diff --git a/apps/services/macosx.yaml b/apps/services/macosx.yaml new file mode 100644 index 0000000..ed41065 --- /dev/null +++ b/apps/services/macosx.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: macosx +spec: + serviceName: macosx + replicas: 1 + selector: + matchLabels: + app: macosx + template: + metadata: + labels: + app: macosx + spec: + volumes: + - name: backingimage + hostPath: + path: /data/macosx + type: + containers: + - name: macosx + image: cleafy/sxkdvm + volumeMounts: + - name: backingimage + mountPath: /backing + ports: + - containerPort: 2222 + name: ssh + - containerPort: 5800 + name: vnc1 + - containerPort: 5900 + name: vnc2 + securityContext: + privileged: true + diff --git a/apps/services/sshct.yaml b/apps/services/sshct.yaml index e949693..4c8b0e1 100644 --- a/apps/services/sshct.yaml +++ b/apps/services/sshct.yaml @@ -25,6 +25,10 @@ spec: hostPath: path: /var/run/docker.sock type: Socket + - name: kvm + hostPath: + path: /dev/kvm + type: CharDevice #- name: gorilychrume # hostPath: # path: /data/gorilych.ru/me @@ -47,6 +51,8 @@ spec: name: home - mountPath: /var/run/docker.sock name: dockersock + - mountPath: /dev/kvm + name: kvm #- mountPath: /home/www/me # name: gorilychrume --- diff --git a/apps/system/kubevirt/README.md b/apps/system/kubevirt/README.md new file mode 100644 index 0000000..3339cab --- /dev/null +++ b/apps/system/kubevirt/README.md @@ -0,0 +1,7 @@ +Resources: + +``` +$ export RELEASE=v0.23.0 +$ wget -c https://github.com/kubevirt/kubevirt/releases/download/${RELEASE}/kubevirt-operator.yaml +$ wget -c https://github.com/kubevirt/kubevirt/releases/download/${RELEASE}/kubevirt-cr.yaml +``` diff --git a/apps/system/kubevirt/kubevirt-cr.yaml b/apps/system/kubevirt/kubevirt-cr.yaml new file mode 100644 index 0000000..0208bb8 --- /dev/null +++ b/apps/system/kubevirt/kubevirt-cr.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kubevirt.io/v1alpha3 +kind: KubeVirt +metadata: + name: kubevirt + namespace: kubevirt +spec: + imagePullPolicy: IfNotPresent diff --git a/apps/system/kubevirt/kubevirt-operator.yaml b/apps/system/kubevirt/kubevirt-operator.yaml new file mode 100644 index 0000000..cf2189d --- /dev/null +++ b/apps/system/kubevirt/kubevirt-operator.yaml @@ -0,0 +1,629 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + kubevirt.io: "" + name: kubevirt +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + operator.kubevirt.io: "" + name: kubevirts.kubevirt.io +spec: + additionalPrinterColumns: + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.phase + name: Phase + type: string + group: kubevirt.io + names: + categories: + - all + kind: KubeVirt + plural: kubevirts + shortNames: + - kv + - kvs + singular: kubevirt + scope: Namespaced + version: v1alpha3 + versions: + - name: v1alpha3 + served: true + storage: true + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubevirt.io:operator + labels: + operator.kubevirt.io: "" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + kubevirt.io: "" + name: kubevirt-operator + namespace: kubevirt +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + kubevirt.io: "" + name: kubevirt-operator +rules: +- apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - watch + - patch + - update + - patch +- apiGroups: + - "" + resources: + - serviceaccounts + - services + - endpoints + - pods/exec + verbs: + - get + - list + - watch + - create + - update + - delete + - patch +- apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - delete + - patch +- apiGroups: + - apps + resources: + - deployments + - daemonsets + verbs: + - get + - list + - watch + - create + - delete + - patch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - get + - list + - watch + - create + - delete + - patch + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - delete + - patch +- apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - create + - get + - list + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - get + - patch + - update +- apiGroups: + - security.openshift.io + resourceNames: + - kubevirt-handler + - kubevirt-controller + resources: + - securitycontextconstraints + verbs: + - get + - list + - watch + - update + - delete +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - list + - watch + - create + - delete + - update + - patch +- apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/start + - virtualmachines/stop + - virtualmachines/restart + verbs: + - put +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - create + - update +- apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - create + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +- apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + verbs: + - get + - list + - watch + - patch +- apiGroups: + - kubevirt.io + resources: + - virtualmachineinstancemigrations + verbs: + - create + - get + - list + - watch + - patch +- apiGroups: + - kubevirt.io + resources: + - virtualmachineinstancepresets + verbs: + - watch + - list +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - limitranges + verbs: + - watch + - list +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - delete + - update + - create +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - delete + - create + - patch +- apiGroups: + - "" + resources: + - pods + - configmaps + - endpoints + verbs: + - get + - list + - watch + - delete + - update + - create +- apiGroups: + - "" + resources: + - events + verbs: + - update + - create + - patch +- apiGroups: + - "" + resources: + - pods/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - kubevirt.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - cdi.kubevirt.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - kubevirt.io + resources: + - virtualmachineinstances + verbs: + - update + - list + - watch +- apiGroups: + - "" + resources: + - secrets + - persistentvolumeclaims + verbs: + - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +- apiGroups: + - subresources.kubevirt.io + resources: + - version + verbs: + - get + - list +- apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachineinstances/console + - virtualmachineinstances/vnc + verbs: + - get +- apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/start + - virtualmachines/stop + - virtualmachines/restart + verbs: + - update +- apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + - virtualmachineinstancepresets + - virtualmachineinstancereplicasets + - virtualmachineinstancemigrations + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection +- apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachineinstances/console + - virtualmachineinstances/vnc + verbs: + - get +- apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/start + - virtualmachines/stop + - virtualmachines/restart + verbs: + - update +- apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + - virtualmachineinstancepresets + - virtualmachineinstancereplicasets + - virtualmachineinstancemigrations + verbs: + - get + - delete + - create + - update + - patch + - list + - watch +- apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + - virtualmachineinstancepresets + - virtualmachineinstancereplicasets + - virtualmachineinstancemigrations + verbs: + - get + - list + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + kubevirt.io: "" + name: kubevirt-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubevirt-operator +subjects: +- kind: ServiceAccount + name: kubevirt-operator + namespace: kubevirt + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + kubevirt.io: virt-operator + name: virt-operator + namespace: kubevirt +spec: + replicas: 2 + selector: + matchLabels: + kubevirt.io: virt-operator + strategy: + type: RollingUpdate + template: + metadata: + annotations: + scheduler.alpha.kubernetes.io/critical-pod: "" + scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly","operator":"Exists"}]' + labels: + kubevirt.io: virt-operator + prometheus.kubevirt.io: "" + name: virt-operator + spec: + containers: + - command: + - virt-operator + - --port + - "8443" + - -v + - "2" + env: + - name: OPERATOR_IMAGE + value: index.docker.io/kubevirt/virt-operator@sha256:7a77494d1d263ad0457faaf3f3a7490b1133817faca458fd93394adc348f8d1d + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: KUBEVIRT_VERSION + value: v0.23.0 + - name: VIRT_API_SHASUM + value: sha256:749faa249c612d582d9188b70ca4e4c47cc2971c4aad18ec47b213976f84b807 + - name: VIRT_CONTROLLER_SHASUM + value: sha256:0ae48094bba096f1f31fc8141f67a5fe6ad9601bf1e27e40ea9109edb8c21419 + - name: VIRT_HANDLER_SHASUM + value: sha256:2f752f1c99688250d687eb8b84b2d2784c6c14ce88451341d8960fc3549c1eae + - name: VIRT_LAUNCHER_SHASUM + value: sha256:a776ee4a4159e37c20a763b7cc25848feb894c5a56de3b0616e202e7d4d06539 + image: index.docker.io/kubevirt/virt-operator@sha256:7a77494d1d263ad0457faaf3f3a7490b1133817faca458fd93394adc348f8d1d + imagePullPolicy: IfNotPresent + name: virt-operator + ports: + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /metrics + port: 8443 + scheme: HTTPS + initialDelaySeconds: 5 + timeoutSeconds: 10 + resources: {} + securityContext: + runAsNonRoot: true + serviceAccountName: kubevirt-operator diff --git a/apps/system/kubevirt/namespace.yaml b/apps/system/kubevirt/namespace.yaml new file mode 100644 index 0000000..81bbb04 --- /dev/null +++ b/apps/system/kubevirt/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kubevirt diff --git a/vm.yaml b/vm.yaml new file mode 100644 index 0000000..e3ae9f2 --- /dev/null +++ b/vm.yaml @@ -0,0 +1,37 @@ +apiVersion: kubevirt.io/v1alpha3 +kind: VirtualMachine +metadata: + name: testvm +spec: + running: false + template: + metadata: + labels: + kubevirt.io/size: small + kubevirt.io/domain: testvm + spec: + domain: + devices: + disks: + - name: containerdisk + disk: + bus: virtio + - name: cloudinitdisk + disk: + bus: virtio + interfaces: + - name: default + bridge: {} + resources: + requests: + memory: 64M + networks: + - name: default + pod: {} + volumes: + - name: containerdisk + containerDisk: + image: kubevirt/cirros-registry-disk-demo + - name: cloudinitdisk + cloudInitNoCloud: + userDataBase64: SGkuXG4=