amkartashov/gf-k8s
1
0
Fork 0
mirror of https://github.com/amkartashov/gf-k8s.git synced 2026-01-10 17:39:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

kubevirt: install 0.30.2

Browse source
This commit is contained in:
Andrey Kartashov 2020-06-30 18:00:06 +07:00
parent 9eaa8acdb3
commit 2f7de25e8d
6 changed files with 746 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apps/system/kubevirt/.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
requirements.lock
charts/

2
apps/system/kubevirt/Chart.yaml Normal file
View file

@ -0,0 +1,2 @@
name: kubevirt
version: 0.1

9
apps/system/kubevirt/templates/kubevirt-cr.yaml Normal file
View file

@ -0,0 +1,9 @@
---
apiVersion: kubevirt.io/v1alpha3
kind: KubeVirt
metadata:
name: kubevirt
namespace: kubevirt
spec:
certificateRotateStrategy: {}
imagePullPolicy: IfNotPresent

710
apps/system/kubevirt/templates/kubevirt-operator.yaml Normal file
View file

@ -0,0 +1,710 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
operator.kubevirt.io: ""
name: kubevirts.kubevirt.io
spec:
additionalPrinterColumns:
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
- JSONPath: .status.phase
name: Phase
type: string
group: kubevirt.io
names:
categories:
- all
kind: KubeVirt
plural: kubevirts
shortNames:
- kv
- kvs
singular: kubevirt
scope: Namespaced
version: v1alpha3
versions:
- name: v1alpha3
served: true
storage: true
---
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: kubevirt-cluster-critical
value: 1000000000
globalDefault: false
description: "This priority class should be used for core kubevirt components only."
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubevirt.io:operator
labels:
operator.kubevirt.io: ""
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups:
- kubevirt.io
resources:
- kubevirts
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
kubevirt.io: ""
name: kubevirt-operator
namespace: kubevirt
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
kubevirt.io: ""
name: kubevirt-operator
namespace: kubevirt
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- list
- watch
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- get
- list
- watch
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
kubevirt.io: ""
name: kubevirt-operator-rolebinding
namespace: kubevirt
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubevirt-operator
subjects:
- kind: ServiceAccount
name: kubevirt-operator
namespace: kubevirt
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubevirt.io: ""
name: kubevirt-operator
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- update
- apiGroups:
- kubevirt.io
resources:
- kubevirts
verbs:
- get
- list
- watch
- patch
- update
- patch
- apiGroups:
- ""
resources:
- serviceaccounts
- services
- endpoints
- pods/exec
verbs:
- get
- list
- watch
- create
- update
- delete
- patch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- patch
- delete
- apiGroups:
- batch
resources:
- jobs
verbs:
- get
- list
- watch
- create
- delete
- patch
- apiGroups:
- apps
resources:
- deployments
- daemonsets
verbs:
- get
- list
- watch
- create
- delete
- patch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
- clusterrolebindings
- roles
- rolebindings
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- create
- delete
- patch
- apiGroups:
- security.openshift.io
resources:
- securitycontextconstraints
verbs:
- create
- get
- list
- watch
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- get
- patch
- update
- apiGroups:
- security.openshift.io
resourceNames:
- kubevirt-handler
- kubevirt-controller
resources:
- securitycontextconstraints
verbs:
- get
- list
- watch
- update
- delete
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- get
- list
- watch
- create
- delete
- update
- patch
- apiGroups:
- apiregistration.k8s.io
resources:
- apiservices
verbs:
- get
- list
- watch
- create
- delete
- update
- patch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
- prometheusrules
verbs:
- get
- list
- watch
- create
- delete
- update
- patch
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachines/start
- virtualmachines/stop
- virtualmachines/restart
verbs:
- put
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- patch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- delete
- patch
- apiGroups:
- kubevirt.io
resources:
- virtualmachines
- virtualmachineinstances
verbs:
- get
- list
- watch
- patch
- apiGroups:
- kubevirt.io
resources:
- virtualmachineinstancemigrations
verbs:
- create
- get
- list
- watch
- patch
- apiGroups:
- kubevirt.io
resources:
- virtualmachineinstancepresets
verbs:
- watch
- list
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- limitranges
verbs:
- watch
- list
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- get
- list
- watch
- delete
- create
- patch
- apiGroups:
- ""
resources:
- pods
- configmaps
- endpoints
verbs:
- get
- list
- watch
- delete
- update
- create
- apiGroups:
- ""
resources:
- events
verbs:
- update
- create
- patch
- apiGroups:
- ""
resources:
- pods/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- apiGroups:
- kubevirt.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- cdi.kubevirt.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- k8s.cni.cncf.io
resources:
- network-attachment-definitions
verbs:
- get
- list
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- kubevirt.io
resources:
- virtualmachineinstances
verbs:
- update
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- subresources.kubevirt.io
resources:
- version
verbs:
- get
- list
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/console
- virtualmachineinstances/vnc
- virtualmachineinstances/pause
- virtualmachineinstances/unpause
verbs:
- get
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachines/start
- virtualmachines/stop
- virtualmachines/restart
verbs:
- update
- apiGroups:
- kubevirt.io
resources:
- virtualmachines
- virtualmachineinstances
- virtualmachineinstancepresets
- virtualmachineinstancereplicasets
- virtualmachineinstancemigrations
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/console
- virtualmachineinstances/vnc
- virtualmachineinstances/pause
- virtualmachineinstances/unpause
verbs:
- get
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachines/start
- virtualmachines/stop
- virtualmachines/restart
verbs:
- update
- apiGroups:
- kubevirt.io
resources:
- virtualmachines
- virtualmachineinstances
- virtualmachineinstancepresets
- virtualmachineinstancereplicasets
- virtualmachineinstancemigrations
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- apiGroups:
- kubevirt.io
resources:
- virtualmachines
- virtualmachineinstances
- virtualmachineinstancepresets
- virtualmachineinstancereplicasets
- virtualmachineinstancemigrations
verbs:
- get
- list
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
kubevirt.io: ""
name: kubevirt-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt-operator
subjects:
- kind: ServiceAccount
name: kubevirt-operator
namespace: kubevirt
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
kubevirt.io: virt-operator
name: virt-operator
namespace: kubevirt
spec:
replicas: 2
selector:
matchLabels:
kubevirt.io: virt-operator
strategy:
type: RollingUpdate
template:
metadata:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ""
labels:
kubevirt.io: virt-operator
prometheus.kubevirt.io: ""
name: virt-operator
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: kubevirt.io
operator: In
values:
- virt-operator
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- command:
- virt-operator
- --port
- "8443"
- -v
- "2"
env:
- name: OPERATOR_IMAGE
value: index.docker.io/kubevirt/virt-operator@sha256:7338d1812a1f2e44b832b83cf35fc6085de0a1ac385f730a1a779a69872bebb4
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.annotations['olm.targetNamespaces']
- name: KUBEVIRT_VERSION
value: v0.30.2
- name: VIRT_API_SHASUM
value: sha256:aeac5f2d7a99472e7fc456d3abed26c2fd9c824562574ca54e12ced49de9d4f7
- name: VIRT_CONTROLLER_SHASUM
value: sha256:c477e3fcc3ffeeb2fac6ca19e6bf9ea75062ae69d3d19978839695e0f2412f94
- name: VIRT_HANDLER_SHASUM
value: sha256:37e2939cb64e902e153298c7a775c3d2d3fd455ed8cae0c2c312f8b723bd83fb
- name: VIRT_LAUNCHER_SHASUM
value: sha256:a04cd4d173d3071a49cf32a94899c1a465674e488c30853d7ee54c52951d9121
image: index.docker.io/kubevirt/virt-operator@sha256:7338d1812a1f2e44b832b83cf35fc6085de0a1ac385f730a1a779a69872bebb4
imagePullPolicy: IfNotPresent
name: virt-operator
ports:
- containerPort: 8443
name: metrics
protocol: TCP
- containerPort: 8444
name: webhooks
protocol: TCP
readinessProbe:
httpGet:
path: /metrics
port: 8443
scheme: HTTPS
initialDelaySeconds: 5
timeoutSeconds: 10
resources: {}
volumeMounts:
- mountPath: /etc/virt-operator/certificates
name: kubevirt-operator-certs
readOnly: true
priorityClassName: kubevirt-cluster-critical
securityContext:
runAsNonRoot: true
serviceAccountName: kubevirt-operator
tolerations:
- key: CriticalAddonsOnly
operator: Exists
volumes:
- name: kubevirt-operator-certs
secret:
optional: true
secretName: kubevirt-operator-certs

19
main/apps/kubevirt.yaml Normal file
View file

@ -0,0 +1,19 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kubevirt
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: kubevirt
server: https://kubernetes.default.svc
project: default
source:
path: apps/system/kubevirt
repoURL: git@github.com:gorilych/gf-k8s
syncPolicy:
automated:
prune: true
selfHeal: true

4
main/namespaces/kubevirt.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: kubevirt