diff --git a/.codecov.yml b/.codecov.yml index d3ef0bef..9f9cd982 100644 --- a/.codecov.yml +++ b/.codecov.yml @@ -11,6 +11,7 @@ coverage: if_ci_failed: error # https://docs.codecov.com/docs/ignoring-paths ignore: + - "charts" - "config" - "docs" - "examples" diff --git a/.gitattributes b/.gitattributes index 54d2e5a6..c15b8a0e 100644 --- a/.gitattributes +++ b/.gitattributes @@ -2,3 +2,4 @@ zz_generated* linguist-generated=true pkg/client linguist-generated=true config/crds/bases/core_kubeadmiral_io/*.yaml linguist-generated=true config/crds/bases/multicluster_x-k8s_io/*.yaml linguist-generated=true +charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/*.yaml linguist-generated=true diff --git a/charts/kubeadmiral/.helmignore b/charts/kubeadmiral/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/charts/kubeadmiral/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/kubeadmiral/Chart.yaml b/charts/kubeadmiral/Chart.yaml new file mode 100644 index 00000000..e0fc95da --- /dev/null +++ b/charts/kubeadmiral/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: kubeadmiral +description: A Helm chart for kubeadmiral + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.0.0" diff --git a/charts/kubeadmiral/README.md b/charts/kubeadmiral/README.md new file mode 100644 index 00000000..5288128b --- /dev/null +++ b/charts/kubeadmiral/README.md @@ -0,0 +1,106 @@ +## Installation KubeAdmiral by Helm Chart + +### Prerequisites + +Make sure the following tools are installed in the environment before installing KubeAdmiral: + +- Kubernetes cluster version v1.20.15+ +- [Helm](https://helm.sh/) version v3+ +- [Kubectl](https://github.com/kubernetes/kubectl) version v0.20.15+ + +### Installation steps + +If you already have a Kubernetes cluster, you can install the KubeAdmiral control plane on your cluster using the helm chart. To install KubeAdmiral, follow these steps: + +1.Get the Chart package for KubeAdmiral and install it: + +Get the Chart package locally and install it. + +```Bash +$ git clone https://github.com/kubewharf/kubeadmiral + +$ cd kubeadmiral + +$ helm install kubeadmiral -n kubeadmiral-system --create-namespace --dependency-update ./charts/kubeadmiral +``` + +2.Wait and check if the package has been installed successfully + +Use your Kubernetes cluster kubeconfig to see if the following components of KubeAdmiral have been successfully running: + +```Bash +$ kubectl get pods -n kubeadmiral-system + +NAME READY STATUS RESTARTS AGE +etcd-0 1/1 Running 0 13h +kubeadmiral-apiserver-5767cd4f56-gvnqq 1/1 Running 0 13h +kubeadmiral-controller-manager-5f598574c9-zjmf9 1/1 Running 0 13h +kubeadmiral-hpa-aggregator-59ccd7b484-phbr6 2/2 Running 0 13h +kubeadmiral-kube-controller-manager-6bd7dcf67-2zpqw 1/1 Running 2 (13h ago) 13h +``` + +3.Export the kubeconfig of KubeAdmiral + +After executing the following command, the kubeconfig for connecting to KubeAdmiral will be exported to the kubeadmiral-kubeconfig file. + +> Note that the address in the kubeconfig is set to the internal service address of KubeAdmiral-apiserver: + +```Bash +$ kubectl get secret -n kubeadmiral-system kubeadmiral-kubeconfig-secret -o jsonpath={.data.kubeconfig} | base64 -d > kubeadmiral-kubeconfig +``` + +If you specified an external address when installing KubeAdmiral, we will automatically generate a kubeconfig using the external address. You can export it to the external-kubeadmiral-kubeconfig file by running the following command: + +```Bash +$ kubectl get secret -n kubeadmiral-system kubeadmiral-kubeconfig-secret -o jsonpath={.data.external-kubeconfig} | base64 -d > external-kubeadmiral-kubeconfig +``` + +### Uninstallation steps + +Uninstall the KubeAdmiral Helm chart in the kubeadmiral-system namespace: + +```Bash +$ helm uninstall -n kubeadmiral-system kubeadmiral +``` + +This command will delete all Kubernetes resources associated with the Chart: + +> Note: The following permissions and namespace resources are relied on when installing and uninstalling helmchart, so they cannot be deleted automatically and require you to clean them up manually. + +```Bash +$ kubectl delete clusterrole kubeadmiral-pre-install-job + +$ kubectl delete clusterrolebinding kubeadmiral-pre-install-job + +$ kubectl delete ns kubeadmiral-system +``` + +### Configuration parameters + +| Name | Description | Default Value | +| --------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ | +| clusterDomain | Default cluster domain of Kubernetes cluster | "cluster.local" | +| etcd.image.name | Image name used by KubeAdmiral etcd | "registry.k8s.io/etcd:3.4.13-0" | +| etcd.image.pullPolicy | Pull mode of etcd image | "IfNotPresent" | +| etcd.certHosts | Hosts accessible with etcd certificate | ["kubernetes.default.svc", ".etcd.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}", "*.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}", "*.{{ .Release.Namespace }}.svc", "localhost", "127.0.0.1"] | +| apiServer.image.name | Image name of kubeadmiral-apiserver | "registry.k8s.io/kube-apiserver:v1.20.15" | +| apiServer.image.pullPolicy | Pull mode of kubeadmiral-apiserver image | "IfNotPresent" | +| apiServer.certHosts | Hosts supported by kubeadmiral-apiserver certificate | ["kubernetes.default.svc", ".etcd.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}", "*.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}", "*.{{ .Release.Namespace }}.svc", "localhost", "127.0.0.1"] | +| apiServer.hostNetwork | Deploy kubeadmiral-apiserver with hostNetwork. If there are multiple kubeadmirals in one cluster, you'd better set it to "false" | "false" | +| apiServer.serviceType | Service type of kubeadmiral-apiserver | "ClusterIP" | +| apiServer.externalIP | Exposed IP of kubeadmiral-apiserver. If you want to expose the apiserver to the outside, you can set this field, which will write the external IP into the certificate and generate a kubeconfig with the external IP. | "" | +| apiServer.nodePort | Node port used for the 'apiserver'. This will take effect when 'apiServer.serviceType' is set to 'NodePort'. If no port is specified, a node port will be automatically assigned. | 0 | +| apiServer.certHosts | Hosts supported by the kubeadmiral-apiserver certificate | ["kubernetes.default.svc", ".etcd.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}", "*.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}", "*.{{ .Release.Namespace }}.svc", "localhost", "127.0.0.1", "{{ .Values.apiServer.externalIP }}"] | +| kubeControllerManager.image.name | Image name of kube-controller-manager | "registry.k8s.io/kube-controller-manager:v1.20.15" | +| kubeControllerManager.image.pullPolicy | Pull mode of kube-controller-manager image | "IfNotPresent" | +| kubeControllerManager.controllers | Controllers that kube-controller-manager component needs to start | "namespace,garbagecollector" | +| kubeadmiralControllerManager.image.name | Image name of kubeadmiral-controller-manager | "docker.io/kubewharf/kubeadmiral-controller-manager:v1.0.0" | +| kubeadmiralControllerManager.image.pullPolicy | Pull mode of kubeadmiral-controller-manager image | "IfNotPresent" | +| kubeadmiralControllerManager.extraCommandArgs | Additional startup parameters of kubeadmiral-controller-manager | {} | +| kubeadmiralHpaAggregator.image.name | Image name of kubeadmiral-hpa-aggregator | "docker.io/kubewharf/kubeadmiral-hpa-aggregator:v1.0.0" | +| kubeadmiralHpaAggregator.image.pullPolicy | Pull mode of kubeadmiral-hpa-aggregator image | "IfNotPresent" | +| kubeadmiralHpaAggregator.extraCommandArgs | Additional startup parameters of kubeadmiral-hpa-aggregator | {} | +| installTools.cfssl.image.name | cfssl image name for KubeAdmiral installer | "docker.io/cfssl/cfssl:latest" | +| installTools.cfssl.image.pullPolicy | cfssl image pull policy | "IfNotPresent" | +| installTools.kubectl.image.name | kubectl image name for KubeAdmiral installer | "docker.io/bitnami/kubectl:1.22.10" | +| installTools.kubectl.image.pullPolicy | kubectl image pull policy | "IfNotPresent" | diff --git a/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_clustercollectedstatuses.yaml b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_clustercollectedstatuses.yaml new file mode 100644 index 00000000..5ed6d579 --- /dev/null +++ b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_clustercollectedstatuses.yaml @@ -0,0 +1,62 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + kubeadmiral.io/no-federated-resource: "true" + creationTimestamp: null + name: clustercollectedstatuses.core.kubeadmiral.io +spec: + group: core.kubeadmiral.io + names: + kind: ClusterCollectedStatus + listKind: ClusterCollectedStatusList + plural: clustercollectedstatuses + shortNames: + - ccs + singular: clustercollectedstatus + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterCollectedStatus stores the collected fields of Kubernetes objects from member clusters, that are propagated by a ClusterFederatedObject. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + clusters: + description: Clusters is the list of member clusters and collected fields for its propagated Kubernetes object. + items: + description: CollectedFieldsWithCluster stores the collected fields of a Kubernetes object in a member cluster. + properties: + cluster: + description: Cluster is the name of the member cluster. + type: string + collectedFields: + description: CollectedFields is the the set of fields collected for the Kubernetes object. + x-kubernetes-preserve-unknown-fields: true + error: + description: Error records any errors encountered while collecting fields from the cluster. + type: string + required: + - cluster + - collectedFields + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + lastUpdateTime: + description: LastUpdateTime is the last time that a collection was performed. + format: date-time + type: string + metadata: + type: object + required: + - clusters + - lastUpdateTime + type: object + served: true + storage: true diff --git a/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_clusterfederatedobjects.yaml b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_clusterfederatedobjects.yaml new file mode 100644 index 00000000..f1fe763c --- /dev/null +++ b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_clusterfederatedobjects.yaml @@ -0,0 +1,187 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + kubeadmiral.io/no-federated-resource: "true" + creationTimestamp: null + name: clusterfederatedobjects.core.kubeadmiral.io +spec: + group: core.kubeadmiral.io + names: + kind: ClusterFederatedObject + listKind: ClusterFederatedObjectList + plural: clusterfederatedobjects + shortNames: + - cfo + singular: clusterfederatedobject + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterFederatedObject describes a cluster-scoped Kubernetes object and how it should be propagated to different member clusters. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired behavior of the FederatedObject. + properties: + follows: + description: Follows defines other objects, or "leaders", that the Kubernetes object should follow during propagation, i.e. the Kubernetes object should be propagated to all member clusters that its "leaders" are placed in. + items: + description: LeaderReference contains the identifying metadata of a "leader" Kubernetes object. + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + type: array + overrides: + description: Overrides describe the overrides that should be applied to the base template of the Kubernetes object before it is propagated to individual member clusters. + items: + description: OverrideWithController describes the overrides that will be applied to a Kubernetes object before it is propagated to individual member clusters. + properties: + clusters: + description: Override is the list of member clusters and their respective override patches. + items: + description: ClusterReferenceWithPatches represents a single member cluster and a list of override patches for the cluster. + properties: + cluster: + description: Cluster is the name of the member cluster. + type: string + patches: + description: Patches is the list of override patches for the member cluster. + items: + description: OverridePatch defines a JSON patch. + properties: + op: + type: string + path: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + required: + - path + type: object + type: array + required: + - cluster + type: object + type: array + controller: + description: Controller identifies the controller responsible for this override. + type: string + required: + - clusters + - controller + type: object + type: array + placements: + description: Placements describe the member clusters that the Kubernetes object will be propagated to, which is a union of all the listed clusters. + items: + description: PlacementWithController describes the member clusters that a Kubernetes object should be propagated to. + properties: + controller: + description: Controller identifies the controller responsible for this placement. + type: string + placement: + description: Placement is the list of member clusters that the Kubernetes object should be propagated to. + items: + description: ClusterReference represents a single member cluster. + properties: + cluster: + description: Cluster is the name of the member cluster. + type: string + required: + - cluster + type: object + type: array + required: + - controller + - placement + type: object + type: array + template: + description: Template is the base template of the Kubernetes object to be propagated. + x-kubernetes-preserve-unknown-fields: true + required: + - template + type: object + status: + description: Status describes the most recently observed status of the FederatedObject. + properties: + clusters: + description: Clusters contains the propagation status of the Kubernetes object for individual member clusters. + items: + description: PropagationStatus describes the propagation of a Kubernetes object to a given member cluster. + properties: + cluster: + description: Cluster is the name of the member cluster. + type: string + lastObservedGeneration: + description: LastObservedGeneration is the last observed generation of the Kubernetes object in the member cluster. + format: int64 + type: integer + status: + description: Status describes the current status of propagating the Kubernetes object to the member cluster. + type: string + required: + - cluster + - status + type: object + type: array + conditions: + description: Conditions describe the current state of this FederatedObject. + items: + description: GenericFederatedObjectCondition contains the current details about a particular condition of a FederatedObject. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the status of this condition changed. + format: date-time + type: string + lastUpdateTime: + description: LastUpdateTime is the last time a reconciliation for this condition occurred. + format: date-time + type: string + reason: + description: Reason is the reason for the last status change of this condition. + type: string + status: + description: Status is the status of the condition, one of True, False or Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + syncedGeneration: + description: SyncedGeneration is the generation of this FederatedObject when it was last synced to selected member clusters. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_clusteroverridepolicies.yaml b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_clusteroverridepolicies.yaml new file mode 100644 index 00000000..ea49c15a --- /dev/null +++ b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_clusteroverridepolicies.yaml @@ -0,0 +1,299 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + kubeadmiral.io/no-federated-resource: "true" + creationTimestamp: null + name: clusteroverridepolicies.core.kubeadmiral.io +spec: + group: core.kubeadmiral.io + names: + kind: ClusterOverridePolicy + listKind: ClusterOverridePolicyList + plural: clusteroverridepolicies + shortNames: + - cop + singular: clusteroverridepolicy + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterOverridePolicy describes the override rules for a resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + overrideRules: + description: OverrideRules specify the override rules. Each rule specifies the overriders and the clusters these overriders should be applied to. + items: + properties: + overriders: + description: Overriders specify the overriders to be applied in the target clusters. + properties: + annotations: + description: Annotation specifies overriders that apply to the resource annotations. + items: + description: StringMapOverrider represents the rules dedicated to handling resource labels/annotations + properties: + operator: + description: Operator specifies the operation. If omitted, defaults to "overwrite". + enum: + - addIfAbsent + - overwrite + - delete + type: string + value: + additionalProperties: + type: string + description: Value is the value(s) that will be applied to annotations/labels of resource. If Operator is 'addIfAbsent', items in Value (empty is not allowed) will be added in annotations/labels. - For 'addIfAbsent' Operator, the keys in Value cannot conflict with annotations/labels. If Operator is 'overwrite', items in Value which match in annotations/labels will be replaced. If Operator is 'delete', items in Value which match in annotations/labels will be deleted. + type: object + required: + - value + type: object + type: array + args: + description: Args specifies overriders that apply to the container arguments. + items: + properties: + containerName: + description: ContainerName targets the specified container or init container in the pod template. + type: string + operator: + description: Operator specifies the operation. If omitted, defaults to "overwrite". + enum: + - append + - overwrite + - delete + type: string + value: + description: Value is the value(s) that will be applied to command/args of ContainerName. If Operator is 'append', items in Value (empty is not allowed) will be appended to command/args. If Operator is 'overwrite', current command/args of ContainerName will be completely replaced by Value. If Operator is 'delete', items in Value that match in command/args will be deleted. + items: + type: string + type: array + required: + - containerName + - value + type: object + type: array + command: + description: Command specifies overriders that apply to the container commands. + items: + properties: + containerName: + description: ContainerName targets the specified container or init container in the pod template. + type: string + operator: + description: Operator specifies the operation. If omitted, defaults to "overwrite". + enum: + - append + - overwrite + - delete + type: string + value: + description: Value is the value(s) that will be applied to command/args of ContainerName. If Operator is 'append', items in Value (empty is not allowed) will be appended to command/args. If Operator is 'overwrite', current command/args of ContainerName will be completely replaced by Value. If Operator is 'delete', items in Value that match in command/args will be deleted. + items: + type: string + type: array + required: + - containerName + - value + type: object + type: array + image: + description: Image specifies the overriders that apply to the image. + items: + properties: + containerNames: + description: ContainerNames are ignored when ImagePath is set. If empty, the image override rule applies to all containers. Otherwise, this override targets the specified container(s) or init container(s) in the pod template. + items: + type: string + type: array + imagePath: + description: "ImagePath indicates the image path to target. For Example: /spec/template/spec/containers/0/image \n If empty, the system will automatically resolve the image path if the resource type is Pod, CronJob, Deployment, StatefulSet, DaemonSet or Job." + type: string + operations: + description: Operations are the specific operations to be performed on ContainerNames or ImagePath. + items: + properties: + imageComponent: + description: ImageComponent is the part of the image to override. + enum: + - Registry + - Repository + - Tag + - Digest + type: string + operator: + description: Operator specifies the operation. If omitted, defaults to "overwrite". + enum: + - addIfAbsent + - overwrite + - delete + type: string + value: + description: Value is the value required by the operation. For 'addIfAbsent' Operator, the old value of ImageComponent should be empty, and the Value shouldn't be empty. + type: string + required: + - imageComponent + type: object + type: array + required: + - operations + type: object + type: array + jsonpatch: + description: JsonPatch specifies overriders in a syntax similar to RFC6902 JSON Patch. + items: + properties: + operator: + description: Operator specifies the operation. If omitted, defaults to "replace". + type: string + path: + description: Path is a JSON pointer (RFC 6901) specifying the location within the resource document where the operation is performed. Each key in the path should be prefixed with "/", while "~" and "/" should be escaped as "~0" and "~1" respectively. For example, to add a label "kubeadmiral.io/label", the path should be "/metadata/labels/kubeadmiral.io~1label". + type: string + value: + description: Value is the value(s) required by the operation. + x-kubernetes-preserve-unknown-fields: true + required: + - path + type: object + type: array + labels: + description: Label specifies overriders that apply to the resource labels. + items: + description: StringMapOverrider represents the rules dedicated to handling resource labels/annotations + properties: + operator: + description: Operator specifies the operation. If omitted, defaults to "overwrite". + enum: + - addIfAbsent + - overwrite + - delete + type: string + value: + additionalProperties: + type: string + description: Value is the value(s) that will be applied to annotations/labels of resource. If Operator is 'addIfAbsent', items in Value (empty is not allowed) will be added in annotations/labels. - For 'addIfAbsent' Operator, the keys in Value cannot conflict with annotations/labels. If Operator is 'overwrite', items in Value which match in annotations/labels will be replaced. If Operator is 'delete', items in Value which match in annotations/labels will be deleted. + type: object + required: + - value + type: object + type: array + type: object + targetClusters: + description: TargetClusters selects the clusters in which the overriders in this rule should be applied. If multiple types of selectors are specified, the overall result is the intersection of all of them. + properties: + clusterAffinity: + description: ClusterAffinity selects FederatedClusters by matching their labels and fields against expressions. If multiple terms are specified, their results are ORed. + items: + properties: + matchExpressions: + description: A list of cluster selector requirements by cluster labels. + items: + description: ClusterSelectorRequirement is a selector that contains values, a key, and an operator that relates the values and keys + properties: + key: + type: string + operator: + description: ClusterSelectorOperator is the set of operators that can be used in a cluster selector requirement. + enum: + - In + - NotIn + - Exists + - DoesNotExist + - Gt + - Lt + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + matchFields: + description: A list of cluster selector requirements by cluster fields. + items: + description: ClusterSelectorRequirement is a selector that contains values, a key, and an operator that relates the values and keys + properties: + key: + type: string + operator: + description: ClusterSelectorOperator is the set of operators that can be used in a cluster selector requirement. + enum: + - In + - NotIn + - Exists + - DoesNotExist + - Gt + - Lt + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + type: object + type: array + clusterSelector: + additionalProperties: + type: string + description: ClusterSelector selects FederatedClusters by their labels. Empty labels selects all FederatedClusters. + type: object + clusters: + description: Clusters selects FederatedClusters by their names. Empty Clusters selects all FederatedClusters. + items: + type: string + type: array + type: object + type: object + type: array + type: object + status: + properties: + refCount: + format: int64 + minimum: 0 + type: integer + typedRefCount: + items: + properties: + count: + format: int64 + minimum: 0 + type: integer + group: + type: string + resource: + type: string + required: + - count + - resource + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_clusterpropagatedversions.yaml b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_clusterpropagatedversions.yaml new file mode 100644 index 00000000..ad9ae214 --- /dev/null +++ b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_clusterpropagatedversions.yaml @@ -0,0 +1,64 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + kubeadmiral.io/no-federated-resource: "true" + creationTimestamp: null + name: clusterpropagatedversions.core.kubeadmiral.io +spec: + group: core.kubeadmiral.io + names: + kind: ClusterPropagatedVersion + listKind: ClusterPropagatedVersionList + plural: clusterpropagatedversions + singular: clusterpropagatedversion + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterPropagatedVersion holds version information about the state propagated from ClusterFederatedObject to member clusters. The name of a ClusterPropagatedVersion is the same as its ClusterFederatedObject. If a target resource has a populated metadata.Generation field, the generation will be stored with a prefix of `gen:` as the version for the cluster. If metadata.Generation is not available, metadata.ResourceVersion will be stored with a prefix of `rv:` as the version for the cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: PropagatedVersionStatus defines the observed state of PropagatedVersion + properties: + clusterVersions: + description: The last versions produced in each cluster for this resource. + items: + properties: + clusterName: + description: The name of the cluster the version is for. + type: string + version: + description: The last version produced for the resource by a KubeAdmiral operation. + type: string + required: + - clusterName + - version + type: object + type: array + overridesVersion: + description: The observed version of the overrides for this resource. + type: string + templateVersion: + description: The observed version of the template for this resource. + type: string + required: + - overridesVersion + - templateVersion + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_clusterpropagationpolicies.yaml b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_clusterpropagationpolicies.yaml new file mode 100644 index 00000000..1a9f88fb --- /dev/null +++ b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_clusterpropagationpolicies.yaml @@ -0,0 +1,277 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + kubeadmiral.io/no-federated-resource: "true" + creationTimestamp: null + name: clusterpropagationpolicies.core.kubeadmiral.io +spec: + group: core.kubeadmiral.io + names: + kind: ClusterPropagationPolicy + listKind: ClusterPropagationPolicyList + plural: clusterpropagationpolicies + shortNames: + - cpp + singular: clusterpropagationpolicy + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterPropagationPolicy describes the scheduling rules for a resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + properties: + name: + type: string + maxLength: 63 + spec: + properties: + autoMigration: + description: Configures behaviors related to auto migration. If absent, auto migration will be disabled. + properties: + keepUnschedulableReplicas: + default: false + description: Besides starting new replicas in other cluster(s), whether to keep the unschedulable replicas in the original cluster so we can go back to the desired state when the cluster recovers. + type: boolean + when: + default: + podUnschedulableFor: 1m + description: When a replica should be subject to auto migration. + minProperties: 1 + properties: + podUnschedulableFor: + description: A pod will be subject to auto migration if it remains unschedulable beyond this duration. Duration should be specified in a format that can be parsed by Go's time.ParseDuration. + format: duration + type: string + type: object + type: object + clusterAffinity: + description: ClusterAffinity is a list of cluster selector terms, the terms are ORed. A empty or nil ClusterAffinity selects everything. + items: + properties: + matchExpressions: + description: A list of cluster selector requirements by cluster labels. + items: + description: ClusterSelectorRequirement is a selector that contains values, a key, and an operator that relates the values and keys + properties: + key: + type: string + operator: + description: ClusterSelectorOperator is the set of operators that can be used in a cluster selector requirement. + enum: + - In + - NotIn + - Exists + - DoesNotExist + - Gt + - Lt + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + matchFields: + description: A list of cluster selector requirements by cluster fields. + items: + description: ClusterSelectorRequirement is a selector that contains values, a key, and an operator that relates the values and keys + properties: + key: + type: string + operator: + description: ClusterSelectorOperator is the set of operators that can be used in a cluster selector requirement. + enum: + - In + - NotIn + - Exists + - DoesNotExist + - Gt + - Lt + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + type: object + type: array + clusterSelector: + additionalProperties: + type: string + description: ClusterSelector is a label query over clusters to consider for scheduling. An empty or nil ClusterSelector selects everything. + type: object + disableFollowerScheduling: + description: DisableFollowerScheduling is a boolean that determines if follower scheduling is disabled. Resources that depend on other resources (e.g. deployments) are called leaders, and resources that are depended on (e.g. configmaps and secrets) are called followers. If a leader enables follower scheduling, its followers will additionally be scheduled to clusters where the leader is scheduled. + type: boolean + maxClusters: + description: MaxClusters is the maximum number of replicas that the federated object can be propagated to. The maximum number of clusters is unbounded if no value is provided. + format: int64 + type: integer + placement: + description: Placement is an explicit list of clusters used to select member clusters to propagate resources to. + items: + description: DesiredPlacement describes a cluster that a federated object can be propagated to and its propagation preferences. + properties: + cluster: + description: Cluster is the name of the FederatedCluster to propagate to. + type: string + preferences: + description: Preferences contains the cluster's propagation preferences. + properties: + maxReplicas: + description: Maximum number of replicas that should be assigned to this cluster workload object. Unbounded if no value provided (default). + format: int64 + minimum: 0 + type: integer + minReplicas: + description: Minimum number of replicas that should be assigned to this cluster workload object. 0 by default. + format: int64 + minimum: 0 + type: integer + priority: + description: A number expressing the priority of the cluster. The higher the value, the higher the priority. When selecting clusters for propagation, clusters with higher priority are preferred. When the Binpack ReplicasStrategy is selected, replicas will be scheduled to clusters with higher priority first. + format: int64 + minimum: 0 + type: integer + weight: + description: A number expressing the preference to put an additional replica to this cluster workload object. It will not take effect when ReplicasStrategy is Binpack. + format: int64 + minimum: 0 + type: integer + type: object + required: + - cluster + type: object + type: array + replicasStrategy: + default: Spread + description: ReplicasStrategy is the strategy used for scheduling replicas. + enum: + - Binpack + - Spread + type: string + reschedulePolicy: + default: + rescheduleWhen: + policyContentChanged: true + description: Configures behaviors related to rescheduling. + properties: + disableRescheduling: + description: DisableRescheduling determines if a federated object can be rescheduled. + type: boolean + replicaRescheduling: + description: Configures behaviors related to replica rescheduling. Default set via a post-generation patch. See patch file for details. + properties: + avoidDisruption: + default: true + description: If set to true, the scheduler will attempt to prevent migrating existing replicas during rescheduling. In order to do so, replica scheduling preferences might not be fully respected. If set to false, the scheduler will always rebalance the replicas based on the specified preferences, which might cause temporary service disruption. + type: boolean + type: object + default: {} + rescheduleWhen: + description: When the related objects should be subject to reschedule. + properties: + clusterAPIResourcesChanged: + default: false + description: If set to true, changes to clusters' enabled list of api resources will trigger rescheduling. It set to false, the scheduler will reschedule only when other options are triggered or the replicas or the requested resources of the template changed. + type: boolean + clusterJoined: + default: false + description: If set to true, clusters joining the federation will trigger rescheduling. It set to false, the scheduler will reschedule only when other options are triggered or the replicas or the requested resources of the template changed. + type: boolean + clusterLabelsChanged: + default: false + description: If set to true, changes to cluster labels will trigger rescheduling. It set to false, the scheduler will reschedule only when other options are triggered or the replicas or the requested resources of the template changed. + type: boolean + policyContentChanged: + default: true + description: If set to true, the scheduler will trigger rescheduling when the semantics of the policy changes. For example, modifying placement, schedulingMode, maxClusters, clusterSelector, and other configurations related to scheduling (includes reschedulePolicy itself) will immediately trigger rescheduling. Modifying the labels, annotations, autoMigration configuration will not trigger rescheduling. It set to false, the scheduler will not reschedule when the policy content changes. + type: boolean + type: object + type: object + schedulingMode: + description: SchedulingMode determines the mode used for scheduling. + enum: + - Duplicate + - Divide + type: string + schedulingProfile: + description: Profile determines the scheduling profile to be used for scheduling + type: string + tolerations: + description: Tolerations describe a set of cluster taints that the policy tolerates. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + required: + - schedulingMode + type: object + status: + properties: + refCount: + format: int64 + minimum: 0 + type: integer + typedRefCount: + items: + properties: + count: + format: int64 + minimum: 0 + type: integer + group: + type: string + resource: + type: string + required: + - count + - resource + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_collectedstatuses.yaml b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_collectedstatuses.yaml new file mode 100644 index 00000000..a455bd20 --- /dev/null +++ b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_collectedstatuses.yaml @@ -0,0 +1,62 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + kubeadmiral.io/no-federated-resource: "true" + creationTimestamp: null + name: collectedstatuses.core.kubeadmiral.io +spec: + group: core.kubeadmiral.io + names: + kind: CollectedStatus + listKind: CollectedStatusList + plural: collectedstatuses + shortNames: + - cs + singular: collectedstatus + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CollectedStatus stores the collected fields of Kubernetes objects from member clusters, that are propagated by a FederatedObject. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + clusters: + description: Clusters is the list of member clusters and collected fields for its propagated Kubernetes object. + items: + description: CollectedFieldsWithCluster stores the collected fields of a Kubernetes object in a member cluster. + properties: + cluster: + description: Cluster is the name of the member cluster. + type: string + collectedFields: + description: CollectedFields is the the set of fields collected for the Kubernetes object. + x-kubernetes-preserve-unknown-fields: true + error: + description: Error records any errors encountered while collecting fields from the cluster. + type: string + required: + - cluster + - collectedFields + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + lastUpdateTime: + description: LastUpdateTime is the last time that a collection was performed. + format: date-time + type: string + metadata: + type: object + required: + - clusters + - lastUpdateTime + type: object + served: true + storage: true diff --git a/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_federatedclusters.yaml b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_federatedclusters.yaml new file mode 100644 index 00000000..4aba2edc --- /dev/null +++ b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_federatedclusters.yaml @@ -0,0 +1,193 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + kubeadmiral.io/no-federated-resource: "true" + creationTimestamp: null + name: federatedclusters.core.kubeadmiral.io +spec: + group: core.kubeadmiral.io + names: + kind: FederatedCluster + listKind: FederatedClusterList + plural: federatedclusters + shortNames: + - fcluster + singular: federatedcluster + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: ready + type: string + - jsonPath: .status.conditions[?(@.type=='Joined')].status + name: joined + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: FederatedCluster is the Schema for the federatedclusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FederatedClusterSpec defines the desired state of FederatedCluster + properties: + apiEndpoint: + description: The API endpoint of the member cluster. This can be a hostname, hostname:port, IP or IP:port. + type: string + insecure: + description: Access API endpoint with security. + type: boolean + secretRef: + description: Name of the secret containing the token required to access the member cluster. The secret needs to exist in the fed system namespace. + properties: + name: + description: Name of a secret within the enclosing namespace + type: string + required: + - name + type: object + taints: + description: If specified, the cluster's taints. + items: + description: The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint key. + type: string + required: + - effect + - key + type: object + type: array + useServiceAccount: + description: Whether to use service account token to authenticate to the member cluster. + type: boolean + required: + - apiEndpoint + - secretRef + type: object + status: + description: FederatedClusterStatus defines the observed state of FederatedCluster + properties: + apiResourceTypes: + description: The list of api resource types defined in the federated cluster + items: + description: APIResource represents a Kubernetes API resource. + properties: + group: + description: Group of the resource. + type: string + kind: + description: Kind of the resource. + type: string + pluralName: + description: Lower-cased plural name of the resource (e.g. configmaps). If not provided, it will be computed by lower-casing the kind and suffixing an 's'. + type: string + scope: + description: Scope of the resource. + type: string + version: + description: Version of the resource. + type: string + required: + - kind + - pluralName + - scope + - version + type: object + type: array + conditions: + description: Conditions is an array of current cluster conditions. + items: + description: ClusterCondition describes current state of a cluster. + properties: + lastProbeTime: + description: Last time the condition was checked. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transit from one status to another. + format: date-time + type: string + message: + description: Human readable message indicating details about the current status. + type: string + reason: + description: Programmatic identifier indicating the reason for the current status. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of cluster condition, Ready or Offline. + type: string + required: + - lastProbeTime + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + joinPerformed: + description: Whether any effectual action was performed in the cluster while joining. If true, clean-up is required on cluster removal to undo the side-effects. + type: boolean + resources: + description: Resources describes the cluster's resources. + properties: + allocatable: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Allocatable represents the total resources that are allocatable for scheduling. + type: object + available: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Available represents the resources currently available for scheduling. + type: object + schedulableNodes: + description: SchedulableNodes represents number of nodes which is ready and schedulable. + format: int64 + type: integer + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_federatedobjects.yaml b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_federatedobjects.yaml new file mode 100644 index 00000000..c280a5d8 --- /dev/null +++ b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_federatedobjects.yaml @@ -0,0 +1,187 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + kubeadmiral.io/no-federated-resource: "true" + creationTimestamp: null + name: federatedobjects.core.kubeadmiral.io +spec: + group: core.kubeadmiral.io + names: + kind: FederatedObject + listKind: FederatedObjectList + plural: federatedobjects + shortNames: + - fo + singular: federatedobject + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FederatedObject describes a namespace-scoped Kubernetes object and how it should be propagated to different member clusters. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired behavior of the FederatedObject. + properties: + follows: + description: Follows defines other objects, or "leaders", that the Kubernetes object should follow during propagation, i.e. the Kubernetes object should be propagated to all member clusters that its "leaders" are placed in. + items: + description: LeaderReference contains the identifying metadata of a "leader" Kubernetes object. + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + type: array + overrides: + description: Overrides describe the overrides that should be applied to the base template of the Kubernetes object before it is propagated to individual member clusters. + items: + description: OverrideWithController describes the overrides that will be applied to a Kubernetes object before it is propagated to individual member clusters. + properties: + clusters: + description: Override is the list of member clusters and their respective override patches. + items: + description: ClusterReferenceWithPatches represents a single member cluster and a list of override patches for the cluster. + properties: + cluster: + description: Cluster is the name of the member cluster. + type: string + patches: + description: Patches is the list of override patches for the member cluster. + items: + description: OverridePatch defines a JSON patch. + properties: + op: + type: string + path: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + required: + - path + type: object + type: array + required: + - cluster + type: object + type: array + controller: + description: Controller identifies the controller responsible for this override. + type: string + required: + - clusters + - controller + type: object + type: array + placements: + description: Placements describe the member clusters that the Kubernetes object will be propagated to, which is a union of all the listed clusters. + items: + description: PlacementWithController describes the member clusters that a Kubernetes object should be propagated to. + properties: + controller: + description: Controller identifies the controller responsible for this placement. + type: string + placement: + description: Placement is the list of member clusters that the Kubernetes object should be propagated to. + items: + description: ClusterReference represents a single member cluster. + properties: + cluster: + description: Cluster is the name of the member cluster. + type: string + required: + - cluster + type: object + type: array + required: + - controller + - placement + type: object + type: array + template: + description: Template is the base template of the Kubernetes object to be propagated. + x-kubernetes-preserve-unknown-fields: true + required: + - template + type: object + status: + description: Status describes the most recently observed status of the FederatedObject. + properties: + clusters: + description: Clusters contains the propagation status of the Kubernetes object for individual member clusters. + items: + description: PropagationStatus describes the propagation of a Kubernetes object to a given member cluster. + properties: + cluster: + description: Cluster is the name of the member cluster. + type: string + lastObservedGeneration: + description: LastObservedGeneration is the last observed generation of the Kubernetes object in the member cluster. + format: int64 + type: integer + status: + description: Status describes the current status of propagating the Kubernetes object to the member cluster. + type: string + required: + - cluster + - status + type: object + type: array + conditions: + description: Conditions describe the current state of this FederatedObject. + items: + description: GenericFederatedObjectCondition contains the current details about a particular condition of a FederatedObject. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the status of this condition changed. + format: date-time + type: string + lastUpdateTime: + description: LastUpdateTime is the last time a reconciliation for this condition occurred. + format: date-time + type: string + reason: + description: Reason is the reason for the last status change of this condition. + type: string + status: + description: Status is the status of the condition, one of True, False or Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + syncedGeneration: + description: SyncedGeneration is the generation of this FederatedObject when it was last synced to selected member clusters. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_federatedtypeconfigs.yaml b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_federatedtypeconfigs.yaml new file mode 100644 index 00000000..4ff6ef42 --- /dev/null +++ b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_federatedtypeconfigs.yaml @@ -0,0 +1,130 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + kubeadmiral.io/no-federated-resource: "true" + creationTimestamp: null + name: federatedtypeconfigs.core.kubeadmiral.io +spec: + group: core.kubeadmiral.io + names: + kind: FederatedTypeConfig + listKind: FederatedTypeConfigList + plural: federatedtypeconfigs + shortNames: + - ftc + singular: federatedtypeconfig + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FederatedTypeConfig specifies an API resource type to federate and various type-specific options. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoMigration: + description: Configuration for AutoMigration. If left empty, the AutoMigration feature will be disabled. + properties: + enabled: + description: Whether or not to automatically migrate unschedulable pods to a different cluster. + type: boolean + required: + - enabled + type: object + controllers: + description: The controllers that must run before the source object can be propagated to member clusters. Each inner slice specifies a step. Step T must complete before step T+1 can commence. Controllers within each step can execute in parallel. + items: + items: + type: string + type: array + type: array + pathDefinition: + description: Defines the paths to various fields in the target object's schema. + properties: + availableReplicasStatus: + description: Path to a numeric field that reflects the number of available replicas that the object currently has. E.g. `status.availableReplicas` for Deployment and ReplicaSet. + type: string + labelSelector: + description: Path to a metav1.LabelSelector field that selects the replicas for this object. E.g. `spec.selector` for Deployment and ReplicaSet. + type: string + readyReplicasStatus: + description: Path to a numeric field that reflects the number of ready replicas that the object currently has. E.g. `status.readyReplicas` for Deployment and ReplicaSet. + type: string + replicasSpec: + description: Path to a numeric field that indicates the number of replicas that an object can be divided into. E.g. `spec.replicas` for Deployment and ReplicaSet. + type: string + replicasStatus: + description: Path to a numeric field that reflects the number of replicas that the object currently has. E.g. `status.replicas` for Deployment and ReplicaSet. + type: string + type: object + sourceType: + description: The API resource type to be federated. + properties: + group: + description: Group of the resource. + type: string + kind: + description: Kind of the resource. + type: string + pluralName: + description: Lower-cased plural name of the resource (e.g. configmaps). If not provided, it will be computed by lower-casing the kind and suffixing an 's'. + type: string + scope: + description: Scope of the resource. + type: string + version: + description: Version of the resource. + type: string + required: + - kind + - pluralName + - scope + - version + type: object + statusAggregation: + default: + enabled: true + description: Configuration for StatusAggregation. + properties: + enabled: + default: true + description: Whether or not to enable status aggregation. + type: boolean + required: + - enabled + type: object + statusCollection: + description: Configuration for StatusCollection. If left empty, the StatusCollection feature will be disabled. + properties: + enabled: + description: Whether or not to enable status collection. + type: boolean + fields: + description: Contains the fields to be collected during status collection. Each field is a dot separated string that corresponds to its path in the source object's schema. E.g. `metadata.creationTimestamp`. + items: + type: string + type: array + required: + - enabled + type: object + required: + - sourceType + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_overridepolicies.yaml b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_overridepolicies.yaml new file mode 100644 index 00000000..bc776c47 --- /dev/null +++ b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_overridepolicies.yaml @@ -0,0 +1,299 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + kubeadmiral.io/no-federated-resource: "true" + creationTimestamp: null + name: overridepolicies.core.kubeadmiral.io +spec: + group: core.kubeadmiral.io + names: + kind: OverridePolicy + listKind: OverridePolicyList + plural: overridepolicies + shortNames: + - op + singular: overridepolicy + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OverridePolicy describes the override rules for a resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + overrideRules: + description: OverrideRules specify the override rules. Each rule specifies the overriders and the clusters these overriders should be applied to. + items: + properties: + overriders: + description: Overriders specify the overriders to be applied in the target clusters. + properties: + annotations: + description: Annotation specifies overriders that apply to the resource annotations. + items: + description: StringMapOverrider represents the rules dedicated to handling resource labels/annotations + properties: + operator: + description: Operator specifies the operation. If omitted, defaults to "overwrite". + enum: + - addIfAbsent + - overwrite + - delete + type: string + value: + additionalProperties: + type: string + description: Value is the value(s) that will be applied to annotations/labels of resource. If Operator is 'addIfAbsent', items in Value (empty is not allowed) will be added in annotations/labels. - For 'addIfAbsent' Operator, the keys in Value cannot conflict with annotations/labels. If Operator is 'overwrite', items in Value which match in annotations/labels will be replaced. If Operator is 'delete', items in Value which match in annotations/labels will be deleted. + type: object + required: + - value + type: object + type: array + args: + description: Args specifies overriders that apply to the container arguments. + items: + properties: + containerName: + description: ContainerName targets the specified container or init container in the pod template. + type: string + operator: + description: Operator specifies the operation. If omitted, defaults to "overwrite". + enum: + - append + - overwrite + - delete + type: string + value: + description: Value is the value(s) that will be applied to command/args of ContainerName. If Operator is 'append', items in Value (empty is not allowed) will be appended to command/args. If Operator is 'overwrite', current command/args of ContainerName will be completely replaced by Value. If Operator is 'delete', items in Value that match in command/args will be deleted. + items: + type: string + type: array + required: + - containerName + - value + type: object + type: array + command: + description: Command specifies overriders that apply to the container commands. + items: + properties: + containerName: + description: ContainerName targets the specified container or init container in the pod template. + type: string + operator: + description: Operator specifies the operation. If omitted, defaults to "overwrite". + enum: + - append + - overwrite + - delete + type: string + value: + description: Value is the value(s) that will be applied to command/args of ContainerName. If Operator is 'append', items in Value (empty is not allowed) will be appended to command/args. If Operator is 'overwrite', current command/args of ContainerName will be completely replaced by Value. If Operator is 'delete', items in Value that match in command/args will be deleted. + items: + type: string + type: array + required: + - containerName + - value + type: object + type: array + image: + description: Image specifies the overriders that apply to the image. + items: + properties: + containerNames: + description: ContainerNames are ignored when ImagePath is set. If empty, the image override rule applies to all containers. Otherwise, this override targets the specified container(s) or init container(s) in the pod template. + items: + type: string + type: array + imagePath: + description: "ImagePath indicates the image path to target. For Example: /spec/template/spec/containers/0/image \n If empty, the system will automatically resolve the image path if the resource type is Pod, CronJob, Deployment, StatefulSet, DaemonSet or Job." + type: string + operations: + description: Operations are the specific operations to be performed on ContainerNames or ImagePath. + items: + properties: + imageComponent: + description: ImageComponent is the part of the image to override. + enum: + - Registry + - Repository + - Tag + - Digest + type: string + operator: + description: Operator specifies the operation. If omitted, defaults to "overwrite". + enum: + - addIfAbsent + - overwrite + - delete + type: string + value: + description: Value is the value required by the operation. For 'addIfAbsent' Operator, the old value of ImageComponent should be empty, and the Value shouldn't be empty. + type: string + required: + - imageComponent + type: object + type: array + required: + - operations + type: object + type: array + jsonpatch: + description: JsonPatch specifies overriders in a syntax similar to RFC6902 JSON Patch. + items: + properties: + operator: + description: Operator specifies the operation. If omitted, defaults to "replace". + type: string + path: + description: Path is a JSON pointer (RFC 6901) specifying the location within the resource document where the operation is performed. Each key in the path should be prefixed with "/", while "~" and "/" should be escaped as "~0" and "~1" respectively. For example, to add a label "kubeadmiral.io/label", the path should be "/metadata/labels/kubeadmiral.io~1label". + type: string + value: + description: Value is the value(s) required by the operation. + x-kubernetes-preserve-unknown-fields: true + required: + - path + type: object + type: array + labels: + description: Label specifies overriders that apply to the resource labels. + items: + description: StringMapOverrider represents the rules dedicated to handling resource labels/annotations + properties: + operator: + description: Operator specifies the operation. If omitted, defaults to "overwrite". + enum: + - addIfAbsent + - overwrite + - delete + type: string + value: + additionalProperties: + type: string + description: Value is the value(s) that will be applied to annotations/labels of resource. If Operator is 'addIfAbsent', items in Value (empty is not allowed) will be added in annotations/labels. - For 'addIfAbsent' Operator, the keys in Value cannot conflict with annotations/labels. If Operator is 'overwrite', items in Value which match in annotations/labels will be replaced. If Operator is 'delete', items in Value which match in annotations/labels will be deleted. + type: object + required: + - value + type: object + type: array + type: object + targetClusters: + description: TargetClusters selects the clusters in which the overriders in this rule should be applied. If multiple types of selectors are specified, the overall result is the intersection of all of them. + properties: + clusterAffinity: + description: ClusterAffinity selects FederatedClusters by matching their labels and fields against expressions. If multiple terms are specified, their results are ORed. + items: + properties: + matchExpressions: + description: A list of cluster selector requirements by cluster labels. + items: + description: ClusterSelectorRequirement is a selector that contains values, a key, and an operator that relates the values and keys + properties: + key: + type: string + operator: + description: ClusterSelectorOperator is the set of operators that can be used in a cluster selector requirement. + enum: + - In + - NotIn + - Exists + - DoesNotExist + - Gt + - Lt + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + matchFields: + description: A list of cluster selector requirements by cluster fields. + items: + description: ClusterSelectorRequirement is a selector that contains values, a key, and an operator that relates the values and keys + properties: + key: + type: string + operator: + description: ClusterSelectorOperator is the set of operators that can be used in a cluster selector requirement. + enum: + - In + - NotIn + - Exists + - DoesNotExist + - Gt + - Lt + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + type: object + type: array + clusterSelector: + additionalProperties: + type: string + description: ClusterSelector selects FederatedClusters by their labels. Empty labels selects all FederatedClusters. + type: object + clusters: + description: Clusters selects FederatedClusters by their names. Empty Clusters selects all FederatedClusters. + items: + type: string + type: array + type: object + type: object + type: array + type: object + status: + properties: + refCount: + format: int64 + minimum: 0 + type: integer + typedRefCount: + items: + properties: + count: + format: int64 + minimum: 0 + type: integer + group: + type: string + resource: + type: string + required: + - count + - resource + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_propagatedversions.yaml b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_propagatedversions.yaml new file mode 100644 index 00000000..a5d23dbb --- /dev/null +++ b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_propagatedversions.yaml @@ -0,0 +1,64 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + kubeadmiral.io/no-federated-resource: "true" + creationTimestamp: null + name: propagatedversions.core.kubeadmiral.io +spec: + group: core.kubeadmiral.io + names: + kind: PropagatedVersion + listKind: PropagatedVersionList + plural: propagatedversions + singular: propagatedversion + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: PropagatedVersion holds version information about the state propagated from FederatedObject to member clusters. The name of a PropagatedVersion is the same as its FederatedObject. If a target resource has a populated metadata.Generation field, the generation will be stored with a prefix of `gen:` as the version for the cluster. If metadata.Generation is not available, metadata.ResourceVersion will be stored with a prefix of `rv:` as the version for the cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: PropagatedVersionStatus defines the observed state of PropagatedVersion + properties: + clusterVersions: + description: The last versions produced in each cluster for this resource. + items: + properties: + clusterName: + description: The name of the cluster the version is for. + type: string + version: + description: The last version produced for the resource by a KubeAdmiral operation. + type: string + required: + - clusterName + - version + type: object + type: array + overridesVersion: + description: The observed version of the overrides for this resource. + type: string + templateVersion: + description: The observed version of the template for this resource. + type: string + required: + - overridesVersion + - templateVersion + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_propagationpolicies.yaml b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_propagationpolicies.yaml new file mode 100644 index 00000000..7213ed61 --- /dev/null +++ b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_propagationpolicies.yaml @@ -0,0 +1,277 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + kubeadmiral.io/no-federated-resource: "true" + creationTimestamp: null + name: propagationpolicies.core.kubeadmiral.io +spec: + group: core.kubeadmiral.io + names: + kind: PropagationPolicy + listKind: PropagationPolicyList + plural: propagationpolicies + shortNames: + - pp + singular: propagationpolicy + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: PropagationPolicy describes the scheduling rules for a resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + properties: + name: + type: string + maxLength: 63 + spec: + properties: + autoMigration: + description: Configures behaviors related to auto migration. If absent, auto migration will be disabled. + properties: + keepUnschedulableReplicas: + default: false + description: Besides starting new replicas in other cluster(s), whether to keep the unschedulable replicas in the original cluster so we can go back to the desired state when the cluster recovers. + type: boolean + when: + default: + podUnschedulableFor: 1m + description: When a replica should be subject to auto migration. + minProperties: 1 + properties: + podUnschedulableFor: + description: A pod will be subject to auto migration if it remains unschedulable beyond this duration. Duration should be specified in a format that can be parsed by Go's time.ParseDuration. + format: duration + type: string + type: object + type: object + clusterAffinity: + description: ClusterAffinity is a list of cluster selector terms, the terms are ORed. A empty or nil ClusterAffinity selects everything. + items: + properties: + matchExpressions: + description: A list of cluster selector requirements by cluster labels. + items: + description: ClusterSelectorRequirement is a selector that contains values, a key, and an operator that relates the values and keys + properties: + key: + type: string + operator: + description: ClusterSelectorOperator is the set of operators that can be used in a cluster selector requirement. + enum: + - In + - NotIn + - Exists + - DoesNotExist + - Gt + - Lt + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + matchFields: + description: A list of cluster selector requirements by cluster fields. + items: + description: ClusterSelectorRequirement is a selector that contains values, a key, and an operator that relates the values and keys + properties: + key: + type: string + operator: + description: ClusterSelectorOperator is the set of operators that can be used in a cluster selector requirement. + enum: + - In + - NotIn + - Exists + - DoesNotExist + - Gt + - Lt + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + type: object + type: array + clusterSelector: + additionalProperties: + type: string + description: ClusterSelector is a label query over clusters to consider for scheduling. An empty or nil ClusterSelector selects everything. + type: object + disableFollowerScheduling: + description: DisableFollowerScheduling is a boolean that determines if follower scheduling is disabled. Resources that depend on other resources (e.g. deployments) are called leaders, and resources that are depended on (e.g. configmaps and secrets) are called followers. If a leader enables follower scheduling, its followers will additionally be scheduled to clusters where the leader is scheduled. + type: boolean + maxClusters: + description: MaxClusters is the maximum number of replicas that the federated object can be propagated to. The maximum number of clusters is unbounded if no value is provided. + format: int64 + type: integer + placement: + description: Placement is an explicit list of clusters used to select member clusters to propagate resources to. + items: + description: DesiredPlacement describes a cluster that a federated object can be propagated to and its propagation preferences. + properties: + cluster: + description: Cluster is the name of the FederatedCluster to propagate to. + type: string + preferences: + description: Preferences contains the cluster's propagation preferences. + properties: + maxReplicas: + description: Maximum number of replicas that should be assigned to this cluster workload object. Unbounded if no value provided (default). + format: int64 + minimum: 0 + type: integer + minReplicas: + description: Minimum number of replicas that should be assigned to this cluster workload object. 0 by default. + format: int64 + minimum: 0 + type: integer + priority: + description: A number expressing the priority of the cluster. The higher the value, the higher the priority. When selecting clusters for propagation, clusters with higher priority are preferred. When the Binpack ReplicasStrategy is selected, replicas will be scheduled to clusters with higher priority first. + format: int64 + minimum: 0 + type: integer + weight: + description: A number expressing the preference to put an additional replica to this cluster workload object. It will not take effect when ReplicasStrategy is Binpack. + format: int64 + minimum: 0 + type: integer + type: object + required: + - cluster + type: object + type: array + replicasStrategy: + default: Spread + description: ReplicasStrategy is the strategy used for scheduling replicas. + enum: + - Binpack + - Spread + type: string + reschedulePolicy: + default: + rescheduleWhen: + policyContentChanged: true + description: Configures behaviors related to rescheduling. + properties: + disableRescheduling: + description: DisableRescheduling determines if a federated object can be rescheduled. + type: boolean + replicaRescheduling: + description: Configures behaviors related to replica rescheduling. Default set via a post-generation patch. See patch file for details. + properties: + avoidDisruption: + default: true + description: If set to true, the scheduler will attempt to prevent migrating existing replicas during rescheduling. In order to do so, replica scheduling preferences might not be fully respected. If set to false, the scheduler will always rebalance the replicas based on the specified preferences, which might cause temporary service disruption. + type: boolean + type: object + default: {} + rescheduleWhen: + description: When the related objects should be subject to reschedule. + properties: + clusterAPIResourcesChanged: + default: false + description: If set to true, changes to clusters' enabled list of api resources will trigger rescheduling. It set to false, the scheduler will reschedule only when other options are triggered or the replicas or the requested resources of the template changed. + type: boolean + clusterJoined: + default: false + description: If set to true, clusters joining the federation will trigger rescheduling. It set to false, the scheduler will reschedule only when other options are triggered or the replicas or the requested resources of the template changed. + type: boolean + clusterLabelsChanged: + default: false + description: If set to true, changes to cluster labels will trigger rescheduling. It set to false, the scheduler will reschedule only when other options are triggered or the replicas or the requested resources of the template changed. + type: boolean + policyContentChanged: + default: true + description: If set to true, the scheduler will trigger rescheduling when the semantics of the policy changes. For example, modifying placement, schedulingMode, maxClusters, clusterSelector, and other configurations related to scheduling (includes reschedulePolicy itself) will immediately trigger rescheduling. Modifying the labels, annotations, autoMigration configuration will not trigger rescheduling. It set to false, the scheduler will not reschedule when the policy content changes. + type: boolean + type: object + type: object + schedulingMode: + description: SchedulingMode determines the mode used for scheduling. + enum: + - Duplicate + - Divide + type: string + schedulingProfile: + description: Profile determines the scheduling profile to be used for scheduling + type: string + tolerations: + description: Tolerations describe a set of cluster taints that the policy tolerates. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + required: + - schedulingMode + type: object + status: + properties: + refCount: + format: int64 + minimum: 0 + type: integer + typedRefCount: + items: + properties: + count: + format: int64 + minimum: 0 + type: integer + group: + type: string + resource: + type: string + required: + - count + - resource + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_schedulerpluginwebhookconfigurations.yaml b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_schedulerpluginwebhookconfigurations.yaml new file mode 100644 index 00000000..f0c47f7a --- /dev/null +++ b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_schedulerpluginwebhookconfigurations.yaml @@ -0,0 +1,87 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + kubeadmiral.io/no-federated-resource: "true" + creationTimestamp: null + name: schedulerpluginwebhookconfigurations.core.kubeadmiral.io +spec: + group: core.kubeadmiral.io + names: + kind: SchedulerPluginWebhookConfiguration + listKind: SchedulerPluginWebhookConfigurationList + plural: schedulerpluginwebhookconfigurations + singular: schedulerpluginwebhookconfiguration + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: SchedulerPluginWebhookConfiguration is a webhook that can be used as a scheduler plugin. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + filterPath: + description: Path for the filter call, empty if not supported. This path is appended to the URLPrefix when issuing the filter call to webhook. + type: string + httpTimeout: + default: 5s + description: HTTPTimeout specifies the timeout duration for a call to the webhook. Timeout fails the scheduling of the workload. Defaults to 5 seconds. + format: duration + type: string + payloadVersions: + description: PayloadVersions is an ordered list of preferred request and response versions the webhook expects. The scheduler will try to use the first version in the list which it supports. If none of the versions specified in this list supported by the scheduler, scheduling will fail for this object. + items: + type: string + minItems: 1 + type: array + scorePath: + description: Path for the score call, empty if not supported. This verb is appended to the URLPrefix when issuing the score call to webhook. + type: string + selectPath: + description: Path for the select call, empty if not supported. This verb is appended to the URLPrefix when issuing the select call to webhook. + type: string + tlsConfig: + description: TLSConfig specifies the transport layer security config. + properties: + caData: + description: CAData holds PEM-encoded bytes (typically read from a root certificates bundle). + format: byte + type: string + certData: + description: CertData holds PEM-encoded bytes (typically read from a client certificate file). + format: byte + type: string + insecure: + description: Server should be accessed without verifying the TLS certificate. For testing only. + type: boolean + keyData: + description: KeyData holds PEM-encoded bytes (typically read from a client certificate key file). + format: byte + type: string + serverName: + description: ServerName is passed to the server for SNI and is used in the client to check server certificates against. If ServerName is empty, the hostname used to contact the server is used. + type: string + type: object + urlPrefix: + description: URLPrefix at which the webhook is available + type: string + required: + - payloadVersions + - urlPrefix + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_schedulingprofiles.yaml b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_schedulingprofiles.yaml new file mode 100644 index 00000000..1ac860d9 --- /dev/null +++ b/charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io/core.kubeadmiral.io_schedulingprofiles.yaml @@ -0,0 +1,192 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + kubeadmiral.io/no-federated-resource: "true" + creationTimestamp: null + name: schedulingprofiles.core.kubeadmiral.io +spec: + group: core.kubeadmiral.io + names: + kind: SchedulingProfile + listKind: SchedulingProfileList + plural: schedulingprofiles + shortNames: + - sp + singular: schedulingprofile + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: SchedulingProfile configures the plugins to use when scheduling a resource + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + pluginConfig: + description: PluginConfig is an optional set of custom plugin arguments for each plugin. Omitting config args for a plugin is equivalent to using the default config for that plugin. + items: + description: PluginConfig specifies arguments that should be passed to a plugin at the time of initialization. A plugin that is invoked at multiple extension points is initialized once. Args can have arbitrary structure. It is up to the plugin to process these Args. + properties: + args: + description: Args defines the arguments passed to the plugins at the time of initialization. Args can have arbitrary structure. + x-kubernetes-preserve-unknown-fields: true + name: + description: Name defines the name of plugin being configured. + type: string + required: + - name + type: object + type: array + plugins: + description: Plugins specify the set of plugins that should be enabled or disabled. Enabled plugins are the ones that should be enabled in addition to the default plugins. Disabled plugins are any of the default plugins that should be disabled. When no enabled or disabled plugin is specified for an extension point, default plugins for that extension point will be used if there is any. + properties: + filter: + description: Filter is the list of plugins that should be invoked during the filter phase. + properties: + disabled: + description: Disabled specifies default plugins that should be disabled. + items: + description: Plugin specifies a plugin type, name and its weight when applicable. Weight is used only for Score plugins. + properties: + name: + description: Name defines the name of the plugin. + type: string + type: + description: Type defines the type of the plugin. Type should be omitted when referencing in-tree plugins. + enum: + - Webhook + type: string + wait: + description: Weight defines the weight of the plugin. + format: int64 + minimum: 0 + type: integer + type: object + type: array + enabled: + description: Enabled specifies plugins that should be enabled in addition to the default plugins. Enabled plugins are called in the order specified here, after default plugins. If they need to be invoked before default plugins, default plugins must be disabled and re-enabled here in desired order. + items: + description: Plugin specifies a plugin type, name and its weight when applicable. Weight is used only for Score plugins. + properties: + name: + description: Name defines the name of the plugin. + type: string + type: + description: Type defines the type of the plugin. Type should be omitted when referencing in-tree plugins. + enum: + - Webhook + type: string + wait: + description: Weight defines the weight of the plugin. + format: int64 + minimum: 0 + type: integer + type: object + type: array + type: object + score: + description: Score is the list of plugins that should be invoked during the score phase. + properties: + disabled: + description: Disabled specifies default plugins that should be disabled. + items: + description: Plugin specifies a plugin type, name and its weight when applicable. Weight is used only for Score plugins. + properties: + name: + description: Name defines the name of the plugin. + type: string + type: + description: Type defines the type of the plugin. Type should be omitted when referencing in-tree plugins. + enum: + - Webhook + type: string + wait: + description: Weight defines the weight of the plugin. + format: int64 + minimum: 0 + type: integer + type: object + type: array + enabled: + description: Enabled specifies plugins that should be enabled in addition to the default plugins. Enabled plugins are called in the order specified here, after default plugins. If they need to be invoked before default plugins, default plugins must be disabled and re-enabled here in desired order. + items: + description: Plugin specifies a plugin type, name and its weight when applicable. Weight is used only for Score plugins. + properties: + name: + description: Name defines the name of the plugin. + type: string + type: + description: Type defines the type of the plugin. Type should be omitted when referencing in-tree plugins. + enum: + - Webhook + type: string + wait: + description: Weight defines the weight of the plugin. + format: int64 + minimum: 0 + type: integer + type: object + type: array + type: object + select: + description: Select is the list of plugins that should be invoked during the select phase. + properties: + disabled: + description: Disabled specifies default plugins that should be disabled. + items: + description: Plugin specifies a plugin type, name and its weight when applicable. Weight is used only for Score plugins. + properties: + name: + description: Name defines the name of the plugin. + type: string + type: + description: Type defines the type of the plugin. Type should be omitted when referencing in-tree plugins. + enum: + - Webhook + type: string + wait: + description: Weight defines the weight of the plugin. + format: int64 + minimum: 0 + type: integer + type: object + type: array + enabled: + description: Enabled specifies plugins that should be enabled in addition to the default plugins. Enabled plugins are called in the order specified here, after default plugins. If they need to be invoked before default plugins, default plugins must be disabled and re-enabled here in desired order. + items: + description: Plugin specifies a plugin type, name and its weight when applicable. Weight is used only for Score plugins. + properties: + name: + description: Name defines the name of the plugin. + type: string + type: + description: Type defines the type of the plugin. Type should be omitted when referencing in-tree plugins. + enum: + - Webhook + type: string + wait: + description: Weight defines the weight of the plugin. + format: int64 + minimum: 0 + type: integer + type: object + type: array + type: object + type: object + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/charts/kubeadmiral/_admiral_control_plane/sample/host/01-ftc.yaml b/charts/kubeadmiral/_admiral_control_plane/sample/host/01-ftc.yaml new file mode 100644 index 00000000..1bf67904 --- /dev/null +++ b/charts/kubeadmiral/_admiral_control_plane/sample/host/01-ftc.yaml @@ -0,0 +1,466 @@ +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: namespaces +spec: + sourceType: + kind: Namespace + pluralName: namespaces + scope: Cluster + version: v1 + statusAggregation: + enabled: false + controllers: + - - kubeadmiral.io/nsautoprop-controller + - - kubeadmiral.io/overridepolicy-controller +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: configmaps +spec: + sourceType: + kind: ConfigMap + pluralName: configmaps + scope: Namespaced + version: v1 + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller + statusCollection: + enabled: true + fields: + - metadata.creationTimestamp +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: deployments.apps +spec: + sourceType: + group: apps + kind: Deployment + pluralName: deployments + scope: Namespaced + version: v1 + autoMigration: + enabled: true + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller + pathDefinition: + labelSelector: spec.selector + replicasSpec: spec.replicas + replicasStatus: status.replicas + availableReplicasStatus: status.availableReplicas + readyReplicasStatus: status.readyReplicas + statusCollection: + enabled: true + fields: + - metadata.creationTimestamp + - spec.replicas + - status +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: serviceaccounts +spec: + sourceType: + kind: ServiceAccount + pluralName: serviceaccounts + scope: Namespaced + version: v1 + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller + statusCollection: + enabled: true + fields: + - metadata.creationTimestamp +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: secrets +spec: + sourceType: + kind: Secret + pluralName: secrets + scope: Namespaced + version: v1 + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller + statusCollection: + enabled: true + fields: + - metadata.creationTimestamp +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: services +spec: + sourceType: + kind: Service + pluralName: services + scope: Namespaced + version: v1 + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller + statusCollection: + enabled: true + fields: + - metadata.creationTimestamp + - spec.clusterIP + - spec.type + - spec.ports + - status +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: storageclasses +spec: + sourceType: + group: storage.k8s.io + kind: StorageClass + pluralName: storageclasses + scope: Cluster + version: v1 + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller + statusCollection: + enabled: true + fields: + - metadata.creationTimestamp + - provisioner + - reclaimPolicy +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: persistentvolumes +spec: + sourceType: + kind: PersistentVolume + pluralName: persistentvolumes + scope: Cluster + version: v1 + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller + statusCollection: + enabled: true + fields: + - metadata.creationTimestamp + - spec.accessModes + - spec.capacity + - spec.storageClassName + - spec.persistentVolumeReclaimPolicy + - status +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: persistentvolumeclaims +spec: + sourceType: + kind: PersistentVolumeClaim + pluralName: persistentvolumeclaims + scope: Namespaced + version: v1 + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller + statusCollection: + enabled: true + fields: + - metadata.creationTimestamp + - spec.resources.requests + - spec.storageClassName + - status +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: clusterrolebindings.rbac.authorization.k8s.io +spec: + sourceType: + group: rbac.authorization.k8s.io + kind: ClusterRoleBinding + pluralName: clusterrolebindings + scope: Cluster + version: v1 + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: clusterroles.rbac.authorization.k8s.io +spec: + sourceType: + group: rbac.authorization.k8s.io + kind: ClusterRole + pluralName: clusterroles + scope: Cluster + version: v1 + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: rolebindings.rbac.authorization.k8s.io +spec: + sourceType: + group: rbac.authorization.k8s.io + kind: RoleBinding + pluralName: rolebindings + scope: Namespaced + version: v1 + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: roles.rbac.authorization.k8s.io +spec: + sourceType: + group: rbac.authorization.k8s.io + kind: Role + pluralName: roles + scope: Namespaced + version: v1 + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: statefulsets.apps +spec: + sourceType: + group: apps + kind: StatefulSet + pluralName: statefulsets + scope: Namespaced + version: v1 + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller + statusCollection: + enabled: true + fields: + - metadata.creationTimestamp + - spec.replicas + - status +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: daemonsets.apps +spec: + sourceType: + group: apps + kind: DaemonSet + pluralName: daemonsets + scope: Namespaced + version: v1 + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller + statusCollection: + enabled: true + fields: + - metadata.creationTimestamp + - status +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: jobs.batch +spec: + sourceType: + group: batch + kind: Job + pluralName: jobs + scope: Namespaced + version: v1 + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller + statusCollection: + enabled: true + fields: + - metadata.creationTimestamp + - status +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: cronjobs.batch +spec: + sourceType: + group: batch + kind: CronJob + pluralName: cronjobs + scope: Namespaced + version: v1beta1 + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller + statusCollection: + enabled: true + fields: + - metadata.creationTimestamp + - status +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: ingresses.networking.k8s.io +spec: + sourceType: + group: networking.k8s.io + kind: Ingress + pluralName: ingresses + scope: Namespaced + version: v1 + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller + statusCollection: + enabled: true + fields: + - metadata.creationTimestamp + - spec.rules + - status +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: limitranges +spec: + sourceType: + kind: LimitRange + pluralName: limitranges + scope: Namespaced + version: v1 + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: resourcequotas +spec: + sourceType: + kind: ResourceQuota + pluralName: resourcequotas + scope: Namespaced + version: v1 + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller + statusCollection: + enabled: true + fields: + - metadata.creationTimestamp + - status +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: customresourcedefinitions.apiextensions.k8s.io +spec: + sourceType: + kind: CustomResourceDefinition + pluralName: customresourcedefinitions + scope: Cluster + version: v1 + group: apiextensions.k8s.io + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller + statusCollection: + enabled: true + fields: + - metadata.creationTimestamp + - status +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + annotations: + kubeadmiral.io/scale-target-ref-path: spec.scaleTargetRef + name: horizontalpodautoscalers.autoscaling +spec: + sourceType: + group: autoscaling + kind: HorizontalPodAutoscaler + pluralName: horizontalpodautoscalers + scope: Namespaced + version: v2beta2 + controllers: + - - kubeadmiral.io/federatedhpa-controller + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller + statusCollection: + enabled: true + fields: + - metadata.creationTimestamp + - status +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: serviceimports.multicluster.x-k8s.io +spec: + sourceType: + kind: ServiceImport + pluralName: serviceimports + scope: Namespaced + version: v1alpha1 + group: multicluster.x-k8s.io + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: serviceexports.multicluster.x-k8s.io +spec: + sourceType: + kind: ServiceExport + pluralName: serviceexports + scope: Namespaced + version: v1alpha1 + group: multicluster.x-k8s.io + controllers: + - - kubeadmiral.io/global-scheduler + - - kubeadmiral.io/overridepolicy-controller +--- +apiVersion: core.kubeadmiral.io/v1alpha1 +kind: FederatedTypeConfig +metadata: + name: endpointslices.discovery.k8s.io +spec: + sourceType: + kind: EndpointSlice + pluralName: endpointslices + scope: Namespaced + version: v1beta1 + group: discovery.k8s.io diff --git a/charts/kubeadmiral/templates/_helpers.tpl b/charts/kubeadmiral/templates/_helpers.tpl new file mode 100644 index 00000000..d5db8418 --- /dev/null +++ b/charts/kubeadmiral/templates/_helpers.tpl @@ -0,0 +1,111 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "kubeadmiral.name" -}} +{{- default .Release.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "kubeadmiral.namespace" -}} +{{- default .Release.Namespace -}} +{{- end -}} + +{{/* +params of etcd +*/}} +{{- define "kubeadmiral.etcd.image" -}} +{{- printf "%s" .Values.etcd.image.name -}} +{{- end -}} + +{{/* +params of kubeadmiral-apiserver +*/}} +{{- define "kubeadmiral.apiserver.image" -}} +{{- printf "%s" .Values.apiServer.image.name -}} +{{- end -}} + +{{/* +params of kubeadmiral-kube-controller-manager +*/}} +{{- define "kubeadmiral.kubeControllerManager.image" -}} +{{- printf "%s" .Values.kubeControllerManager.image.name -}} +{{- end -}} + +{{/* +params of kubeadmiral-controller-manager +*/}} +{{- define "kubeadmiral.kubeadmiralControllerManager.image" -}} +{{- printf "%s" .Values.kubeadmiralControllerManager.image.name -}} +{{- end -}} + +{{- define "kubeadmiral.kubeadmiralControllerManager.extraCommandArgs" -}} +{{- if .Values.kubeadmiralControllerManager.extraCommandArgs }} +{{- range $key, $value := .Values.kubeadmiralControllerManager.extraCommandArgs }} +- --{{ $key }}={{ $value }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* +params of kubeadmiral-hpa-aggregator +*/}} +{{- define "kubeadmiral.kubeadmiralHpaAggregator.image" -}} +{{- printf "%s" .Values.kubeadmiralHpaAggregator.image.name -}} +{{- end -}} + +{{- define "kubeadmiral.kubeadmiralHpaAggregator.extraCommandArgs" -}} +{{- if .Values.kubeadmiralHpaAggregator.extraCommandArgs }} +{{- range $key, $value := .Values.kubeadmiralHpaAggregator.extraCommandArgs }} +- --{{ $key }}={{ $value }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* +params of cfssl and kubectl components +*/}} +{{- define "kubeadmiral.cfssl.image" -}} +{{- printf "%s" .Values.installTools.cfssl.image.name -}} +{{- end -}} +{{- define "kubeadmiral.kubectl.image" -}} +{{- printf "%s" .Values.installTools.kubectl.image.name -}} +{{- end -}} + +{{- define "kubeadmiral.kubeconfig.volume" -}} +{{- $name := include "kubeadmiral.name" . -}} +- name: kubeconfig-secret + secret: + secretName: {{ $name }}-kubeconfig-secret +{{- end -}} + +{{- define "kubeadmiral.kubeconfig.volumeMount" -}} +- name: kubeconfig-secret + subPath: kubeconfig + mountPath: /etc/kubeconfig +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kubeadmiral.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kubeadmiral.labels" -}} +helm.sh/chart: {{ include "kubeadmiral.chart" . }} +{{ include "kubeadmiral.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kubeadmiral.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kubeadmiral.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/kubeadmiral/templates/etcd.yaml b/charts/kubeadmiral/templates/etcd.yaml new file mode 100644 index 00000000..aa9cba4b --- /dev/null +++ b/charts/kubeadmiral/templates/etcd.yaml @@ -0,0 +1,123 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: etcd + namespace: {{ include "kubeadmiral.namespace" . }} + labels: + app: etcd +spec: + replicas: 1 + serviceName: etcd + selector: + matchLabels: + app: etcd + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app: etcd + spec: + automountServiceAccountToken: false + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - etcd + topologyKey: kubernetes.io/hostname + tolerations: + - operator: Exists + containers: + - name: etcd + image: {{ template "kubeadmiral.etcd.image" . }} + imagePullPolicy: {{ .Values.etcd.image.pullPolicy }} + livenessProbe: + exec: + command: + - /bin/sh + - -ec + - 'etcdctl get /registry --prefix --keys-only --endpoints https://127.0.0.1:2379 --cacert /etc/kubeadmiral/pki/etcd-ca.crt --cert /etc/kubeadmiral/pki/etcd-server.crt --key /etc/kubeadmiral/pki/etcd-server.key' + failureThreshold: 3 + initialDelaySeconds: 600 + periodSeconds: 60 + successThreshold: 1 + timeoutSeconds: 10 + ports: + - containerPort: 2379 + name: client + protocol: TCP + - containerPort: 2380 + name: server + protocol: TCP + volumeMounts: + - mountPath: /var/lib/etcd + name: etcd-data + - mountPath: /etc/kubeadmiral/pki + name: etcd-certs + resources: + requests: + cpu: 100m + memory: 100Mi + command: + - etcd + - --name=etcd0 + - --listen-peer-urls=http://0.0.0.0:2380 + - --listen-client-urls=https://0.0.0.0:2379 + - --advertise-client-urls=https://etcd-client.{{ include "kubeadmiral.namespace" . }}.svc.{{ .Values.clusterDomain }}:2379 + - --initial-cluster=etcd0=http://etcd-0.etcd.{{ include "kubeadmiral.namespace" . }}.svc.{{ .Values.clusterDomain }}:2380 + - --initial-cluster-state=new + - --cert-file=/etc/kubeadmiral/pki/etcd-server.crt + - --client-cert-auth=true + - --key-file=/etc/kubeadmiral/pki/etcd-server.key + - --trusted-ca-file=/etc/kubeadmiral/pki/etcd-ca.crt + - --data-dir=/var/lib/etcd + - --snapshot-count=10000 + volumes: + - hostPath: + path: /var/lib/kubeadmiral-etcd + type: DirectoryOrCreate + name: etcd-data + - name: etcd-certs + secret: + secretName: {{ include "kubeadmiral.name" . }}-cert-secret +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: etcd + name: etcd-client + namespace: {{ include "kubeadmiral.namespace" . }} +spec: + ports: + - name: etcd-client-port + port: 2379 + protocol: TCP + targetPort: 2379 + selector: + app: etcd +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: etcd + name: etcd + namespace: {{ include "kubeadmiral.namespace" . }} +spec: + ports: + - name: client + port: 2379 + protocol: TCP + targetPort: 2379 + - name: server + port: 2380 + protocol: TCP + targetPort: 2380 + clusterIP: None + selector: + app: etcd diff --git a/charts/kubeadmiral/templates/kube-apiserver.yaml b/charts/kubeadmiral/templates/kube-apiserver.yaml new file mode 100644 index 00000000..3ca7ae51 --- /dev/null +++ b/charts/kubeadmiral/templates/kube-apiserver.yaml @@ -0,0 +1,137 @@ +{{- $name := include "kubeadmiral.name" . -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $name }}-apiserver + namespace: {{ include "kubeadmiral.namespace" . }} + labels: + app: {{ $name }}-apiserver +spec: + replicas: 1 + selector: + matchLabels: + app: {{ $name }}-apiserver + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: {{ $name }}-apiserver + spec: + automountServiceAccountToken: false + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - {{ $name }}-apiserver + topologyKey: kubernetes.io/hostname + containers: + - command: + - kube-apiserver + - --allow-privileged=true + - --authorization-mode=Node,RBAC + - --client-ca-file=/etc/kubeadmiral/pki/ca.crt + - --enable-admission-plugins=NodeRestriction + - --enable-bootstrap-token-auth=true + - --enable-aggregator-routing=false # make sure ExternalName svc can work for HPA aggregator + - --etcd-cafile=/etc/kubeadmiral/pki/etcd-ca.crt + - --etcd-certfile=/etc/kubeadmiral/pki/etcd-client.crt + - --etcd-keyfile=/etc/kubeadmiral/pki/etcd-client.key + - --etcd-servers=https://etcd-client.{{ include "kubeadmiral.namespace" . }}.svc.{{ .Values.clusterDomain }}:2379 + - --bind-address=0.0.0.0 + - --kubelet-client-certificate=/etc/kubeadmiral/pki/kubeadmiral.crt + - --kubelet-client-key=/etc/kubeadmiral/pki/kubeadmiral.key + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --disable-admission-plugins=StorageObjectInUseProtection,ServiceAccount + - --runtime-config= + - --secure-port=5443 + - --service-account-issuer=https://kubernetes.default.svc.{{ .Values.clusterDomain }} + - --service-account-key-file=/etc/kubeadmiral/pki/kubeadmiral.key + - --service-account-signing-key-file=/etc/kubeadmiral/pki/kubeadmiral.key + - --service-cluster-ip-range=10.96.0.0/12 + - --proxy-client-cert-file=/etc/kubeadmiral/pki/front-proxy-client.crt + - --proxy-client-key-file=/etc/kubeadmiral/pki/front-proxy-client.key + - --requestheader-allowed-names=front-proxy-client + - --requestheader-client-ca-file=/etc/kubeadmiral/pki/front-proxy-ca.crt + - --requestheader-extra-headers-prefix=X-Remote-Extra- + - --requestheader-group-headers=X-Remote-Group + - --requestheader-username-headers=X-Remote-User + - --tls-cert-file=/etc/kubeadmiral/pki/apiserver.crt + - --tls-private-key-file=/etc/kubeadmiral/pki/apiserver.key + name: {{ $name }}-apiserver + image: {{ template "kubeadmiral.apiserver.image" . }} + imagePullPolicy: {{ .Values.apiServer.image.pullPolicy }} + livenessProbe: + failureThreshold: 8 + httpGet: + path: /livez + port: 5443 + scheme: HTTPS + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 15 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 5443 + scheme: HTTPS + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 15 + resources: + requests: + cpu: 250m + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/kubeadmiral/pki + name: kubeadmiral-certs + readOnly: true + {{- if .Values.apiServer.hostNetwork }} + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + {{- end }} + enableServiceLinks: true + preemptionPolicy: PreemptLowerPriority + priority: 2000001000 + priorityClassName: system-node-critical + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + tolerations: + - effect: NoExecute + operator: Exists + volumes: + - name: kubeadmiral-certs + secret: + secretName: {{ $name }}-cert-secret +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ $name }}-apiserver + namespace: {{ include "kubeadmiral.namespace" . }} + labels: + app: {{ $name }}-apiserver +spec: + type: {{ .Values.apiServer.serviceType }} + ports: + - name: {{ $name }}-apiserver-kubectl + {{- if and (eq .Values.apiServer.serviceType "NodePort") (.Values.apiServer.nodePort) }} + nodePort: {{ .Values.apiServer.nodePort }} + {{- end }} + port: 5443 + protocol: TCP + targetPort: 5443 + selector: + app: {{ $name }}-apiserver diff --git a/charts/kubeadmiral/templates/kube-controller-manager.yaml b/charts/kubeadmiral/templates/kube-controller-manager.yaml new file mode 100644 index 00000000..96da3f4c --- /dev/null +++ b/charts/kubeadmiral/templates/kube-controller-manager.yaml @@ -0,0 +1,86 @@ +{{- $name := include "kubeadmiral.name" . -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $name }}-kube-controller-manager + namespace: {{ include "kubeadmiral.namespace" . }} + labels: + app: {{ $name }}-kube-controller-manager +spec: + replicas: 1 + selector: + matchLabels: + app: {{ $name }}-kube-controller-manager + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: {{ $name }}-kube-controller-manager + spec: + automountServiceAccountToken: false + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - {{ $name }}-kube-controller-manager + topologyKey: kubernetes.io/hostname + containers: + - command: + - kube-controller-manager + - --allocate-node-cidrs=true + - --authentication-kubeconfig=/etc/kubeconfig + - --authorization-kubeconfig=/etc/kubeconfig + - --bind-address=0.0.0.0 + - --client-ca-file=/etc/kubeadmiral/pki/ca.crt + - --cluster-cidr=10.244.0.0/16 + - --cluster-name=kubeadmiral + - --cluster-signing-cert-file=/etc/kubeadmiral/pki/ca.crt + - --cluster-signing-key-file=/etc/kubeadmiral/pki/ca.key + - --controllers={{ .Values.kubeControllerManager.controllers }} + - --kubeconfig=/etc/kubeconfig + - --leader-elect=true + - --node-cidr-mask-size=24 + - --root-ca-file=/etc/kubeadmiral/pki/ca.crt + - --service-account-private-key-file=/etc/kubeadmiral/pki/kubeadmiral.key + - --service-cluster-ip-range=10.96.0.0/12 + - --use-service-account-credentials=true + - --v=4 + image: {{ template "kubeadmiral.kubeControllerManager.image" . }} + imagePullPolicy: {{ .Values.kubeControllerManager.image.pullPolicy }} + livenessProbe: + failureThreshold: 8 + httpGet: + path: /healthz + port: 10257 + scheme: HTTPS + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 15 + name: {{ $name }}-kube-controller-manager + resources: + requests: + cpu: 200m + volumeMounts: + - mountPath: /etc/kubeadmiral/pki + name: kubeadmiral-certs + readOnly: true + - mountPath: /etc/kubeconfig + subPath: kubeconfig + name: kubeconfig + priorityClassName: system-node-critical + volumes: + - name: kubeadmiral-certs + secret: + secretName: {{ $name }}-cert-secret + - name: kubeconfig + secret: + secretName: {{ $name }}-kubeconfig-secret diff --git a/charts/kubeadmiral/templates/kubeadmiral-controller-manager.yaml b/charts/kubeadmiral/templates/kubeadmiral-controller-manager.yaml new file mode 100644 index 00000000..6277d3d2 --- /dev/null +++ b/charts/kubeadmiral/templates/kubeadmiral-controller-manager.yaml @@ -0,0 +1,61 @@ +{{- $name := include "kubeadmiral.name" . -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $name }}-controller-manager + namespace: {{ include "kubeadmiral.namespace" . }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "2" + labels: + app: {{ $name }}-controller-manager + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" +spec: + replicas: 1 + selector: + matchLabels: + app: {{ $name }}-controller-manager + template: + metadata: + labels: + app: {{ $name }}-controller-manager + spec: + containers: + - name: {{ $name }}-controller-manager + command: + - /kubeadmiral-controller-manager + - --kubeconfig=/etc/kubeconfig + - --klog-v=4 + {{- include "kubeadmiral.kubeadmiralControllerManager.extraCommandArgs" . | nindent 12 }} + livenessProbe: + failureThreshold: 8 + httpGet: + path: /livez + port: 11257 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 15 + readinessProbe: + failureThreshold: 4 + httpGet: + path: /readyz + port: 11257 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 15 + image: {{ template "kubeadmiral.kubeadmiralControllerManager.image" . }} + imagePullPolicy: {{ .Values.kubeadmiralControllerManager.image.pullPolicy }} + volumeMounts: + - name: kubeconfig + subPath: kubeconfig + mountPath: /etc/kubeconfig + restartPolicy: Always + automountServiceAccountToken: false + volumes: + - name: kubeconfig + secret: + secretName: {{ $name }}-kubeconfig-secret diff --git a/charts/kubeadmiral/templates/kubeadmiral-hpa-aggregator.yaml b/charts/kubeadmiral/templates/kubeadmiral-hpa-aggregator.yaml new file mode 100644 index 00000000..c70faaaa --- /dev/null +++ b/charts/kubeadmiral/templates/kubeadmiral-hpa-aggregator.yaml @@ -0,0 +1,165 @@ +{{- $name := include "kubeadmiral.name" . -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $name }}-hpa-aggregator + namespace: {{ include "kubeadmiral.namespace" . }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "2" + labels: + app: {{ $name }}-hpa-aggregator + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" +spec: + replicas: 1 + selector: + matchLabels: + app: {{ $name }}-hpa-aggregator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: {{ $name }}-hpa-aggregator + spec: + automountServiceAccountToken: false + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - {{ $name }}-hpa-aggregator + topologyKey: kubernetes.io/hostname + containers: + - name: {{ $name }}-hpa-aggregator + command: + - /kubeadmiral-hpa-aggregator + - --bind-address=0.0.0.0 + - --client-ca-file=/etc/kubeadmiral/pki/ca.crt + - --requestheader-allowed-names=front-proxy-client + - --requestheader-client-ca-file=/etc/kubeadmiral/pki/front-proxy-ca.crt + - --requestheader-extra-headers-prefix=X-Remote-Extra- + - --requestheader-group-headers=X-Remote-Group + - --requestheader-username-headers=X-Remote-User + - --tls-cert-file=/etc/kubeadmiral/pki/apiserver.crt + - --tls-private-key-file=/etc/kubeadmiral/pki/apiserver.key + - --secure-port=443 + - --kubeconfig=/etc/kubeconfig + - --authentication-kubeconfig=/etc/kubeconfig + - --authorization-kubeconfig=/etc/kubeconfig + - --kube-api-burst=100 + - --kube-api-qps=50 + - --feature-gates=APIPriorityAndFairness=false + - --klog-v=4 + {{- include "kubeadmiral.kubeadmiralHpaAggregator.extraCommandArgs" . | nindent 12 }} + image: {{ template "kubeadmiral.kubeadmiralHpaAggregator.image" . }} + imagePullPolicy: {{ .Values.kubeadmiralHpaAggregator.image.pullPolicy }} + livenessProbe: + failureThreshold: 8 + httpGet: + path: /livez + port: 443 + scheme: HTTPS + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 15 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 443 + scheme: HTTPS + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 15 + resources: + requests: + cpu: 250m + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/kubeadmiral/pki + name: kubeadmiral-certs + readOnly: true + - mountPath: /etc/kubeconfig + subPath: kubeconfig + name: kubeconfig + - command: + - kube-controller-manager + - --allocate-node-cidrs=true + - --authentication-kubeconfig=/etc/hpa-kubeconfig + - --authorization-kubeconfig=/etc/hpa-kubeconfig + - --bind-address=0.0.0.0 + - --client-ca-file=/etc/kubeadmiral/pki/ca.crt + - --cluster-cidr=10.244.0.0/16 + - --cluster-name=kubeadmiral + - --cluster-signing-cert-file=/etc/kubeadmiral/pki/ca.crt + - --cluster-signing-key-file=/etc/kubeadmiral/pki/ca.key + - --controllers=horizontalpodautoscaling + - --kubeconfig=/etc/hpa-kubeconfig + - --leader-elect=true + - --leader-elect-resource-name=hpa-controller + - --requestheader-client-ca-file=/etc/kubeadmiral/pki/front-proxy-ca.crt + - --root-ca-file=/etc/kubeadmiral/pki/ca.crt + - --service-cluster-ip-range=10.96.0.0/12 + - --service-account-private-key-file=/etc/kubeadmiral/pki/kubeadmiral.key + - --use-service-account-credentials=true + - --v=4 + image: {{ template "kubeadmiral.kubeControllerManager.image" . }} + imagePullPolicy: {{ .Values.kubeControllerManager.image.pullPolicy }} + livenessProbe: + failureThreshold: 8 + httpGet: + path: /healthz + port: 10257 + scheme: HTTPS + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 15 + name: hpa-controller + resources: + requests: + cpu: 200m + volumeMounts: + - mountPath: /etc/kubeadmiral/pki + name: kubeadmiral-certs + readOnly: true + - mountPath: /etc/hpa-kubeconfig + subPath: hpa-kubeconfig + name: kubeconfig + dnsPolicy: ClusterFirstWithHostNet + restartPolicy: Always + tolerations: + - effect: NoExecute + operator: Exists + volumes: + - name: kubeadmiral-certs + secret: + secretName: {{ $name }}-cert-secret + - name: kubeconfig + secret: + secretName: {{ $name }}-kubeconfig-secret +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ $name }}-hpa-aggregator + namespace: {{ include "kubeadmiral.namespace" . }} + labels: + app: {{ $name }}-hpa-aggregator + apiserver: "true" +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 443 + selector: + app: {{ $name }}-hpa-aggregator diff --git a/charts/kubeadmiral/templates/post-delete.yaml b/charts/kubeadmiral/templates/post-delete.yaml new file mode 100644 index 00000000..dbfbb599 --- /dev/null +++ b/charts/kubeadmiral/templates/post-delete.yaml @@ -0,0 +1,38 @@ +{{- $name := include "kubeadmiral.name" . -}} +{{- $namespace := include "kubeadmiral.namespace" . -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ $name }}-post-delete" + namespace: {{ $namespace }} + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": "hook-succeeded" +spec: + parallelism: 1 + completions: 1 + template: + metadata: + name: {{ $name }} + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + spec: + serviceAccountName: {{ $name }}-pre-install-job + restartPolicy: Never + containers: + - name: post-delete + image: {{ template "kubeadmiral.kubectl.image" . }} + imagePullPolicy: {{ .Values.installTools.kubectl.image.pullPolicy }} + command: + - /bin/sh + - -c + - | + bash <<'EOF' + set -ex + kubectl delete cm -n {{ $namespace }} -l "helm.sh/chart"="{{ .Chart.Name }}-{{ .Chart.Version }}" --ignore-not-found=true + kubectl delete secret -n {{ $namespace }} -l "helm.sh/chart"="{{ .Chart.Name }}-{{ .Chart.Version }}" --ignore-not-found=true + kubectl delete deployment -n {{ $namespace }} -l "helm.sh/chart"="{{ .Chart.Name }}-{{ .Chart.Version }}" --ignore-not-found=true + EOF diff --git a/charts/kubeadmiral/templates/post-install.yaml b/charts/kubeadmiral/templates/post-install.yaml new file mode 100644 index 00000000..be285710 --- /dev/null +++ b/charts/kubeadmiral/templates/post-install.yaml @@ -0,0 +1,227 @@ +{{- $name := include "kubeadmiral.name" . -}} +{{- $namespace := include "kubeadmiral.namespace" . -}} +# 0. store all crds in the configmap of the host cluster +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $name }}-crds + namespace: {{ $namespace }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "0" + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" +data: + {{ range $path, $bytes := .Files.Glob (printf "_admiral_control_plane/crds/core_kubeadmiral_io/**")}} + {{ $name := base $path }} + {{- (printf "%s: " $name) | nindent 6 }} |- + {{- $.Files.Get $path | nindent 8 }} + {{ end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $name }}-sample + namespace: {{ $namespace }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "0" + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" +data: + {{ range $path, $bytes := .Files.Glob (printf "_admiral_control_plane/sample/host/**")}} + {{ $name := base $path }} + {{- (printf "%s: " $name) | nindent 6 }} |- + {{- $.Files.Get $path | nindent 8 }} + {{ end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $name }}-hpa-apiservice + namespace: {{ $namespace }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "0" + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" +data: + {{ $name }}-namespace.yaml: |- + apiVersion: v1 + kind: Namespace + metadata: + name: {{ $namespace }} + {{ $name }}-hpa-aggregator-apiservice.yaml: |- + apiVersion: v1 + kind: Service + metadata: + name: {{ $name }}-hpa-aggregator + namespace: {{ $namespace }} + spec: + externalName: {{ $name }}-hpa-aggregator + ports: + - port: 443 + protocol: TCP + targetPort: 443 + sessionAffinity: None + type: ExternalName + --- + apiVersion: apiregistration.k8s.io/v1 + kind: APIService + metadata: + labels: + apiserver: "true" + app: {{ $name }}-hpa-aggregator + name: v1beta1.metrics.k8s.io + spec: + group: metrics.k8s.io + groupPriorityMinimum: 2000 + insecureSkipTLSVerify: true + service: + name: {{ $name }}-hpa-aggregator + namespace: {{ $namespace }} + port: 443 + version: v1beta1 + versionPriority: 1 + --- + apiVersion: apiregistration.k8s.io/v1 + kind: APIService + metadata: + labels: + apiserver: "true" + app: {{ $name }}-hpa-aggregator + name: v1beta1.custom.metrics.k8s.io + spec: + group: custom.metrics.k8s.io + groupPriorityMinimum: 2000 + insecureSkipTLSVerify: true + service: + name: {{ $name }}-hpa-aggregator + namespace: {{ $namespace }} + port: 443 + version: v1beta1 + versionPriority: 1 + --- + apiVersion: apiregistration.k8s.io/v1 + kind: APIService + metadata: + labels: + apiserver: "true" + app: {{ $name }}-hpa-aggregator + name: v1alpha1.hpaaggregator.kubeadmiral.io + spec: + group: hpaaggregator.kubeadmiral.io + groupPriorityMinimum: 2000 + insecureSkipTLSVerify: true + service: + name: {{ $name }}-hpa-aggregator + namespace: {{ $namespace }} + port: 443 + version: v1alpha1 + versionPriority: 1 + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: admiral-system:controller:horizontal-pod-autoscaler + rules: + - apiGroups: + - hpaaggregator.kubeadmiral.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - '*' + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: admiral-system:controller:horizontal-pod-autoscaler + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: admiral-system:controller:horizontal-pod-autoscaler + subjects: + - apiGroup: rbac.authorization.k8s.io + kind: User + name: system:controller:horizontal-pod-autoscaler + - kind: ServiceAccount + name: horizontal-pod-autoscaler + namespace: kube-system +--- +# 1. install crds/hpa apiservice in the admiral control panel +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ $name }}-post-install" + namespace: {{ $namespace }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ $name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": post-install + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": "hook-succeeded" +spec: + parallelism: 1 + completions: 1 + template: + metadata: + name: {{ $name }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ $name | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + spec: + restartPolicy: Never + containers: + - name: post-install + image: {{ template "kubeadmiral.kubectl.image" . }} + imagePullPolicy: {{ .Values.installTools.kubectl.image.pullPolicy }} + command: + - /bin/sh + - -c + - | + bash <<'EOF' + set -ex + sleep 15 + kubectl apply -f /crds --kubeconfig /etc/kubeconfig + kubectl apply -f /sample --kubeconfig /etc/kubeconfig + + NOFED="kubeadmiral.io/no-federated-resource=1" + TARGET_ARRAY=(deploy daemonset cm secret role rolebinding clusterrole clusterrolebinding svc) + for target in ${TARGET_ARRAY[@]}; do + kubectl --kubeconfig=/etc/kubeconfig annotate ${target} -A --all --overwrite=true ${NOFED} + done + + kubectl apply -f /hpa-apiservice --kubeconfig /etc/kubeconfig + EOF + volumeMounts: + - name: {{ $name }}-crds + mountPath: /crds + - name: {{ $name }}-hpa-apiservice + mountPath: /hpa-apiservice + - name: {{ $name }}-sample + mountPath: /sample + {{ include "kubeadmiral.kubeconfig.volumeMount" . | nindent 10 }} + volumes: + - name: {{ $name }}-crds + configMap: + name: {{ $name }}-crds + - name: {{ $name }}-hpa-apiservice + configMap: + name: {{ $name }}-hpa-apiservice + - name: {{ $name }}-sample + configMap: + name: {{ $name }}-sample + {{ include "kubeadmiral.kubeconfig.volume" . | nindent 8 }} diff --git a/charts/kubeadmiral/templates/pre-install.yaml b/charts/kubeadmiral/templates/pre-install.yaml new file mode 100644 index 00000000..79d510fd --- /dev/null +++ b/charts/kubeadmiral/templates/pre-install.yaml @@ -0,0 +1,309 @@ +# 0. Basic permissions for job running +{{- $name := include "kubeadmiral.name" . -}} +{{- $namespace := include "kubeadmiral.namespace" . -}} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ $name }}-pre-install-job + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "0" +rules: + - apiGroups: ['*'] + resources: ['*'] + verbs: ["*"] + - nonResourceURLs: ['*'] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ $name }}-pre-install-job + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "0" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $name }}-pre-install-job +subjects: + - kind: ServiceAccount + name: {{ $name }}-pre-install-job + namespace: {{ $namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $name }}-pre-install-job + namespace: {{ $namespace }} + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "0" +# 1.1 Generate certificate storage template +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $name }}-pre-install-config + namespace: {{ $namespace }} + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" +data: + {{ $name }}-cert-secret.yaml: |- + apiVersion: v1 + kind: Secret + metadata: + name: {{ $name }}-cert-secret + namespace: {{ $namespace }} + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + type: Opaque + data: + ca.crt: |- + {{ print "{ca_crt}" }} + ca.key: |- + {{ print "{ca_key}" }} + kubeadmiral.crt: |- + {{ print "{client_crt}" }} + kubeadmiral.key: |- + {{ print "{client_key}" }} + apiserver.crt: |- + {{ print "{apiserver_crt}" }} + apiserver.key: |- + {{ print "{apiserver_key}" }} + front-proxy-ca.crt: |- + {{ print "{front_proxy_ca_crt}" }} + front-proxy-client.crt: |- + {{ print "{front_proxy_client_crt}" }} + front-proxy-client.key: |- + {{ print "{front_proxy_client_key}" }} + etcd-ca.crt: |- + {{ print "{etcd_ca_crt}" }} + etcd-server.crt: |- + {{ print "{etcd_server_crt}" }} + etcd-server.key: |- + {{ print "{etcd_server_key}" }} + etcd-client.crt: |- + {{ print "{etcd_client_crt}" }} + etcd-client.key: |- + {{ print "{etcd_client_key}" }} + {{ $name }}-kubeconfig-secret.yaml: |- + apiVersion: v1 + kind: Secret + metadata: + name: {{ $name }}-kubeconfig-secret + namespace: {{ $namespace }} + labels: + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + stringData: + kubeconfig: |- + apiVersion: v1 + kind: Config + clusters: + - cluster: + certificate-authority-data: {{ print "{ca_crt}" }} + server: https://{{ $name }}-apiserver.{{ $namespace }}.svc.{{ .Values.clusterDomain }}:5443 + name: {{ $name }}-apiserver + users: + - name: {{ $name }}-apiserver + user: + client-certificate-data: {{ print "{client_crt}" }} + client-key-data: {{ print "{client_key}" }} + contexts: + - name: {{ $name }}-apiserver + context: + cluster: {{ $name }}-apiserver + user: {{ $name }}-apiserver + current-context: {{ $name }}-apiserver + hpa-kubeconfig: |- + apiVersion: v1 + clusters: + - cluster: + certificate-authority-data: {{ print "{ca_crt}" }} + server: https://{{ $name }}-apiserver.{{ $namespace }}.svc.{{ .Values.clusterDomain }}:5443/apis/hpaaggregator.kubeadmiral.io/v1alpha1/aggregations/hpa/proxy + name: {{ $name }}-kubeadmiral-hpa + contexts: + - context: + cluster: {{ $name }}-kubeadmiral-hpa + user: {{ $name }}-kubeadmiral-hpa + name: kubeadmiral-hpa + current-context: kubeadmiral-hpa + kind: Config + preferences: {} + users: + - name: {{ $name }}-kubeadmiral-hpa + user: + client-certificate-data: {{ print "{client_crt}" }} + client-key-data: {{ print "{client_key}" }} + {{- if .Values.apiServer.externalIP }} + external-kubeconfig: |- + apiVersion: v1 + kind: Config + clusters: + - cluster: + certificate-authority-data: {{ print "{ca_crt}" }} + server: https://{{ .Values.apiServer.externalIP }}:5443 + name: {{ $name }}-apiserver + users: + - name: {{ $name }}-apiserver + user: + client-certificate-data: {{ print "{client_crt}" }} + client-key-data: {{ print "{client_key}" }} + contexts: + - name: {{ $name }}-apiserver + context: + cluster: {{ $name }}-apiserver + user: {{ $name }}-apiserver + current-context: {{ $name }}-apiserver + external-hpa-kubeconfig: |- + apiVersion: v1 + clusters: + - cluster: + certificate-authority-data: {{ print "{ca_crt}" }} + server: https://{{ .Values.apiServer.externalIP }}:5443/apis/hpaaggregator.kubeadmiral.io/v1alpha1/aggregations/hpa/proxy + name: {{ $name }}-kubeadmiral-hpa + contexts: + - context: + cluster: {{ $name }}-kubeadmiral-hpa + user: {{ $name }}-kubeadmiral-hpa + name: kubeadmiral-hpa + current-context: kubeadmiral-hpa + kind: Config + preferences: {} + users: + - name: {{ $name }}-kubeadmiral-hpa + user: + client-certificate-data: {{ print "{client_crt}" }} + client-key-data: {{ print "{client_key}" }} + {{- end }} +--- +# 1.2 Generate certificates and update configmap +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $name }}-pre-install-job + namespace: {{ $namespace }} + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": "hook-succeeded" +spec: + parallelism: 1 + completions: 1 + template: + metadata: + name: {{ $name }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ $name | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + spec: + serviceAccountName: {{ $name }}-pre-install-job + restartPolicy: Never + initContainers: + - name: init + image: {{ template "kubeadmiral.cfssl.image" . }} + imagePullPolicy: {{ .Values.installTools.cfssl.image.pullPolicy }} + workingDir: /opt/mount + command: + - /bin/sh + - -c + - | + bash <<'EOF' + set -ex + mkdir -p /opt/configs + mkdir -p /opt/certs + cp -r -L /opt/mount/* /opt/configs/ + + openssl req -nodes -newkey rsa:2048 -keyout "/opt/certs/ca.key" -out "/opt/certs/ca.crt" -x509 -sha256 -new -days 3650 -subj "/CN=kubeadmiral/" + echo '{"signing":{"default":{"expiry":"43800h","usages":["signing","key encipherment","client auth","server auth"]}}}' > "/opt/certs/ca-config.json" + openssl req -nodes -newkey rsa:2048 -keyout "/opt/certs/front-proxy-ca.key" -out "/opt/certs/front-proxy-ca.crt" -x509 -sha256 -new -days 3650 -subj "/CN=front-proxy-ca/" + echo '{"signing":{"default":{"expiry":"43800h","usages":["signing","key encipherment","client auth","server auth"]}}}' > "/opt/certs/front-proxy-ca-config.json" + openssl req -nodes -newkey rsa:2048 -keyout "/opt/certs/etcd-ca.key" -out "/opt/certs/etcd-ca.crt" -x509 -sha256 -new -days 3650 -subj "/CN=etcd-ca/" + echo '{"signing":{"default":{"expiry":"43800h","usages":["signing","key encipherment","client auth","server auth"]}}}' > "/opt/certs/etcd-ca-config.json" + + cd /opt/certs + echo '{"CN":"system:admin","hosts":{{ tpl (toJson .Values.apiServer.certHosts) . }},"names":[{"O":"system:masters"}],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -ca=ca.crt -ca-key=ca.key -config=ca-config.json - | cfssljson -bare kubeadmiral + echo '{"CN":"kubeadmiral-apiserver","hosts":{{ tpl (toJson .Values.apiServer.certHosts) . }},"names":[{"O":""}],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -ca=ca.crt -ca-key=ca.key -config=ca-config.json - | cfssljson -bare apiserver + echo '{"CN":"front-proxy-client","hosts":{{ tpl (toJson .Values.apiServer.certHosts) . }},"names":[{"O":""}],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -ca=front-proxy-ca.crt -ca-key=front-proxy-ca.key -config=front-proxy-ca-config.json - | cfssljson -bare front-proxy-client + echo '{"CN":"etcd-server","hosts":{{ tpl (toJson .Values.etcd.certHosts) . }},"names":[{"O":""}],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -ca=etcd-ca.crt -ca-key=etcd-ca.key -config=etcd-ca-config.json - | cfssljson -bare etcd-server + echo '{"CN":"etcd-client","hosts":{{ tpl (toJson .Values.etcd.certHosts) . }},"names":[{"O":""}],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -ca=etcd-ca.crt -ca-key=etcd-ca.key -config=etcd-ca-config.json - | cfssljson -bare etcd-client + + id_array=(kubeadmiral apiserver front-proxy-client etcd-server etcd-client) + for i in ${!id_array[@]}; do + mv "${id_array[$i]}-key.pem" "${id_array[$i]}.key" + mv "${id_array[$i]}.pem" "${id_array[$i]}.crt" + rm -f "${id_array[$i]}.csr" + done + + kubeadmiral_ca=$(base64 -i "/opt/certs/ca.crt" | tr -d '\r\n') + kubeadmiral_ca_key=$(base64 -i "/opt/certs/ca.key" | tr -d '\r\n') + + kubeadmiral_crt=$(base64 -i "/opt/certs/kubeadmiral.crt" | tr -d '\r\n') + kubeadmiral_key=$(base64 -i "/opt/certs/kubeadmiral.key" | tr -d '\r\n') + + kubeadmiral_apiserver_crt=$(base64 -i "/opt/certs/apiserver.crt" | tr -d '\r\n') + kubeadmiral_apiserver_key=$(base64 -i "/opt/certs/apiserver.key" | tr -d '\r\n') + + front_proxy_ca_crt=$(base64 -i "/opt/certs/front-proxy-ca.crt" | tr -d '\r\n') + front_proxy_client_crt=$(base64 -i "/opt/certs/front-proxy-client.crt" | tr -d '\r\n') + front_proxy_client_key=$(base64 -i "/opt/certs/front-proxy-client.key" | tr -d '\r\n') + + etcd_ca_crt=$(base64 -i "/opt/certs/etcd-ca.crt" | tr -d '\r\n') + etcd_server_crt=$(base64 -i "/opt/certs/etcd-server.crt" | tr -d '\r\n') + etcd_server_key=$(base64 -i "/opt/certs/etcd-server.key" | tr -d '\r\n') + etcd_client_crt=$(base64 -i "/opt/certs/etcd-client.crt" | tr -d '\r\n') + etcd_client_key=$(base64 -i "/opt/certs/etcd-client.key" | tr -d '\r\n') + + target_array=(ca_crt ca_key client_crt client_key apiserver_crt apiserver_key front_proxy_ca_crt front_proxy_client_crt front_proxy_client_key etcd_ca_crt etcd_server_crt etcd_server_key etcd_client_crt etcd_client_key) + value_array=($kubeadmiral_ca $kubeadmiral_ca_key $kubeadmiral_crt $kubeadmiral_key $kubeadmiral_apiserver_crt $kubeadmiral_apiserver_key $front_proxy_ca_crt $front_proxy_client_crt $front_proxy_client_key $etcd_ca_crt $etcd_server_crt $etcd_server_key $etcd_client_crt $etcd_client_key) + cmd_string="" + for i in ${!target_array[@]}; do + cmd_string+="s/{${target_array[$i]}}/${value_array[$i]}/g;" + done + + sed -i'' -e "$cmd_string" /opt/configs/{{ $name }}-cert-secret.yaml + + target_array=(ca_crt client_crt client_key) + value_array=($kubeadmiral_ca $kubeadmiral_crt $kubeadmiral_key) + cmd_string="" + for i in ${!target_array[@]}; do + cmd_string+="s/{${target_array[$i]}}/${value_array[$i]}/g;" + done + + sed -i'' -e "$cmd_string" /opt/configs/{{ $name }}-kubeconfig-secret.yaml + EOF + volumeMounts: + - name: mount + mountPath: /opt/mount + - name: configs + mountPath: /opt/configs + containers: + - name: pre-install + image: {{ template "kubeadmiral.kubectl.image" . }} + imagePullPolicy: {{ .Values.installTools.kubectl.image.pullPolicy }} + workingDir: /opt/mount + command: + - /bin/sh + - -c + - | + bash <<'EOF' + set -ex + kubectl apply --server-side -f /opt/configs/ + EOF + volumeMounts: + - name: mount + mountPath: /opt/mount + - name: configs + mountPath: /opt/configs + volumes: + - name: mount + configMap: + name: {{ $name }}-pre-install-config + - name: configs + emptyDir: {} +--- diff --git a/charts/kubeadmiral/values.yaml b/charts/kubeadmiral/values.yaml new file mode 100644 index 00000000..e93c102d --- /dev/null +++ b/charts/kubeadmiral/values.yaml @@ -0,0 +1,67 @@ +# Default values for kubeadmiral. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +clusterDomain: "cluster.local" + +etcd: + image: + name: "registry.k8s.io/etcd:3.4.13-0" + pullPolicy: IfNotPresent + certHosts: [ + "kubernetes.default.svc", + "*.etcd.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}", + "*.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}", + "*.{{ .Release.Namespace }}.svc", + "localhost", + "127.0.0.1" + ] + +apiServer: + image: + name: "registry.k8s.io/kube-apiserver:v1.20.15" + pullPolicy: IfNotPresent + hostNetwork: false + # ClusterIP, NodePort + serviceType: ClusterIP + # If you want to expose the apiserver to outside, you can set this field in advance, + # it will write the externalIP into certificates and generate kubeconfig with externalIP. + externalIP: "" + nodePort: 0 + certHosts: [ + "kubernetes.default.svc", + "*.etcd.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}", + "*.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}", + "*.{{ .Release.Namespace }}.svc", + "localhost", + "127.0.0.1", + "{{ .Values.apiServer.externalIP }}", + ] + +kubeControllerManager: + image: + name: "registry.k8s.io/kube-controller-manager:v1.20.15" + pullPolicy: IfNotPresent + controllers: namespace,garbagecollector + +kubeadmiralControllerManager: + image: + name: "docker.io/kubewharf/kubeadmiral-controller-manager:v1.0.0" + pullPolicy: IfNotPresent + extraCommandArgs: {} + +kubeadmiralHpaAggregator: + image: + name: "docker.io/kubewharf/kubeadmiral-hpa-aggregator:v1.0.0" + pullPolicy: IfNotPresent + extraCommandArgs: {} + +installTools: + cfssl: + image: + name: "docker.io/cfssl/cfssl:latest" + pullPolicy: IfNotPresent + kubectl: + image: + name: "docker.io/bitnami/kubectl:1.22.10" + pullPolicy: IfNotPresent diff --git a/hack/generate-groups.sh b/hack/generate-groups.sh index ee885e3d..eebf65e0 100755 --- a/hack/generate-groups.sh +++ b/hack/generate-groups.sh @@ -62,11 +62,12 @@ function codegen::join() { } # generate manifests +CORE_CRD_BASE_DIR="config/crds/bases/core_kubeadmiral_io" echo "Generating manifests" -${GOBIN}/controller-gen crd paths=$(codegen::join ";" "${INPUT_BASE}/${groups[0]}") output:crd:artifacts:config=config/crds/bases/core_kubeadmiral_io +${GOBIN}/controller-gen crd paths=$(codegen::join ";" "${INPUT_BASE}/${groups[0]}") output:crd:artifacts:config=${CORE_CRD_BASE_DIR} # patch CRDs with no-federate annotation -for crd_file in config/crds/bases/core_kubeadmiral_io/*.yaml; do +for crd_file in "${CORE_CRD_BASE_DIR}"/*.yaml; do yq eval -i ".metadata.annotations[\"${NO_FEDERATED_ANNOTATION}\"] = \"true\"" "${crd_file}" done @@ -76,7 +77,7 @@ for patch_file in config/crds/patches/*.sh; do continue fi - crd_file="config/crds/bases/core_kubeadmiral_io/$(basename "${patch_file}" .sh)".yaml + crd_file="${CORE_CRD_BASE_DIR}/$(basename "${patch_file}" .sh)".yaml if [[ ! -f "$crd_file" ]]; then echo "CRD patch file $patch_file does not have a corresponding CRD file" >&2 exit 1 @@ -85,6 +86,11 @@ for patch_file in config/crds/patches/*.sh; do PATH="$GOBIN:$PATH" bash $patch_file $crd_file done +# sync the generated CRD to the helm chart +HELM_CHART_CRD_DIR="charts/kubeadmiral/_admiral_control_plane/crds/core_kubeadmiral_io" +rm -rf "${HELM_CHART_CRD_DIR:?}/"* +cp ${CORE_CRD_BASE_DIR}/* ${HELM_CHART_CRD_DIR}/ + # generate deepcopy echo "Generating deepcopy funcs" ${GOBIN}/deepcopy-gen -h ${HEADER_FILE} -o ${OUTPUT_DIR} \ diff --git a/hack/make-rules/deploy-kubeadmiral.sh b/hack/make-rules/deploy-kubeadmiral.sh index d9042074..78307ad7 100644 --- a/hack/make-rules/deploy-kubeadmiral.sh +++ b/hack/make-rules/deploy-kubeadmiral.sh @@ -1,7 +1,6 @@ #!/usr/bin/env bash -# This file is based on https://github.com/karmada-io/karmada/blob/master/hack/deploy-karmada.sh -# Copyright 2023 The Karmada Authors. +# Copyright 2023 The KubeAdmiral Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,10 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -# -# This file may have been modified by The KubeAdmiral Authors -# ("KubeAdmiral Modifications"). All KubeAdmiral Modifications -# are Copyright 2023 The KubeAdmiral Authors. set -o errexit set -o nounset diff --git a/hack/make-rules/local-up.sh b/hack/make-rules/local-up.sh index 87c24406..57ffc738 100644 --- a/hack/make-rules/local-up.sh +++ b/hack/make-rules/local-up.sh @@ -1,7 +1,6 @@ #!/usr/bin/env bash -# This file is based on https://github.com/karmada-io/karmada/blob/master/hack/local-up-karmada.sh -# Copyright 2023 The Karmada Authors. +# Copyright 2023 The KubeAdmiral Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,10 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -# -# This file may have been modified by The KubeAdmiral Authors -# ("KubeAdmiral Modifications"). All KubeAdmiral Modifications -# are Copyright 2023 The KubeAdmiral Authors. set -o errexit set -o nounset diff --git a/hack/typos.toml b/hack/typos.toml index d2867066..566b30fb 100644 --- a/hack/typos.toml +++ b/hack/typos.toml @@ -1,5 +1,5 @@ [files] -extend-exclude = ["go.mod", "go.sum", "config/crds/", "pkg/client/openapi/"] +extend-exclude = ["go.mod", "go.sum", "config/crds/", "charts/kubeadmiral/_admiral_control_plane/crds", "pkg/client/openapi/"] [default] extend-ignore-re = ["shortName=[a-z]+", "Creater:.*misspell"]