From 7c37fbdf025ae08dd71181cd8c07284b924bebbb Mon Sep 17 00:00:00 2001 From: Jan Schoone Date: Wed, 6 Nov 2024 16:17:27 +0100 Subject: [PATCH 1/4] feat: add helm charts for cso and cspo Signed-off-by: Jan Schoone --- charts/cso/Chart.yaml | 21 ++ charts/cso/templates/_helpers.tpl | 62 +++++ .../templates/cluster-stack-variables.yaml | 27 ++ charts/cso/templates/clusteraddon-crd.yaml | 240 +++++++++++++++++ charts/cso/templates/clusterstack-crd.yaml | 252 ++++++++++++++++++ .../templates/clusterstackrelease-crd.yaml | 208 +++++++++++++++ charts/cso/templates/deployment.yaml | 136 ++++++++++ .../hook-server-extensionconfig.yaml | 16 ++ .../templates/hook-server-server-cert.yaml | 18 ++ charts/cso/templates/hook-server-svc.yaml | 15 ++ .../cso/templates/leader-election-rbac.yaml | 55 ++++ charts/cso/templates/manager-rbac.yaml | 123 +++++++++ charts/cso/templates/selfsigned-issuer.yaml | 8 + charts/cso/templates/serviceaccount.yaml | 9 + charts/cso/templates/serving-cert.yaml | 18 ++ .../validating-webhook-configuration.yaml | 93 +++++++ charts/cso/templates/webhook-service.yaml | 15 ++ charts/cso/values.yaml | 41 +++ charts/cspo/.helmignore | 23 ++ charts/cspo/Chart.yaml | 21 ++ charts/cspo/templates/_helpers.tpl | 62 +++++ .../templates/cluster-stack-variables.yaml | 26 ++ charts/cspo/templates/deployment.yaml | 117 ++++++++ .../cspo/templates/leader-election-rbac.yaml | 59 ++++ charts/cspo/templates/manager-rbac.yaml | 70 +++++ .../cspo/templates/metrics-reader-rbac.yaml | 14 + charts/cspo/templates/metrics-service.yaml | 17 ++ .../openstackclusterstackrelease-crd.yaml | 148 ++++++++++ ...nstackclusterstackreleasetemplate-crd.yaml | 99 +++++++ .../openstacknodeimagerelease-crd.yaml | 205 ++++++++++++++ charts/cspo/templates/proxy-rbac.yaml | 40 +++ charts/cspo/templates/serviceaccount.yaml | 11 + charts/cspo/values.yaml | 64 +++++ 33 files changed, 2333 insertions(+) create mode 100644 charts/cso/Chart.yaml create mode 100644 charts/cso/templates/_helpers.tpl create mode 100644 charts/cso/templates/cluster-stack-variables.yaml create mode 100644 charts/cso/templates/clusteraddon-crd.yaml create mode 100644 charts/cso/templates/clusterstack-crd.yaml create mode 100644 charts/cso/templates/clusterstackrelease-crd.yaml create mode 100644 charts/cso/templates/deployment.yaml create mode 100644 charts/cso/templates/hook-server-extensionconfig.yaml create mode 100644 charts/cso/templates/hook-server-server-cert.yaml create mode 100644 charts/cso/templates/hook-server-svc.yaml create mode 100644 charts/cso/templates/leader-election-rbac.yaml create mode 100644 charts/cso/templates/manager-rbac.yaml create mode 100644 charts/cso/templates/selfsigned-issuer.yaml create mode 100644 charts/cso/templates/serviceaccount.yaml create mode 100644 charts/cso/templates/serving-cert.yaml create mode 100644 charts/cso/templates/validating-webhook-configuration.yaml create mode 100644 charts/cso/templates/webhook-service.yaml create mode 100644 charts/cso/values.yaml create mode 100644 charts/cspo/.helmignore create mode 100644 charts/cspo/Chart.yaml create mode 100644 charts/cspo/templates/_helpers.tpl create mode 100644 charts/cspo/templates/cluster-stack-variables.yaml create mode 100644 charts/cspo/templates/deployment.yaml create mode 100644 charts/cspo/templates/leader-election-rbac.yaml create mode 100644 charts/cspo/templates/manager-rbac.yaml create mode 100644 charts/cspo/templates/metrics-reader-rbac.yaml create mode 100644 charts/cspo/templates/metrics-service.yaml create mode 100644 charts/cspo/templates/openstackclusterstackrelease-crd.yaml create mode 100644 charts/cspo/templates/openstackclusterstackreleasetemplate-crd.yaml create mode 100644 charts/cspo/templates/openstacknodeimagerelease-crd.yaml create mode 100644 charts/cspo/templates/proxy-rbac.yaml create mode 100644 charts/cspo/templates/serviceaccount.yaml create mode 100644 charts/cspo/values.yaml diff --git a/charts/cso/Chart.yaml b/charts/cso/Chart.yaml new file mode 100644 index 00000000..b43e9aea --- /dev/null +++ b/charts/cso/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: cluster-stack-operator +description: A Helm chart for Kubernetes +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" diff --git a/charts/cso/templates/_helpers.tpl b/charts/cso/templates/_helpers.tpl new file mode 100644 index 00000000..4327370b --- /dev/null +++ b/charts/cso/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cso.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cso.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cso.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cso.labels" -}} +helm.sh/chart: {{ include "cso.chart" . }} +{{ include "cso.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cso.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cso.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cso.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "cso.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/cso/templates/cluster-stack-variables.yaml b/charts/cso/templates/cluster-stack-variables.yaml new file mode 100644 index 00000000..c08969aa --- /dev/null +++ b/charts/cso/templates/cluster-stack-variables.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "cso.fullname" . }}-cluster-stack-variables + labels: + cluster.x-k8s.io/provider: cluster-stack-operator + {{- include "cso.labels" . | nindent 4 }} +data: + {{- if eq .Values.controllerManager.manager.source "github" }} + git-access-token: {{ required "clusterStackVariables.gitAccessToken is required" + .Values.clusterStackVariables.gitAccessToken | b64enc | quote }} + git-org-name: {{ required "clusterStackVariables.gitOrgName is required" .Values.clusterStackVariables.gitOrgName + | b64enc | quote }} + git-provider: {{ required "clusterStackVariables.gitProvider is required" .Values.clusterStackVariables.gitProvider + | b64enc | quote }} + git-repo-name: {{ required "clusterStackVariables.gitRepoName is required" .Values.clusterStackVariables.gitRepoName + | b64enc | quote }} + {{- else}} + oci-registry: {{ required "clusterStackVariables.ociRegistry is required" .Values.clusterStackVariables.ociRegistry + | b64enc | quote }} + oci-repository: {{ required "clusterStackVariables.ociRepository is required" .Values.clusterStackVariables.ociRepository + | b64enc | quote }} + oci-username: {{ .Values.clusterStackVariables.ociUsername | b64enc | quote }} + oci-access-token: {{ .Values.clusterStackVariables.ociAccessToken | b64enc | quote }} + oci-password: {{ .Values.clusterStackVariables.ociPassword | b64enc | quote }} + {{- end }} +type: Opaque diff --git a/charts/cso/templates/clusteraddon-crd.yaml b/charts/cso/templates/clusteraddon-crd.yaml new file mode 100644 index 00000000..a7501257 --- /dev/null +++ b/charts/cso/templates/clusteraddon-crd.yaml @@ -0,0 +1,240 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusteraddons.clusterstack.x-k8s.io + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + labels: + cluster.x-k8s.io/provider: cluster-stack-operator + cluster.x-k8s.io/v1beta1: v1beta1 + {{- include "cso.labels" . | nindent 4 }} +spec: + group: clusterstack.x-k8s.io + names: + kind: ClusterAddon + listKind: ClusterAddonList + plural: clusteraddons + shortNames: + - caddon + singular: clusteraddon + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.ownerReferences[?(@.kind=="Cluster")].name + name: Cluster + type: string + - description: Present running hook + jsonPath: .spec.hook + name: Hook + type: string + - jsonPath: .status.ready + name: Ready + type: boolean + - description: Time duration since creation of Cluster Addon + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterAddon is the schema for the clusteraddons API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClusterAddonSpec defines the desired state of a ClusterAddon + object. + properties: + clusterRef: + description: |- + ClusterRef is the reference to the clusterv1.Cluster object that corresponds to the workload cluster where this + controller applies the cluster addons. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + clusterStack: + description: |- + ClusterStack is the full string --- that will be filled with the cluster stack that + the respective cluster uses currently. It always matches cluster.spec.topology.class if the work of this controller is done. + type: string + hook: + description: Hook specifies the runtime hook for the Cluster event. + type: string + version: + description: Version is the version of the cluster addons that have + been applied in the workload cluster. + type: string + required: + - clusterRef + type: object + status: + description: ClusterAddonStatus defines the observed state of ClusterAddon. + properties: + conditions: + description: Conditions define the current service state of the ClusterAddon. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + ready: + default: false + type: boolean + resources: + description: Resources specifies the status of the resources that this + object administrates. + items: + description: Resource defines the status of a resource. + properties: + error: + description: Error specifies the error of the last time this object + has been applied. + type: string + group: + description: Group specifies the group of the object. + type: string + kind: + description: Kind specifies the kind of the object. + type: string + name: + description: Name specifies the name of the object. + type: string + namespace: + description: Namespace specifies the namespace of the object. + type: string + status: + description: Status specifies the status of the object being applied. + type: string + version: + description: Version specifies the version of the object. + type: string + type: object + type: array + stages: + description: Stages shows the state of all stages in the current running + hook. + items: + description: StageStatus represents the helm charts of the hook and + it's phases. + properties: + action: + description: Action is the action of the helm chart. e.g. - apply + and delete. + type: string + name: + description: Name represent name of the helm chart + type: string + phase: + description: Phase is the current phase of the helm chart. + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/charts/cso/templates/clusterstack-crd.yaml b/charts/cso/templates/clusterstack-crd.yaml new file mode 100644 index 00000000..534ea073 --- /dev/null +++ b/charts/cso/templates/clusterstack-crd.yaml @@ -0,0 +1,252 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterstacks.clusterstack.x-k8s.io + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + labels: + cluster.x-k8s.io/provider: cluster-stack-operator + cluster.x-k8s.io/v1beta1: v1beta1 + {{- include "cso.labels" . | nindent 4 }} +spec: + group: clusterstack.x-k8s.io + names: + kind: ClusterStack + listKind: ClusterStackList + plural: clusterstacks + shortNames: + - csk + singular: clusterstack + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.provider + name: Provider + type: string + - jsonPath: .spec.name + name: ClusterStack + type: string + - jsonPath: .spec.kubernetesVersion + name: K8s + type: string + - jsonPath: .spec.channel + name: Channel + type: string + - jsonPath: .spec.autoSubscribe + name: Autosubscribe + type: string + - jsonPath: .status.usableVersions + name: Usable + type: string + - jsonPath: .status.latestRelease + name: Latest + type: string + - description: Time duration since creation of ClusterStack + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterStack is the Schema for the clusterstacks API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClusterStackSpec defines the desired state of ClusterStack. + properties: + autoSubscribe: + default: true + description: AutoSubscribe is a feature where the operator checks automatically + if there are new versions of this cluster stack available. + type: boolean + channel: + default: stable + description: Channel specifies the release channel of the cluster stack. + Defaults to 'stable'. + enum: + - stable + - custom + type: string + kubernetesVersion: + description: KubernetesVersion is the Kubernetes version in the format + '.', e.g. 1.26. + pattern: ^\d\.\d+$ + type: string + name: + description: Name is the name of the cluster stack. + minLength: 1 + type: string + noProvider: + default: false + description: NoProvider indicates if set on true that there is no provider-specific + implementation and operator. + type: boolean + provider: + description: Provider is the name of the cluster stack provider. + minLength: 1 + type: string + providerRef: + description: ProviderRef has to reference the ProviderClusterStackReleaseTemplate + that contains all provider-specific information. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + versions: + description: |- + Versions is a list of version of the cluster stack that should be available in the management cluster. + A version has to have the format 'v', e.g. v1 for stable channel or, v1-alpha.1 for alpha channel. + The versions have to correspond to the channel property. + items: + type: string + type: array + required: + - kubernetesVersion + - name + - provider + type: object + status: + description: ClusterStackStatus defines the observed state of ClusterStack. + properties: + conditions: + description: Conditions provide observations of the operational state + of a Cluster API resource. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + latestRelease: + type: string + summary: + items: + description: ClusterStackReleaseSummary gives the summary of the status + of a ClusterStackRelease object. + properties: + message: + type: string + name: + type: string + phase: + description: ClusterStackReleasePhase is the phase of a ClusterStackRelease + object. + type: string + ready: + type: boolean + required: + - name + - phase + - ready + type: object + type: array + usableVersions: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/charts/cso/templates/clusterstackrelease-crd.yaml b/charts/cso/templates/clusterstackrelease-crd.yaml new file mode 100644 index 00000000..21148512 --- /dev/null +++ b/charts/cso/templates/clusterstackrelease-crd.yaml @@ -0,0 +1,208 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterstackreleases.clusterstack.x-k8s.io + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + labels: + cluster.x-k8s.io/provider: cluster-stack-operator + cluster.x-k8s.io/v1beta1: v1beta1 + {{- include "cso.labels" . | nindent 4 }} +spec: + group: clusterstack.x-k8s.io + names: + kind: ClusterStackRelease + listKind: ClusterStackReleaseList + plural: clusterstackreleases + shortNames: + - cskr + singular: clusterstackrelease + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.kubernetesVersion + name: K8s Version + type: string + - jsonPath: .status.ready + name: Ready + type: boolean + - description: Time duration since creation of ClusterStackRelease + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterStackRelease is the Schema for the clusterstackreleases + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClusterStackReleaseSpec defines the desired state of ClusterStackRelease. + properties: + providerRef: + description: |- + ProviderRef specifies the reference to the ProviderClusterStackRelease object. + It has to be set only if the object exists, i.e. if the noProvider mode is turned off. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + status: + description: ClusterStackReleaseStatus defines the observed state of ClusterStackRelease. + properties: + conditions: + description: Conditions defines current service state of the ClusterAddon. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + kubernetesVersion: + description: |- + KubernetesVersion is the Kubernetes version incl. patch version, e.g. 1.26.6. + The controller fetches the version from the release assets of the cluster stack. + type: string + ready: + default: false + type: boolean + resources: + description: Resources specifies the status of the resources that this + object administrates. + items: + description: Resource defines the status of a resource. + properties: + error: + description: Error specifies the error of the last time this object + has been applied. + type: string + group: + description: Group specifies the group of the object. + type: string + kind: + description: Kind specifies the kind of the object. + type: string + name: + description: Name specifies the name of the object. + type: string + namespace: + description: Namespace specifies the namespace of the object. + type: string + status: + description: Status specifies the status of the object being applied. + type: string + version: + description: Version specifies the version of the object. + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/charts/cso/templates/deployment.yaml b/charts/cso/templates/deployment.yaml new file mode 100644 index 00000000..d8e06dc9 --- /dev/null +++ b/charts/cso/templates/deployment.yaml @@ -0,0 +1,136 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "cso.fullname" . }}-controller-manager + labels: + cluster.x-k8s.io/provider: cluster-stack-operator + control-plane: cso-controller-manager + {{- include "cso.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.controllerManager.replicas }} + selector: + matchLabels: + cluster.x-k8s.io/provider: cluster-stack-operator + control-plane: cso-controller-manager + {{- include "cso.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + cluster.x-k8s.io/provider: cluster-stack-operator + control-plane: cso-controller-manager + {{- include "cso.selectorLabels" . | nindent 8 }} + annotations: + kubectl.kubernetes.io/default-container: manager + spec: + containers: + - args: {{- toYaml .Values.controllerManager.manager.args | nindent 8 }} + command: + - /manager + - -source + - {{ .Values.controllerManager.manager.source }} + env: + {{- if eq .Values.controllerManager.manager.source "github" }} + - name: GIT_PROVIDER + valueFrom: + secretKeyRef: + key: git-provider + name: {{ include "cso.fullname" . }}-cluster-stack-variables + - name: GIT_ORG_NAME + valueFrom: + secretKeyRef: + key: git-org-name + name: {{ include "cso.fullname" . }}-cluster-stack-variables + - name: GIT_REPOSITORY_NAME + valueFrom: + secretKeyRef: + key: git-repo-name + name: {{ include "cso.fullname" . }}-cluster-stack-variables + - name: GIT_ACCESS_TOKEN + valueFrom: + secretKeyRef: + key: git-access-token + name: {{ include "cso.fullname" . }}-cluster-stack-variables + {{- else }} + - name: OCI_REGISTRY + valueFrom: + secretKeyRef: + key: oci-registry + name: {{ include "cso.fullname" . }}-cluster-stack-variables + - name: OCI_REPOSITORY + valueFrom: + secretKeyRef: + key: oci-repository + name: {{ include "cso.fullname" . }}-cluster-stack-variables + - name: OCI_ACCESS_TOKEN + valueFrom: + secretKeyRef: + key: oci-access-token + name: {{ include "cso.fullname" . }}-cluster-stack-variables + - name: OCI_USERNAME + valueFrom: + secretKeyRef: + key: oci-username + name: {{ include "cso.fullname" . }}-cluster-stack-variables + - name: OCI_PASSWORD + valueFrom: + secretKeyRef: + key: oci-password + name: {{ include "cso.fullname" . }}-cluster-stack-variables + {{- end }} + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag + | default .Chart.AppVersion }} + imagePullPolicy: {{ .Values.controllerManager.manager.imagePullPolicy }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: healthz + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: manager + ports: + - containerPort: 9442 + name: hook-server-svc + protocol: TCP + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: healthz + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: {{- toYaml .Values.controllerManager.manager.resources | nindent 10 + }} + volumeMounts: + - mountPath: /tmp/k8s-hook-server/serving-certs + name: hook-server-cert + readOnly: true + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + serviceAccountName: {{ include "cso.fullname" . }}-controller-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: hook-server-cert + secret: + defaultMode: 420 + secretName: cso-hook-server-server-cert + - name: cert + secret: + defaultMode: 420 + secretName: cso-webhook-server-cert diff --git a/charts/cso/templates/hook-server-extensionconfig.yaml b/charts/cso/templates/hook-server-extensionconfig.yaml new file mode 100644 index 00000000..c9e35b35 --- /dev/null +++ b/charts/cso/templates/hook-server-extensionconfig.yaml @@ -0,0 +1,16 @@ +apiVersion: runtime.cluster.x-k8s.io/v1alpha1 +kind: ExtensionConfig +metadata: + name: {{ include "cso.fullname" . }}-hook-server-extensionconfig + labels: + cluster.x-k8s.io/provider: cluster-stack-operator + {{- include "cso.labels" . | nindent 4 }} + annotations: + runtime.cluster.x-k8s.io/inject-ca-from-secret: cso-system/cso-hook-server-server-cert +spec: + clientConfig: + service: + name: {{ include "cso.fullname" . }}-hook-server-svc + namespace: cso-system + port: 443 + namespaceSelector: {} diff --git a/charts/cso/templates/hook-server-server-cert.yaml b/charts/cso/templates/hook-server-server-cert.yaml new file mode 100644 index 00000000..c36e7356 --- /dev/null +++ b/charts/cso/templates/hook-server-server-cert.yaml @@ -0,0 +1,18 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "cso.fullname" . }}-hook-server-server-cert + labels: + {{- include "cso.labels" . | nindent 4 }} +spec: + dnsNames: + - '{{ include "cso.fullname" . }}-hook-server-svc.{{ .Release.Namespace }}.svc' + - '{{ include "cso.fullname" . }}-hook-server-svc.{{ .Release.Namespace }}.svc.{{ + .Values.kubernetesClusterDomain }}' + issuerRef: + kind: Issuer + name: '{{ include "cso.fullname" . }}-selfsigned-issuer' + secretName: cso-hook-server-server-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle \ No newline at end of file diff --git a/charts/cso/templates/hook-server-svc.yaml b/charts/cso/templates/hook-server-svc.yaml new file mode 100644 index 00000000..78a9733c --- /dev/null +++ b/charts/cso/templates/hook-server-svc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "cso.fullname" . }}-hook-server-svc + labels: + cluster.x-k8s.io/provider: cluster-stack-operator + {{- include "cso.labels" . | nindent 4 }} +spec: + type: {{ .Values.hookServerSvc.type }} + selector: + cluster.x-k8s.io/provider: cluster-stack-operator + control-plane: cso-controller-manager + {{- include "cso.selectorLabels" . | nindent 4 }} + ports: + {{- .Values.hookServerSvc.ports | toYaml | nindent 2 }} \ No newline at end of file diff --git a/charts/cso/templates/leader-election-rbac.yaml b/charts/cso/templates/leader-election-rbac.yaml new file mode 100644 index 00000000..a901d4e7 --- /dev/null +++ b/charts/cso/templates/leader-election-rbac.yaml @@ -0,0 +1,55 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "cso.fullname" . }}-leader-election-role + labels: + cluster.x-k8s.io/provider: cluster-stack-operator + {{- include "cso.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "cso.fullname" . }}-leader-election-rolebinding + labels: + cluster.x-k8s.io/provider: cluster-stack-operator + {{- include "cso.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: '{{ include "cso.fullname" . }}-leader-election-role' +subjects: +- kind: ServiceAccount + name: '{{ include "cso.fullname" . }}-controller-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/charts/cso/templates/manager-rbac.yaml b/charts/cso/templates/manager-rbac.yaml new file mode 100644 index 00000000..90197602 --- /dev/null +++ b/charts/cso/templates/manager-rbac.yaml @@ -0,0 +1,123 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "cso.fullname" . }}-manager-role + labels: + cluster.x-k8s.io/provider: cluster-stack-operator + {{- include "cso.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - update + - watch +- apiGroups: + - bootstrap.cluster.x-k8s.io + - cluster.x-k8s.io + - controlplane.cluster.x-k8s.io + - infrastructure.cluster.x-k8s.io + - infrastructure.clusterstack.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get +- apiGroups: + - clusterstack.x-k8s.io + resources: + - clusteraddons + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - clusterstack.x-k8s.io + resources: + - clusteraddons/finalizers + - clusterstackreleases/finalizers + verbs: + - update +- apiGroups: + - clusterstack.x-k8s.io + resources: + - clusteraddons/status + - clusterstackreleases/status + - clusterstacks/status + verbs: + - get + - patch + - update +- apiGroups: + - clusterstack.x-k8s.io + resources: + - clusterstackreleases + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - clusterstack.x-k8s.io + resources: + - clusterstacks + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - clusterstack.x-k8s.io + resources: + - clusterstacks/finalizers + verbs: + - delete + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "cso.fullname" . }}-manager-rolebinding + labels: + cluster.x-k8s.io/provider: cluster-stack-operator + {{- include "cso.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: '{{ include "cso.fullname" . }}-manager-role' +subjects: +- kind: ServiceAccount + name: '{{ include "cso.fullname" . }}-controller-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/charts/cso/templates/selfsigned-issuer.yaml b/charts/cso/templates/selfsigned-issuer.yaml new file mode 100644 index 00000000..91db8b14 --- /dev/null +++ b/charts/cso/templates/selfsigned-issuer.yaml @@ -0,0 +1,8 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ include "cso.fullname" . }}-selfsigned-issuer + labels: + {{- include "cso.labels" . | nindent 4 }} +spec: + selfSigned: {} \ No newline at end of file diff --git a/charts/cso/templates/serviceaccount.yaml b/charts/cso/templates/serviceaccount.yaml new file mode 100644 index 00000000..ee2339a5 --- /dev/null +++ b/charts/cso/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "cso.fullname" . }}-controller-manager + labels: + cluster.x-k8s.io/provider: cluster-stack-operator + {{- include "cso.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.controllerManager.serviceAccount.annotations | nindent 4 }} \ No newline at end of file diff --git a/charts/cso/templates/serving-cert.yaml b/charts/cso/templates/serving-cert.yaml new file mode 100644 index 00000000..123f31bb --- /dev/null +++ b/charts/cso/templates/serving-cert.yaml @@ -0,0 +1,18 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "cso.fullname" . }}-serving-cert + labels: + {{- include "cso.labels" . | nindent 4 }} +spec: + dnsNames: + - '{{ include "cso.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc' + - '{{ include "cso.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc.{{ + .Values.kubernetesClusterDomain }}' + issuerRef: + kind: Issuer + name: '{{ include "cso.fullname" . }}-selfsigned-issuer' + secretName: cso-webhook-server-cert + subject: + organizations: + - k8s-sig-cluster-lifecycle \ No newline at end of file diff --git a/charts/cso/templates/validating-webhook-configuration.yaml b/charts/cso/templates/validating-webhook-configuration.yaml new file mode 100644 index 00000000..30945b8f --- /dev/null +++ b/charts/cso/templates/validating-webhook-configuration.yaml @@ -0,0 +1,93 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: {{ include "cso.fullname" . }}-validating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "cso.fullname" . }}-serving-cert + labels: + {{- include "cso.labels" . | nindent 4 }} +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: '{{ include "cso.fullname" . }}-webhook-service' + namespace: '{{ .Release.Namespace }}' + path: /validate-cluster-x-k8s-io-v1beta1-cluster + failurePolicy: Fail + name: validation.cluster.cluster.x-k8s.io + rules: + - apiGroups: + - cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - clusters + sideEffects: None +- admissionReviewVersions: + - v1 + - v1alpha1 + clientConfig: + service: + name: '{{ include "cso.fullname" . }}-webhook-service' + namespace: '{{ .Release.Namespace }}' + path: /validate-clusterstack-x-k8s-io-v1alpha1-clusteraddon + failurePolicy: Fail + name: validation.clusteraddon.clusterstack.x-k8s.io + rules: + - apiGroups: + - clusterstack.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - clusteraddons + sideEffects: None +- admissionReviewVersions: + - v1 + - v1alpha1 + clientConfig: + service: + name: '{{ include "cso.fullname" . }}-webhook-service' + namespace: '{{ .Release.Namespace }}' + path: /validate-clusterstack-x-k8s-io-v1alpha1-clusterstack + failurePolicy: Fail + name: validation.clusterstack.clusterstack.x-k8s.io + rules: + - apiGroups: + - clusterstack.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - clusterstacks + sideEffects: None +- admissionReviewVersions: + - v1 + - v1alpha1 + clientConfig: + service: + name: '{{ include "cso.fullname" . }}-webhook-service' + namespace: '{{ .Release.Namespace }}' + path: /validate-clusterstack-x-k8s-io-v1alpha1-clusterstackrelease + failurePolicy: Fail + name: validation.clusterstackrelease.clusterstack.x-k8s.io + rules: + - apiGroups: + - clusterstack.x-k8s.io + apiVersions: + - v1alpha1 + operations: + - DELETE + resources: + - clusterstackreleases + sideEffects: None \ No newline at end of file diff --git a/charts/cso/templates/webhook-service.yaml b/charts/cso/templates/webhook-service.yaml new file mode 100644 index 00000000..92351a19 --- /dev/null +++ b/charts/cso/templates/webhook-service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "cso.fullname" . }}-webhook-service + labels: + cluster.x-k8s.io/provider: cluster-stack-operator + {{- include "cso.labels" . | nindent 4 }} +spec: + type: {{ .Values.webhookService.type }} + selector: + cluster.x-k8s.io/provider: cluster-stack-operator + control-plane: cso-controller-manager + {{- include "cso.selectorLabels" . | nindent 4 }} + ports: + {{- .Values.webhookService.ports | toYaml | nindent 2 }} \ No newline at end of file diff --git a/charts/cso/values.yaml b/charts/cso/values.yaml new file mode 100644 index 00000000..4475e598 --- /dev/null +++ b/charts/cso/values.yaml @@ -0,0 +1,41 @@ +clusterStackVariables: + gitAccessToken: "" + gitOrgName: "SovereignCloudStack" + gitProvider: "github" + gitRepoName: "cluster-stacks" + ociAccessToken: "" + ociPassword: "" + ociRegistry: "registry.scs.community" + ociRepository: "registry.scs.community/kaas/cluster-stacks" + ociUsername: "" +controllerManager: + manager: + source: oci + args: + - --leader-elect=true + - --log-level=info + image: + repository: ghcr.io/sovereigncloudstack/cso-staging + tag: sha-c797c2e + imagePullPolicy: Always + resources: + limits: + cpu: 250m + memory: 250Mi + requests: + cpu: 200m + memory: 250Mi + replicas: 1 + serviceAccount: + annotations: {} +hookServerSvc: + ports: + - port: 443 + targetPort: 9442 + type: ClusterIP +kubernetesClusterDomain: cluster.local +webhookService: + ports: + - port: 443 + targetPort: 9443 + type: ClusterIP diff --git a/charts/cspo/.helmignore b/charts/cspo/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/charts/cspo/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/cspo/Chart.yaml b/charts/cspo/Chart.yaml new file mode 100644 index 00000000..221800c1 --- /dev/null +++ b/charts/cspo/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: cluster-stack-provider-openstack +description: A Helm chart for Kubernetes +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" diff --git a/charts/cspo/templates/_helpers.tpl b/charts/cspo/templates/_helpers.tpl new file mode 100644 index 00000000..eba1da90 --- /dev/null +++ b/charts/cspo/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cspo.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cspo.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cspo.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cspo.labels" -}} +helm.sh/chart: {{ include "cspo.chart" . }} +{{ include "cspo.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cspo.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cspo.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cspo.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "cspo.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/cspo/templates/cluster-stack-variables.yaml b/charts/cspo/templates/cluster-stack-variables.yaml new file mode 100644 index 00000000..951dd9f0 --- /dev/null +++ b/charts/cspo/templates/cluster-stack-variables.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "cspo.fullname" . }}-cluster-stack-variables + labels: + {{- include "cspo.labels" . | nindent 4 }} +data: + {{- if eq .Values.controllerManager.manager.source "github" }} + git-access-token: {{ required "clusterStackVariables.gitAccessToken is required" + .Values.clusterStackVariables.gitAccessToken | b64enc | quote }} + git-org-name: {{ required "clusterStackVariables.gitOrgName is required" .Values.clusterStackVariables.gitOrgName + | b64enc | quote }} + git-provider: {{ required "clusterStackVariables.gitProvider is required" .Values.clusterStackVariables.gitProvider + | b64enc | quote }} + git-repo-name: {{ required "clusterStackVariables.gitRepoName is required" .Values.clusterStackVariables.gitRepoName + | b64enc | quote }} + {{- else}} + oci-registry: {{ required "clusterStackVariables.ociRegistry is required" .Values.clusterStackVariables.ociRegistry + | b64enc | quote }} + oci-repository: {{ required "clusterStackVariables.ociRepository is required" .Values.clusterStackVariables.ociRepository + | b64enc | quote }} + oci-username: {{ .Values.clusterStackVariables.ociUsername | b64enc | quote }} + oci-access-token: {{ .Values.clusterStackVariables.ociAccessToken | b64enc | quote }} + oci-password: {{ .Values.clusterStackVariables.ociPassword | b64enc | quote }} + {{- end }} +type: Opaque diff --git a/charts/cspo/templates/deployment.yaml b/charts/cspo/templates/deployment.yaml new file mode 100644 index 00000000..d5a35dff --- /dev/null +++ b/charts/cspo/templates/deployment.yaml @@ -0,0 +1,117 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "cspo.fullname" . }}-controller-manager + labels: + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: cspo + app.kubernetes.io/part-of: cspo + control-plane: controller-manager + {{- include "cspo.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.controllerManager.replicas }} + selector: + matchLabels: + control-plane: controller-manager + {{- include "cspo.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + control-plane: controller-manager + {{- include "cspo.selectorLabels" . | nindent 8 }} + annotations: + kubectl.kubernetes.io/default-container: manager + spec: + containers: + - args: {{- toYaml .Values.controllerManager.manager.args | nindent 8 }} + command: + - /manager + - -source + - {{ .Values.controllerManager.manager.source }} + env: + {{- if eq .Values.controllerManager.manager.source "github" }} + - name: GIT_PROVIDER + valueFrom: + secretKeyRef: + key: git-provider + name: {{ include "cspo.fullname" . }}-cluster-stack-variables + - name: GIT_ORG_NAME + valueFrom: + secretKeyRef: + key: git-org-name + name: {{ include "cspo.fullname" . }}-cluster-stack-variables + - name: GIT_REPOSITORY_NAME + valueFrom: + secretKeyRef: + key: git-repo-name + name: {{ include "cspo.fullname" . }}-cluster-stack-variables + - name: GIT_ACCESS_TOKEN + valueFrom: + secretKeyRef: + key: git-access-token + name: {{ include "cspo.fullname" . }}-cluster-stack-variables + {{- else }} + - name: OCI_REGISTRY + valueFrom: + secretKeyRef: + key: oci-registry + name: {{ include "cspo.fullname" . }}-cluster-stack-variables + - name: OCI_REPOSITORY + valueFrom: + secretKeyRef: + key: oci-repository + name: {{ include "cspo.fullname" . }}-cluster-stack-variables + - name: OCI_ACCESS_TOKEN + valueFrom: + secretKeyRef: + key: oci-access-token + name: {{ include "cspo.fullname" . }}-cluster-stack-variables + - name: OCI_USERNAME + valueFrom: + secretKeyRef: + key: oci-username + name: {{ include "cspo.fullname" . }}-cluster-stack-variables + - name: OCI_PASSWORD + valueFrom: + secretKeyRef: + key: oci-password + name: {{ include "cspo.fullname" . }}-cluster-stack-variables + {{- end }} + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag + | default .Chart.AppVersion }} + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: {{- toYaml .Values.controllerManager.manager.resources | nindent 10 + }} + securityContext: {{- toYaml .Values.controllerManager.manager.containerSecurityContext + | nindent 10 }} + - args: {{- toYaml .Values.controllerManager.kubeRbacProxy.args | nindent 8 }} + env: + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: {{ .Values.controllerManager.kubeRbacProxy.image.repository }}:{{ .Values.controllerManager.kubeRbacProxy.image.tag + | default .Chart.AppVersion }} + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: {{- toYaml .Values.controllerManager.kubeRbacProxy.resources | nindent + 10 }} + securityContext: {{- toYaml .Values.controllerManager.kubeRbacProxy.containerSecurityContext + | nindent 10 }} + serviceAccountName: {{ include "cspo.fullname" . }}-controller-manager + terminationGracePeriodSeconds: 10 diff --git a/charts/cspo/templates/leader-election-rbac.yaml b/charts/cspo/templates/leader-election-rbac.yaml new file mode 100644 index 00000000..049d9253 --- /dev/null +++ b/charts/cspo/templates/leader-election-rbac.yaml @@ -0,0 +1,59 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "cspo.fullname" . }}-leader-election-role + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: cspo + app.kubernetes.io/part-of: cspo + {{- include "cspo.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "cspo.fullname" . }}-leader-election-rolebinding + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: cspo + app.kubernetes.io/part-of: cspo + {{- include "cspo.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: '{{ include "cspo.fullname" . }}-leader-election-role' +subjects: +- kind: ServiceAccount + name: '{{ include "cspo.fullname" . }}-controller-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/charts/cspo/templates/manager-rbac.yaml b/charts/cspo/templates/manager-rbac.yaml new file mode 100644 index 00000000..6af47828 --- /dev/null +++ b/charts/cspo/templates/manager-rbac.yaml @@ -0,0 +1,70 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "cspo.fullname" . }}-manager-role + labels: + {{- include "cspo.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - update + - watch +- apiGroups: + - infrastructure.clusterstack.x-k8s.io + resources: + - openstackclusterstackreleases + - openstacknodeimagereleases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.clusterstack.x-k8s.io + resources: + - openstackclusterstackreleases/finalizers + - openstacknodeimagereleases/finalizers + verbs: + - update +- apiGroups: + - infrastructure.clusterstack.x-k8s.io + resources: + - openstackclusterstackreleases/status + - openstacknodeimagereleases/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "cspo.fullname" . }}-manager-rolebinding + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: cspo + app.kubernetes.io/part-of: cspo + {{- include "cspo.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: '{{ include "cspo.fullname" . }}-manager-role' +subjects: +- kind: ServiceAccount + name: '{{ include "cspo.fullname" . }}-controller-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/charts/cspo/templates/metrics-reader-rbac.yaml b/charts/cspo/templates/metrics-reader-rbac.yaml new file mode 100644 index 00000000..369e8cfd --- /dev/null +++ b/charts/cspo/templates/metrics-reader-rbac.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "cspo.fullname" . }}-metrics-reader + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: cspo + app.kubernetes.io/part-of: cspo + {{- include "cspo.labels" . | nindent 4 }} +rules: +- nonResourceURLs: + - /metrics + verbs: + - get \ No newline at end of file diff --git a/charts/cspo/templates/metrics-service.yaml b/charts/cspo/templates/metrics-service.yaml new file mode 100644 index 00000000..40c52038 --- /dev/null +++ b/charts/cspo/templates/metrics-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "cspo.fullname" . }}-controller-manager-metrics-service + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: cspo + app.kubernetes.io/part-of: cspo + control-plane: controller-manager + {{- include "cspo.labels" . | nindent 4 }} +spec: + type: {{ .Values.metricsService.type }} + selector: + control-plane: controller-manager + {{- include "cspo.selectorLabels" . | nindent 4 }} + ports: + {{- .Values.metricsService.ports | toYaml | nindent 2 }} \ No newline at end of file diff --git a/charts/cspo/templates/openstackclusterstackrelease-crd.yaml b/charts/cspo/templates/openstackclusterstackrelease-crd.yaml new file mode 100644 index 00000000..bba773fe --- /dev/null +++ b/charts/cspo/templates/openstackclusterstackrelease-crd.yaml @@ -0,0 +1,148 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: openstackclusterstackreleases.infrastructure.clusterstack.x-k8s.io + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + labels: + {{- include "cspo.labels" . | nindent 4 }} +spec: + group: infrastructure.clusterstack.x-k8s.io + names: + kind: OpenStackClusterStackRelease + listKind: OpenStackClusterStackReleaseList + plural: openstackclusterstackreleases + shortNames: + - oscsr + singular: openstackclusterstackrelease + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.ready + name: Ready + type: boolean + - description: Time duration since creation of OpenStackClusterStackRelease + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: OpenStackClusterStackRelease is the Schema for the openstackclusterstackreleases + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OpenStackClusterStackReleaseSpec defines the desired state + of OpenStackClusterStackRelease. + properties: + identityRef: + default: + kind: Secret + name: openstack + description: IdentityRef is a reference to a identity to be used when + reconciling this cluster + properties: + kind: + description: |- + Kind of the identity. Must be supported by the infrastructure + provider and may be either cluster or namespace-scoped. + minLength: 1 + type: string + name: + description: |- + Name of the infrastructure identity to be used. + Must be either a cluster-scoped resource, or namespaced-scoped + resource the same namespace as the resource(s) being provisioned. + type: string + required: + - kind + - name + type: object + type: object + status: + description: OpenStackClusterStackReleaseStatus defines the observed state + of OpenStackClusterStackRelease. + properties: + conditions: + description: Conditions defines current service state of the OpenStackClusterStackRelease. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + ready: + default: false + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/charts/cspo/templates/openstackclusterstackreleasetemplate-crd.yaml b/charts/cspo/templates/openstackclusterstackreleasetemplate-crd.yaml new file mode 100644 index 00000000..f9b662be --- /dev/null +++ b/charts/cspo/templates/openstackclusterstackreleasetemplate-crd.yaml @@ -0,0 +1,99 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: openstackclusterstackreleasetemplates.infrastructure.clusterstack.x-k8s.io + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + labels: + {{- include "cspo.labels" . | nindent 4 }} +spec: + group: infrastructure.clusterstack.x-k8s.io + names: + kind: OpenStackClusterStackReleaseTemplate + listKind: OpenStackClusterStackReleaseTemplateList + plural: openstackclusterstackreleasetemplates + shortNames: + - oscsrt + singular: openstackclusterstackreleasetemplate + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OpenStackClusterStackReleaseTemplate is the Schema for the openstackclusterstackreleasetemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OpenStackClusterStackReleaseTemplateSpec defines the desired + state of OpenStackClusterStackReleaseTemplate. + properties: + template: + description: OpenStackClusterStackReleaseTemplateResource describes + the data needed to create a OpenStackClusterStackRelease from a template. + properties: + spec: + description: OpenStackClusterStackReleaseSpec defines the desired + state of OpenStackClusterStackRelease. + properties: + identityRef: + default: + kind: Secret + name: openstack + description: IdentityRef is a reference to a identity to be + used when reconciling this cluster + properties: + kind: + description: |- + Kind of the identity. Must be supported by the infrastructure + provider and may be either cluster or namespace-scoped. + minLength: 1 + type: string + name: + description: |- + Name of the infrastructure identity to be used. + Must be either a cluster-scoped resource, or namespaced-scoped + resource the same namespace as the resource(s) being provisioned. + type: string + required: + - kind + - name + type: object + type: object + required: + - spec + type: object + required: + - template + type: object + status: + description: OpenStackClusterStackReleaseTemplateStatus defines the observed + state of OpenStackClusterStackReleaseTemplate. + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/charts/cspo/templates/openstacknodeimagerelease-crd.yaml b/charts/cspo/templates/openstacknodeimagerelease-crd.yaml new file mode 100644 index 00000000..d36e99ef --- /dev/null +++ b/charts/cspo/templates/openstacknodeimagerelease-crd.yaml @@ -0,0 +1,205 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: openstacknodeimagereleases.infrastructure.clusterstack.x-k8s.io + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + labels: + {{- include "cspo.labels" . | nindent 4 }} +spec: + group: infrastructure.clusterstack.x-k8s.io + names: + kind: OpenStackNodeImageRelease + listKind: OpenStackNodeImageReleaseList + plural: openstacknodeimagereleases + shortNames: + - osnir + singular: openstacknodeimagerelease + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.ready + name: Ready + type: boolean + - description: Time duration since creation of OpenStackNodeImageRelease + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: OpenStackNodeImageRelease is the Schema for the openstacknodeimagereleases + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OpenStackNodeImageReleaseSpec defines the desired state of + OpenStackNodeImageRelease. + properties: + identityRef: + description: IdentityRef is a reference to a identity to be used when + reconciling this cluster + properties: + kind: + description: |- + Kind of the identity. Must be supported by the infrastructure + provider and may be either cluster or namespace-scoped. + minLength: 1 + type: string + name: + description: |- + Name of the infrastructure identity to be used. + Must be either a cluster-scoped resource, or namespaced-scoped + resource the same namespace as the resource(s) being provisioned. + type: string + required: + - kind + - name + type: object + image: + description: Image represents options used to upload an image + properties: + createOpts: + description: CreateOpts represents options used to create an image. + properties: + container_format: + description: |- + ContainerFormat is the format of the + container. Valid values are ami, ari, aki, bare, and ovf. + type: string + disk_format: + description: |- + DiskFormat is the format of the disk. If set, + valid values are ami, ari, aki, vhd, vmdk, raw, qcow2, vdi, + and iso. + type: string + id: + description: Id is the the image ID. + type: string + min_disk: + description: |- + MinDisk is the amount of disk space in + GB that is required to boot the image. + type: integer + min_ram: + description: |- + MinRAM is the amount of RAM in MB that + is required to boot the image. + type: integer + name: + description: Name is the name of the new image. + type: string + os_hidden: + description: Hidden is whether the image is listed in default + image list or not. + type: boolean + protected: + description: protected is whether the image is not deletable. + type: boolean + tags: + description: Tags is a set of image tags. + items: + type: string + type: array + visibility: + description: Visibility defines who can see/use the image. + type: string + required: + - name + type: object + url: + type: string + required: + - createOpts + - url + type: object + required: + - identityRef + - image + type: object + status: + description: OpenStackNodeImageReleaseStatus defines the observed state + of OpenStackNodeImageRelease. + properties: + conditions: + description: Conditions defines current service state of the OpenStackNodeImageRelease. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + ready: + default: false + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/charts/cspo/templates/proxy-rbac.yaml b/charts/cspo/templates/proxy-rbac.yaml new file mode 100644 index 00000000..1ee804ff --- /dev/null +++ b/charts/cspo/templates/proxy-rbac.yaml @@ -0,0 +1,40 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "cspo.fullname" . }}-proxy-role + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: cspo + app.kubernetes.io/part-of: cspo + {{- include "cspo.labels" . | nindent 4 }} +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "cspo.fullname" . }}-proxy-rolebinding + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: cspo + app.kubernetes.io/part-of: cspo + {{- include "cspo.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: '{{ include "cspo.fullname" . }}-proxy-role' +subjects: +- kind: ServiceAccount + name: '{{ include "cspo.fullname" . }}-controller-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/charts/cspo/templates/serviceaccount.yaml b/charts/cspo/templates/serviceaccount.yaml new file mode 100644 index 00000000..d3c647f1 --- /dev/null +++ b/charts/cspo/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "cspo.fullname" . }}-controller-manager + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: cspo + app.kubernetes.io/part-of: cspo + {{- include "cspo.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.controllerManager.serviceAccount.annotations | nindent 4 }} \ No newline at end of file diff --git a/charts/cspo/values.yaml b/charts/cspo/values.yaml new file mode 100644 index 00000000..d84cd062 --- /dev/null +++ b/charts/cspo/values.yaml @@ -0,0 +1,64 @@ +clusterStackVariables: + gitAccessToken: "" + gitOrgName: "SovereignCloudStack" + gitProvider: "github" + gitRepoName: "cluster-stacks" + ociAccessToken: "" + ociPassword: "" + ociRegistry: "registry.scs.community" + ociRepository: "registry.scs.community/kaas/cluster-stacks" + ociUsername: "" +controllerManager: + kubeRbacProxy: + args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + image: + repository: gcr.io/kubebuilder/kube-rbac-proxy + tag: v0.15.0 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + manager: + source: oci + args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + image: + repository: ghcr.io/sovereigncloudstack/cspo + tag: v0.1.0-alpha.5 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + replicas: 1 + serviceAccount: + annotations: {} +kubernetesClusterDomain: cluster.local +metricsService: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + type: ClusterIP From cb230ba60adf6cc8d91997507b8970f8a17fa0d4 Mon Sep 17 00:00:00 2001 From: Jan Schoone Date: Fri, 15 Nov 2024 12:27:27 +0100 Subject: [PATCH 2/4] fix(cspo): name is too long when combined with resources Signed-off-by: Jan Schoone --- charts/cspo/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/cspo/Chart.yaml b/charts/cspo/Chart.yaml index 221800c1..e8266636 100644 --- a/charts/cspo/Chart.yaml +++ b/charts/cspo/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -name: cluster-stack-provider-openstack -description: A Helm chart for Kubernetes +name: cspo +description: Helm Charts to install Cluster Stack Provider Openstack # A chart can be either an 'application' or a 'library' chart. # # Application charts are a collection of templates that can be packaged into versioned archives From 97a6f5fbf149d192c3522c05affd4da3199fc7bb Mon Sep 17 00:00:00 2001 From: Jan Schoone Date: Mon, 25 Nov 2024 21:27:00 +0100 Subject: [PATCH 3/4] chore(helm charts): use short name for cso Signed-off-by: Jan Schoone --- charts/cso/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/cso/Chart.yaml b/charts/cso/Chart.yaml index b43e9aea..f4ef4ac2 100644 --- a/charts/cso/Chart.yaml +++ b/charts/cso/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -name: cluster-stack-operator -description: A Helm chart for Kubernetes +name: cso +description: A Helm chart for Cluster Stack Operator # A chart can be either an 'application' or a 'library' chart. # # Application charts are a collection of templates that can be packaged into versioned archives From 16df42329f216d355fb051f3b06dc66f63e9d745 Mon Sep 17 00:00:00 2001 From: Jan Schoone Date: Fri, 6 Dec 2024 16:19:01 +0100 Subject: [PATCH 4/4] feat(charts): add v0.1.0-alpha.8 as cso image Signed-off-by: Jan Schoone --- charts/cso/Chart.yaml | 2 +- charts/cso/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/cso/Chart.yaml b/charts/cso/Chart.yaml index f4ef4ac2..0c36e276 100644 --- a/charts/cso/Chart.yaml +++ b/charts/cso/Chart.yaml @@ -13,7 +13,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. diff --git a/charts/cso/values.yaml b/charts/cso/values.yaml index 4475e598..50a4b164 100644 --- a/charts/cso/values.yaml +++ b/charts/cso/values.yaml @@ -15,8 +15,8 @@ controllerManager: - --leader-elect=true - --log-level=info image: - repository: ghcr.io/sovereigncloudstack/cso-staging - tag: sha-c797c2e + repository: ghcr.io/sovereigncloudstack/cso + tag: v0.1.0-alpha.8 imagePullPolicy: Always resources: limits: