerification:
description: DiskVerification holds container disks verification
@ -2810,6 +2959,8 @@ spec:
- memoryLimit
type: object
featureGates:
description: FeatureGates is the list of experimental features
to enable. Defaults to none
items:
type: string
type: array
@ -2835,6 +2986,13 @@ spec:
type: integer
type: object
memoryOvercommit:
description: MemoryOvercommit is the percentage of memory
we want to give VMIs compared to the amount given to its
parent pod (virt-launcher). For example, a value of 102
means the VMI will "see" 2% more memory than its parent
pod. Values under 100 are effectively "undercommits". Overcommits
can lead to memory exhaustion, which in turn can lead to
crashes. Use carefully. Defaults to 100
type: integer
minimumClusterTSCFrequency:
description: Allow overriding the automatically determined
@ -2843,18 +3001,26 @@ spec:
format: int64
type: integer
minimumReservePVCBytes:
description: MinimumReservePVCBytes is the amount of space,
in bytes, to leave unused on disks. Defaults to 131072 (128KiB)
format: int64
type: integer
nodeSelectors:
additionalProperties:
type: string
description: NodeSelectors allows restricting VMI creation
to nodes that match a set of labels. Defaults to none
type: object
pvcTolerateLessSpaceUpToPercent:
description: LessPVCSpaceToleration determines how much smaller,
in percentage, disk PVCs are allowed to be compared to the
requested size (to account for various overheads). Defaults
to 10
type: integer
useEmulation:
description: UseEmulation can be set to true to allow fallback
to software emulation in case hardware-assisted emulation
is not available.
is not available. Defaults to false
type: boolean
type: object
emulatedMachines:
@ -2908,7 +3074,13 @@ spec:
description: MediatedDevicesConfiguration holds information about
MDEV types to be defined, if available
properties:
mediatedDeviceTypes:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mediatedDevicesTypes:
description: Deprecated. Use mediatedDeviceTypes instead.
items:
type: string
type: array
@ -2919,7 +3091,13 @@ spec:
about MDEV types to be defined in a specifc node that
matches the NodeSelector field.
properties:
mediatedDeviceTypes:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mediatedDevicesTypes:
description: Deprecated. Use mediatedDeviceTypes instead.
items:
type: string
type: array
@ -2933,7 +3111,6 @@ spec:
on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
type: object
required:
- mediatedDevicesTypes
- nodeSelector
type: object
type: array
@ -2943,37 +3120,80 @@ spec:
format: int32
type: integer
migrations:
description: MigrationConfiguration holds migration options
description: MigrationConfiguration holds migration options. Can
be overridden for specific groups of VMs though migration policies.
Visit https://kubevirt.io/user-guide/operations/migration_policies/
for more information.
properties:
allowAutoConverge:
description: AllowAutoConverge allows the platform to compromise
performance/availability of VMIs to guarantee successful
VMI live migrations. Defaults to false
type: boolean
allowPostCopy:
description: AllowPostCopy enables post-copy live migrations.
Such migrations allow even the busiest VMIs to successfully
live-migrate. However, events like a network failure can
cause a VMI crash. If set to true, migrations will still
start in pre-copy, but switch to post-copy when CompletionTimeoutPerGiB
triggers. Defaults to false
type: boolean
bandwidthPerMigration:
anyOf:
- type: integer
- type: string
description: BandwidthPerMigration limits the amount of network
bandwith live migrations are allowed to use. The value is
in quantity per second. Defaults to 0 (no limit)
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
completionTimeoutPerGiB:
description: CompletionTimeoutPerGiB is the maximum number
of seconds per GiB a migration is allowed to take. If a
live-migration takes longer to migrate than this value multiplied
by the size of the VMI, the migration will be cancelled,
unless AllowPostCopy is true. Defaults to 800
format: int64
type: integer
disableTLS:
description: When set to true, DisableTLS will disable the
additional layer of live migration encryption provided by
KubeVirt. This is usually a bad idea. Defaults to false
type: boolean
network:
description: Network is the name of the CNI network to use
for live migrations. By default, migrations go through the
pod network.
type: string
nodeDrainTaintKey:
description: 'NodeDrainTaintKey defines the taint key that
indicates a node should be drained. Note: this option relies
on the deprecated node taint feature. Default: kubevirt.io/drain'
type: string
parallelMigrationsPerCluster:
description: ParallelMigrationsPerCluster is the total number
of concurrent live migrations allowed cluster-wide. Defaults
to 5
format: int32
type: integer
parallelOutboundMigrationsPerNode:
description: ParallelOutboundMigrationsPerNode is the maximum
number of concurrent outgoing live migrations allowed per
node. Defaults to 2
format: int32
type: integer
progressTimeout:
description: ProgressTimeout is the maximum number of seconds
a live migration is allowed to make no progress. Hitting
this timeout means a migration transferred 0 data for that
many seconds. The migration is then considered stuck and
therefore cancelled. Defaults to 150
format: int64
type: integer
unsafeMigrationOverride:
description: UnsafeMigrationOverride allows live migrations
to occur even if the compatibility check indicates the migration
will be unsafe to the guest. Defaults to false
type: boolean
type: object
minCPUModel:
@ -3063,6 +3283,28 @@ spec:
items:
type: string
type: array
tlsConfiguration:
description: TLSConfiguration holds TLS options
properties:
ciphers:
items:
type: string
type: array
x-kubernetes-list-type: set
minTLSVersion:
description: "MinTLSVersion is a way to specify the minimum
protocol version that is acceptable for TLS connections.
Protocol versions are based on the following most common
TLS configurations: \n https://ssl-config.mozilla.org/
\n Note that SSLv3.0 is not a supported protocol version
due to well known vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE"
enum:
- VersionTLS10
- VersionTLS11
- VersionTLS12
- VersionTLS13
type: string
type: object
virtualMachineInstancesPerNode:
type: integer
webhookConfiguration:
@ -3141,6 +3383,20 @@ spec:
imagePullPolicy:
description: The ImagePullPolicy to use.
type: string
imagePullSecrets:
description: The imagePullSecrets to pull the container images from
Defaults to none
items:
description: LocalObjectReference contains enough information to
let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
type: array
x-kubernetes-list-type: atomic
imageRegistry:
description: The image registry to pull the container images from
Defaults to the same registry the operator's container image is
@ -4149,6 +4405,11 @@ spec:
components. Useful if KubeVirt is included as part of a product.
If ProductVersion is not specified, KubeVirt's version will be used.
type: string
serviceMonitorNamespace:
description: The namespace the service monitor will be deployed When
ServiceMonitorNamespace is set, then we'll install the service monitor
object in that namespace otherwise we will use the monitoring namespace.
type: string
uninstallStrategy:
description: Specifies if kubevirt can be deleted if workloads are
still present. This is mainly a precaution to avoid accidental data
@ -5259,4 +5520,3 @@ spec:
storage: true
subresources:
status: {}

18
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi-clusterrole.yaml
View File

@ -54,6 +54,7 @@ rules:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
- customresourcedefinitions/status
verbs:
- '*'
- apiGroups:
@ -102,6 +103,12 @@ rules:
- namespaces
verbs:
- get
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- get
- apiGroups:
- cdi.kubevirt.io
resources:
@ -140,7 +147,6 @@ rules:
resources:
- persistentvolumes
- persistentvolumeclaims
- volumesnapshots
verbs:
- get
- list
@ -148,12 +154,13 @@ rules:
- create
- update
- delete
- deletecollection
- patch
- apiGroups:
- ""
resources:
- persistentvolumeclaims/finalizers
- pods/finalizers
- volumesnapshots/finalizers
verbs:
- update
- apiGroups:
@ -173,6 +180,7 @@ rules:
- configmaps
verbs:
- get
- create
- apiGroups:
- storage.k8s.io
resources:
@ -246,6 +254,12 @@ rules:
verbs:
- list
- watch
- apiGroups:
- kubevirt.io
resources:
- virtualmachines/finalizers
verbs:
- update
- apiGroups:
- ""
resources:

25
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi-configmap.yaml
View File

@ -1,25 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http:#www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
operator.cdi.kubevirt.io: ""
name: cdi-operator-leader-election-helper
namespace: cdi

36
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi-deployment.yaml
View File

@ -11,7 +11,7 @@
# limitations under the License.
#
# Copyright (c) 2022 Wind River Systems, Inc.
# Copyright (c) 2023 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -26,7 +26,7 @@ metadata:
name: cdi-operator
namespace: cdi
spec:
replicas: 1
replicas: {{ .Values.cdi.replicas }}
selector:
matchLabels:
name: cdi-operator
@ -44,42 +44,44 @@ spec:
- name: DEPLOY_CLUSTER_RESOURCES
value: "true"
- name: OPERATOR_VERSION
value: v1.54.0
value: {{ .Values.cdi.cdiVersion }}
- name: CONTROLLER_IMAGE
value: {{ .Values.images.tags.cdiControlerImage }}
value: {{ .Values.cdi.images.tags.cdiControlerImage }}
- name: IMPORTER_IMAGE
value: {{ .Values.images.tags.cdiImporterImage }}
value: {{ .Values.cdi.images.tags.cdiImporterImage }}
- name: CLONER_IMAGE
value: {{ .Values.images.tags.cdiClonerImage }}
value: {{ .Values.cdi.images.tags.cdiClonerImage }}
- name: APISERVER_IMAGE
value: {{ .Values.images.tags.cdiApiServerImage }}
value: {{ .Values.cdi.images.tags.cdiApiServerImage }}
- name: UPLOAD_SERVER_IMAGE
value: {{ .Values.images.tags.cdiUploadServerImage }}
value: {{ .Values.cdi.images.tags.cdiUploadServerImage }}
- name: UPLOAD_PROXY_IMAGE
value: {{ .Values.images.tags.cdiUploadProxyImage }}
value: {{ .Values.cdi.images.tags.cdiUploadProxyImage }}
- name: VERBOSITY
value: "1"
- name: PULL_POLICY
value: IfNotPresent
- name: MONITORING_NAMESPACE
image: {{ .Values.images.tags.cdiOperatorImage }}
image: {{ .Values.cdi.images.tags.cdiOperatorImage }}
imagePullPolicy: IfNotPresent
name: cdi-operator
ports:
- containerPort: {{ .Values.containerPorts.cdiMetricsPort }}
- containerPort: {{ .Values.cdi.containerPorts.metricsPort }}
name: metrics
protocol: TCP
resources:
requests:
memory: {{ .Values.resources.requests.memory }}
memory: {{ .Values.cdi.resources.requests.memory }}
imagePullSecrets:
- name: {{ .Values.cdi.imagePullSecrets }}
{{- if .Values.cdi.nodeSelector }}
nodeSelector:
{{ .Values.cdi.nodeSelector | toYaml | trim | indent 8 }}
{{- end }}
securityContext:
runAsNonRoot: true
serviceAccountName: cdi-operator
{{- with .Values.tolerations }}
{{- with .Values.cdi.tolerations }}
tolerations:
{{ toYaml . | indent 6 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ .Values.nodeSelector | toYaml | trim | indent 8 }}
{{- end }}

6
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi-namespace.yaml
View File

@ -11,7 +11,7 @@
# limitations under the License.
#
# Copyright (c) 2022 Wind River Systems, Inc.
# Copyright (c) 2023 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -21,8 +21,6 @@ kind: Namespace
metadata:
labels:
cdi.kubevirt.io: ""
app.kubernetes.io/managed-by: Helm
app.starlingx.io/component: {{ .Values.cdi.componentType }}
name: cdi
annotations:
meta.helm.sh/release-name: kubevirt-cdi-app
meta.helm.sh/release-namespace: cdi

14
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi-rolebinding.yaml
View File

@ -33,3 +33,17 @@ subjects:
- kind: ServiceAccount
name: cdi-operator
namespace: cdi
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: cdi-registry-rolebinding
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt-registry-cr
subjects:
- kind: ServiceAccount
name: cdi-operator
namespace: cdi

31
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi-rolebinding2.yaml
View File

@ -1,31 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http:#www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Copyright (c) 202 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: cdi-registry-rolebinding
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt-registry-cr
subjects:
- kind: ServiceAccount
name: cdi-operator
namespace: cdi

2
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi-serviceaccount.yaml
View File

@ -23,5 +23,3 @@ metadata:
operator.cdi.kubevirt.io: ""
name: cdi-operator
namespace: cdi
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}

22
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/cdi.yaml
View File

@ -21,15 +21,25 @@ kind: CDI
metadata:
name: cdi
spec:
certConfig:
ca:
duration: {{ .Values.cdi.certificateRotate.ca.duration }}
renewBefore: {{ .Values.cdi.certificateRotate.ca.renewBefore }}
server:
duration: {{ .Values.cdi.certificateRotate.server.duration }}
renewBefore: {{ .Values.cdi.certificateRotate.server.renewBefore }}
config:
imagePullSecrets:
- name: {{ .Values.cdi.imagePullSecrets }}
featureGates: {{ .Values.cdi.featureGates }}
imagePullPolicy: IfNotPresent
infra:
nodeSelector:
kubernetes.io/os: linux
tolerations:
- key: CriticalAddonsOnly
operator: Exists
workload:
{{- if .Values.nodeSelector }}
nodeSelector:
{{ .Values.nodeSelector | toYaml | trim | indent 8 }}
{{- end }}
{{- if .Values.cdi.nodeSelector }}
nodeSelector:
{{- .Values.cdi.nodeSelector | toYaml | trim | nindent 6 }}
{{- end }}

264
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/clusterrole.yaml
View File

@ -11,7 +11,7 @@
# limitations under the License.
#
# Copyright (c) 202 Wind River Systems, Inc.
# Copyright (c) 2023 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -185,19 +185,6 @@ rules:
- delete
- update
- patch
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/pause
- virtualmachineinstances/unpause
- virtualmachineinstances/addvolume
- virtualmachineinstances/removevolume
- virtualmachineinstances/freeze
- virtualmachineinstances/unfreeze
- virtualmachineinstances/softreboot
verbs:
- update
- get
- apiGroups:
- ""
resources:
@ -207,6 +194,22 @@ rules:
- list
- watch
- patch
- apiGroups:
- flavor.kubevirt.io
resources:
- virtualmachineflavors
- virtualmachineclusterflavors
- virtualmachinepreferences
- virtualmachineclusterpreferences
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection
- apiGroups:
- ""
resources:
@ -227,6 +230,12 @@ rules:
- watch
- patch
- update
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- apiGroups:
- kubevirt.io
resources:
@ -286,6 +295,7 @@ rules:
resources:
- virtualmachinesnapshots
- virtualmachinerestores
- virtualmachinesnapshotcontents
verbs:
- get
- list
@ -294,16 +304,20 @@ rules:
- cdi.kubevirt.io
resources:
- datasources
- datavolumes
verbs:
- get
- list
- watch
- apiGroups:
- flavor.kubevirt.io
- instancetype.kubevirt.io
resources:
- virtualmachineflavors
- virtualmachineclusterflavors
- virtualmachineinstancetypes
- virtualmachineclusterinstancetypes
- virtualmachinepreferences
- virtualmachineclusterpreferences
verbs:
- get
- list
- watch
- apiGroups:
@ -314,6 +328,14 @@ rules:
- get
- list
- watch
- apiGroups:
- apps
resources:
- controllerrevisions
verbs:
- create
- list
- get
- apiGroups:
- ""
resources:
@ -322,6 +344,15 @@ rules:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- patch
- apiGroups:
- policy
resources:
@ -339,6 +370,7 @@ rules:
- pods
- configmaps
- endpoints
- services
verbs:
- get
- list
@ -346,6 +378,7 @@ rules:
- delete
- update
- create
- patch
- apiGroups:
- ""
resources:
@ -354,6 +387,12 @@ rules:
- update
- create
- patch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- apiGroups:
- ""
resources:
@ -397,6 +436,8 @@ rules:
- list
- create
- delete
- get
- update
- apiGroups:
- ""
resources:
@ -415,11 +456,19 @@ rules:
- '*'
verbs:
- '*'
- apiGroups:
- export.kubevirt.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- pool.kubevirt.io
resources:
- virtualmachinepools
- virtualmachinepools/finalizers
- virtualmachinepools/status
- virtualmachinepools/scale
verbs:
- watch
- list
@ -500,11 +549,14 @@ rules:
- list
- watch
- apiGroups:
- flavor.kubevirt.io
- instancetype.kubevirt.io
resources:
- virtualmachineflavors
- virtualmachineclusterflavors
- virtualmachineinstancetypes
- virtualmachineclusterinstancetypes
- virtualmachinepreferences
- virtualmachineclusterpreferences
verbs:
- get
- list
- watch
- apiGroups:
@ -515,12 +567,49 @@ rules:
- get
- list
- watch
- apiGroups:
- clone.kubevirt.io
resources:
- virtualmachineclones
- virtualmachineclones/status
- virtualmachineclones/finalizers
verbs:
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- list
- get
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- list
- get
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- list
- get
- watch
- apiGroups:
- kubevirt.io
resources:
@ -585,10 +674,36 @@ rules:
- get
- list
- watch
- apiGroups:
- export.kubevirt.io
resources:
- virtualmachineexports
verbs:
- get
- list
- watch
- apiGroups:
- kubevirt.io
resources:
- kubevirts
verbs:
- list
- watch
- apiGroups:
- ""
resourceNames:
- kubevirt-export-ca
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- subresources.kubevirt.io
resources:
- version
- guestfs
verbs:
- get
- list
@ -597,6 +712,8 @@ rules:
resources:
- virtualmachineinstances/console
- virtualmachineinstances/vnc
- virtualmachineinstances/vnc/screenshot
- virtualmachineinstances/portforward
- virtualmachineinstances/guestosinfo
- virtualmachineinstances/filesystemlist
- virtualmachineinstances/userlist
@ -614,6 +731,13 @@ rules:
- virtualmachineinstances/softreboot
verbs:
- update
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachines/expand-spec
- virtualmachines/portforward
verbs:
- get
- apiGroups:
- subresources.kubevirt.io
resources:
@ -622,6 +746,14 @@ rules:
- virtualmachines/restart
- virtualmachines/addvolume
- virtualmachines/removevolume
- virtualmachines/migrate
- virtualmachines/memorydump
verbs:
- update
- apiGroups:
- subresources.kubevirt.io
resources:
- expand-vm-spec
verbs:
- update
- apiGroups:
@ -657,10 +789,12 @@ rules:
- watch
- deletecollection
- apiGroups:
- flavor.kubevirt.io
- instancetype.kubevirt.io
resources:
- virtualmachineflavors
- virtualmachineclusterflavors
- virtualmachineinstancetypes
- virtualmachineclusterinstancetypes
- virtualmachinepreferences
- virtualmachineclusterpreferences
verbs:
- get
- delete
@ -696,6 +830,7 @@ rules:
resources:
- virtualmachineinstances/console
- virtualmachineinstances/vnc
- virtualmachineinstances/vnc/screenshot
- virtualmachineinstances/guestosinfo
- virtualmachineinstances/filesystemlist
- virtualmachineinstances/userlist
@ -711,16 +846,31 @@ rules:
- virtualmachineinstances/freeze
- virtualmachineinstances/unfreeze
- virtualmachineinstances/softreboot
- virtualmachineinstances/portforward
verbs:
- update
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachines/expand-spec
verbs:
- get
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachines/start
- virtualmachines/stop
- virtualmachines/restart
- virtualmachines/addvolume |
- virtualmachines/addvolume
- virtualmachines/removevolume
- virtualmachines/migrate
- virtualmachines/memorydump
verbs:
- update
- apiGroups:
- subresources.kubevirt.io
resources:
- expand-vm-spec
verbs:
- update
- apiGroups:
@ -754,10 +904,12 @@ rules:
- list
- watch
- apiGroups:
- flavor.kubevirt.io
- instancetype.kubevirt.io
resources:
- virtualmachineflavors
- virtualmachineclusterflavors
- virtualmachineinstancetypes
- virtualmachineclusterinstancetypes
- virtualmachinepreferences
- virtualmachineclusterpreferences
verbs:
- get
- delete
@ -796,11 +948,18 @@ rules:
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachines/expand-spec
- virtualmachineinstances/guestosinfo
- virtualmachineinstances/filesystemlist
- virtualmachineinstances/userlist
verbs:
- get
- apiGroups:
- subresources.kubevirt.io
resources:
- expand-vm-spec
verbs:
- update
- apiGroups:
- kubevirt.io
resources:
@ -824,10 +983,12 @@ rules:
- list
- watch
- apiGroups:
- flavor.kubevirt.io
- instancetype.kubevirt.io
resources:
- virtualmachineflavors
- virtualmachineclusterflavors
- virtualmachineinstancetypes
- virtualmachineclusterinstancetypes
- virtualmachinepreferences
- virtualmachineclusterpreferences
verbs:
- get
- list
@ -860,4 +1021,45 @@ rules:
- subjectaccessreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubevirt.io:operator
labels:
operator.kubevirt.io: ""
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups:
- kubevirt.io
resources:
- kubevirts
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubevirt.io: ""
name: kubevirt-registry-cr
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- list
- watch
- patch
- delete

39
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/clusterrole2.yaml
View File

@ -1,39 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http:#www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Copyright (c) 202 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubevirt.io:operator
labels:
operator.kubevirt.io: ""
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups:
- kubevirt.io
resources:
- kubevirts
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection

37
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/clusterrole3.yaml
View File

@ -1,37 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http:#www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations the License.
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubevirt.io: ""
name: kubevirt-registry-cr
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- list
- watch
- patch
- delete

46
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/deployment.yaml
View File

@ -11,7 +11,7 @@
# limitations under the License.
#
# Copyright (c) 202 Wind River Systems, Inc.
# Copyright (c) 2023 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -24,7 +24,7 @@ metadata:
name: virt-operator
namespace: kubevirt
spec:
replicas: {{ .Values.replicas }}
replicas: {{ .Values.kubevirt.replicas }}
selector:
matchLabels:
kubevirt.io: virt-operator
@ -51,39 +51,49 @@ spec:
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- command:
- virt-operator
- args:
- --port
- "8443"
- -v
- "2"
command:
- virt-operator
env:
- name: OPERATOR_IMAGE
value: {{ .Values.images.tags.virtOperatorImage }}
- name: VIRT_OPERATOR_IMAGE
value: {{ .Values.kubevirt.images.tags.virtOperatorImage }}
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.annotations['olm.targetNamespaces']
image: {{ .Values.images.tags.virtOperatorImage }}
- name: KUBEVIRT_VERSION
value: {{ .Values.kubevirt.kubeVirtVersion }}
image: {{ .Values.kubevirt.images.tags.virtOperatorImage }}
imagePullPolicy: IfNotPresent
name: virt-operator
ports:
- containerPort: {{ .Values.containerPorts.metricsPort }}
- containerPort: {{ .Values.kubevirt.containerPorts.metricsPort }}
name: metrics
protocol: TCP
- containerPort: {{ .Values.containerPorts.webhooksPort }}
- containerPort: {{ .Values.kubevirt.containerPorts.webhooksPort }}
name: webhooks
protocol: TCP
readinessProbe:
httpGet:
path: /metrics
port: {{ .Values.containerPorts.readinessProbePort }}
port: {{ .Values.kubevirt.containerPorts.readinessProbePort }}
scheme: HTTPS
initialDelaySeconds: 5
timeoutSeconds: 10
resources:
requests:
memory: {{ .Values.resources.requests.memory }}
memory: {{ .Values.kubevirt.resources.requests.memory }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /etc/virt-operator/certificates
name: kubevirt-operator-certs
@ -92,23 +102,27 @@ spec:
name: profile-data
initContainers:
- name: virtctl-init-container
image: {{ .Values.images.tags.virtCtlImage }}
image: {{ .Values.kubevirt.images.tags.virtCtlImage }}
imagePullPolicy: IfNotPresent
volumeMounts:
- name: controller-dir
mountPath: /var/opt/
command: ['sh', '-c', "mkdir -p /var/opt/kubevirt/; mv /virtctl-v* /var/opt/kubevirt; chmod 755 /var/opt/kubevirt;"]
command: ['sh', '-c', "mkdir -p /var/opt/kubevirt/; mv /virtctl-v* /var/opt/kubevirt; chmod 755 /var/opt/kubevirt; cp -s /var/opt/kubevirt/virtctl-v* /var/opt/kubevirt/virtctl"]
imagePullSecrets:
- name: {{ .Values.kubevirt.imagePullSecrets }}
priorityClassName: kubevirt-cluster-critical
securityContext:
runAsNonRoot: false
seccompProfile:
type: RuntimeDefault
serviceAccountName: kubevirt-operator
{{- with .Values.tolerations }}
{{- with .Values.kubevirt.tolerations }}
tolerations:
{{ toYaml . | indent 6 }}
{{- end }}
{{- if .Values.nodeSelector }}
{{- if .Values.kubevirt.nodeSelector }}
nodeSelector:
{{ .Values.nodeSelector | toYaml | trim | indent 8 }}
{{ .Values.kubevirt.nodeSelector | toYaml | trim | indent 8 }}
{{- end }}
volumes:
- name: kubevirt-operator-certs

17
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/kubevirt.yaml
View File

@ -22,13 +22,22 @@ metadata:
name: kubevirt
namespace: kubevirt
spec:
certificateRotateStrategy: {}
certificateRotateStrategy:
selfSigned:
ca:
duration: {{ .Values.kubevirt.certificateRotate.ca.duration }}
renewBefore: {{ .Values.kubevirt.certificateRotate.ca.renewBefore }}
server:
duration: {{ .Values.kubevirt.certificateRotate.server.duration }}
renewBefore: {{ .Values.kubevirt.certificateRotate.server.renewBefore }}
configuration:
developerConfiguration:
featureGates: {{ .Values.featureGates }}
useEmulation: {{ .Values.useEmulation }}
featureGates: {{ .Values.kubevirt.featureGates }}
useEmulation: {{ .Values.kubevirt.useEmulation }}
customizeComponents: {}
imagePullPolicy: IfNotPresent
imagePullSecrets:
- name: {{ .Values.kubevirt.imagePullSecrets }}
infra:
replicas: {{ .Values.replicas }}
replicas: {{ .Values.kubevirt.replicas }}
workloadUpdateStrategy: {}

9
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/namespace.yaml
View File

@ -11,7 +11,7 @@
# limitations under the License.
#
# Copyright (c) 202 Wind River Systems, Inc.
# Copyright (c) 2023 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -21,10 +21,7 @@ kind: Namespace
metadata:
labels:
kubevirt.io: ""
app.kubernetes.io/managed-by: Helm
pod-security.kubernetes.io/enforce: "privileged"
app.starlingx.io/component: {{ .Values.kubevirt.componentType }}
annotations:
meta.helm.sh/release-name: kubevirt-app
meta.helm.sh/release-namespace: kubevirt
name: kubevirt
spec:
finalizers:

17
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/role.yaml
View File

@ -46,3 +46,20 @@ rules:
- watch
- patch
- delete
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- create
- get
- list
- watch
- patch
- delete
- apiGroups:
- route.openshift.io
resources:
- routes/custom-host
verbs:
- create

14
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/rolebinding.yaml
View File

@ -31,3 +31,17 @@ subjects:
- kind: ServiceAccount
name: kubevirt-operator
namespace: kubevirt
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubevirt-registry-rolebinding
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt-registry-cr
subjects:
- kind: ServiceAccount
name: kubevirt-operator
namespace: kubevirt

31
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/rolebinding2.yaml
View File

@ -1,31 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http:#www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Copyright (c) 202 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubevirt-registry-rolebinding
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt-registry-cr
subjects:
- kind: ServiceAccount
name: kubevirt-operator
namespace: kubevirt

2
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/templates/serviceaccount.yaml
View File

@ -23,5 +23,3 @@ metadata:
kubevirt.io: ""
name: kubevirt-operator
namespace: kubevirt
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}

123
stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/values.yaml
View File

@ -1,4 +1,4 @@
# Copyright (c) 2022 Wind River Systems, Inc.
# Copyright (c) 2023 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -7,44 +7,87 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
---
replicas: 1
images:
tags:
virtCtlImage: docker.io/starlingx/stx-kubevirt-app:stx.8.0-v0.53.1
virtOperatorImage: quay.io/kubevirt/virt-operator:v0.53.1
virtControllerImage: quay.io/kubevirt/virt-controller:v0.53.1
virtLauncherImage: quay.io/kubevirt/virt-launcher:v0.53.1
virtHandlerImage: quay.io/kubevirt/virt-handler:v0.53.1
virtApiImage: quay.io/kubevirt/virt-api:v0.53.1
cdiOperatorImage: quay.io/kubevirt/cdi-operator:v1.54.0
cdiControlerImage: quay.io/kubevirt/cdi-controller:v1.54.0
cdiImporterImage: quay.io/kubevirt/cdi-importer:v1.54.0
cdiClonerImage: quay.io/kubevirt/cdi-cloner:v1.54.0
cdiApiServerImage: quay.io/kubevirt/cdi-apiserver:v1.54.0
cdiUploadServerImage: quay.io/kubevirt/cdi-uploadserver:v1.54.0
cdiUploadProxyImage: quay.io/kubevirt/cdi-uploadproxy:v1.54.0
# KubeVirt configuration
kubevirt:
kubeVirtVersion: v0.59.0
replicas: 1
componentType: "platform"
certificateRotate:
ca:
duration: 720h
renewBefore: 360h
server:
duration: 720h
renewBefore: 360h
images:
tags:
virtCtlImage: docker.io/starlingx/stx-kubevirt-app:stx.8.0-v0.59.0
virtOperatorImage: quay.io/kubevirt/virt-operator:v0.59.0
virtControllerImage: quay.io/kubevirt/virt-controller:v0.59.0
virtLauncherImage: quay.io/kubevirt/virt-launcher:v0.59.0
virtHandlerImage: quay.io/kubevirt/virt-handler:v0.59.0
virtApiImage: quay.io/kubevirt/virt-api:v0.59.0
imagePullSecrets: default-registry-key
resources:
requests:
memory: 400Mi
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
containerPorts:
metricsPort: 8443
webhooksPort: 8444
readinessProbePort: 8443
imagePullSecrets: default-registry-key
resources:
requests:
memory: 150Mi
nodeSelector: { node-role.kubernetes.io/control-plane: "" }
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
containerPorts:
metricsPort: 8443
webhooksPort: 8444
readinessProbePort: 8443
cdiMetricsPort: 8080
# CDI (Containerized Data Importer) configuration
cdi:
cdiVersion: v1.57.0
replicas: 1
componentType: "platform"
certificateRotate:
ca:
duration: 720h
renewBefore: 360h
server:
duration: 720h
renewBefore: 360h
featureGates:
- HonorWaitForFirstConsumer
images:
tags:
cdiOperatorImage: quay.io/kubevirt/cdi-operator:v1.57.0
cdiControlerImage: quay.io/kubevirt/cdi-controller:v1.57.0
cdiImporterImage: quay.io/kubevirt/cdi-importer:v1.57.0
cdiClonerImage: quay.io/kubevirt/cdi-cloner:v1.57.0
cdiApiServerImage: quay.io/kubevirt/cdi-apiserver:v1.57.0
cdiUploadServerImage: quay.io/kubevirt/cdi-uploadserver:v1.57.0
cdiUploadProxyImage: quay.io/kubevirt/cdi-uploadproxy:v1.57.0
imagePullSecrets: default-registry-key
resources:
requests:
memory: 400Mi
nodeSelector:
node-role.kubernetes.io/control-plane: ""
kubernetes.io/os: linux
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
containerPorts:
metricsPort: 8080
webhooksPort: 8444
readinessProbePort: 8443

3
test-requirements.txt
View File

@ -1,4 +1,3 @@
# hacking pulls in flake8
hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
hacking>=1.1.0,<=2.0.0 # Apache-2.0
bashate >= 0.2
yamllint>=0.5.2

30
tox.ini
View File

@ -1,15 +1,13 @@
[tox]
envlist = linters
minversion = 2.3
minversion = 2.9
skipsdist = True
sitepackages=False
toxhelmdir = {toxinidir}/helm-charts-rendered
[testenv]
stxdir = {toxinidir}
kubevirtdir = {[testenv]stxdir}/
helmdir = {[testenv]kubevirtdir}stx-kubevirt-app-helm/stx-kubevirt-app-helm/helm-charts/kubevirt-app/
install_command = pip install -U {opts} {packages}
install_command = pip install -U \
{opts} {packages} \
-c{env:TOX_CONSTRAINTS_FILE:https://opendev.org/starlingx/root/raw/branch/master/build-tools/requirements/debian/upper-constraints.txt}
setenv =
VIRTUAL_ENV={envdir}
OS_STDOUT_CAPTURE=1
@ -21,6 +19,9 @@ deps =
-r{toxinidir}/test-requirements.txt
allowlist_externals =
bash
passenv =
XDG_CACHE_HOME
[testenv:bashate]
# Treat all E* codes as Errors rather than warnings using: -e 'E*'
@ -31,18 +32,25 @@ commands =
-not -name \*~ \
-not -name \*.md \
-name \*.sh \
-print0 | xargs -r -n 1 -0 bashate -v\
-print0 | xargs -r -n 1 -0 bashate -v \
-e 'E*'"
[testenv:linters]
commands =
{[testenv:bashate]commands}
{[testenv:yamllint]commands}
[testenv:yamllint]
basepython=python3
commands = bash -c "find ./ -iname '*.yaml' -type f -not -name 'metadata.yaml' -print0 | xargs -0 cat | sed 's/\s*\{\{.*\}\}//' | yamllint -d relaxed -f parsable - ;[ $? -eq 0 ] && exit 0 || exit 1"
[testenv:flake8]
basepython = python3
description = Dummy environment to allow flake8 to be run in subdir tox
[testenv:py39]
basepython = python3
description = Dummy environment to allow pylint to be run in subdir tox
[testenv:pylint]
basepython = python3
description = Dummy environment to allow pylint to be run in subdir tox
[testenv:bandit]
basepython = python3
description = Dummy environment to allow bandit to be run in subdir tox