From 4bff11d603d725220772f415bfbd79b00b5fc726 Mon Sep 17 00:00:00 2001 From: Francesco Cheinasso Date: Wed, 20 Sep 2023 12:36:24 +0200 Subject: [PATCH] CRDs helm subchart --- Makefile | 2 +- apis/ipam/v1alpha1/zz_generated.deepcopy.go | 1 - .../v1alpha1/zz_generated.deepcopy.go | 1 - deployments/liqo/Chart.yaml | 8 +- deployments/liqo/charts/liqo-crds/.helmignore | 23 + deployments/liqo/charts/liqo-crds/Chart.yaml | 18 + .../discovery.liqo.io_foreignclusters.yaml | 0 .../discovery.liqo.io_resourcerequests.yaml | 0 .../liqo-crds}/crds/ipam.liqo.io_ips.yaml | 3 +- .../crds/ipam.liqo.io_networks.yaml | 3 +- .../crds/net.liqo.io_ipamstorages.yaml | 0 .../crds/net.liqo.io_natmappings.yaml | 0 .../crds/net.liqo.io_networkconfigs.yaml | 0 .../crds/net.liqo.io_tunnelendpoints.yaml | 0 .../networking.liqo.io_configurations.yaml | 3 +- .../crds/networking.liqo.io_connections.yaml | 3 +- ...orking.liqo.io_firewallconfigurations.yaml | 3 +- .../networking.liqo.io_gatewayclients.yaml | 3 +- .../networking.liqo.io_gatewayservers.yaml | 3 +- .../crds/networking.liqo.io_publickeys.yaml | 3 +- .../networking.liqo.io_wggatewayclients.yaml | 3 +- ...king.liqo.io_wggatewayclienttemplates.yaml | 3 +- .../networking.liqo.io_wggatewayservers.yaml | 3 +- ...king.liqo.io_wggatewayservertemplates.yaml | 3 +- ...floading.liqo.io_namespaceoffloadings.yaml | 0 .../crds/sharing.liqo.io_resourceoffers.yaml | 0 .../virtualkubelet.liqo.io_namespacemaps.yaml | 0 ...lkubelet.liqo.io_shadowendpointslices.yaml | 0 .../virtualkubelet.liqo.io_shadowpods.yaml | 0 .../virtualkubelet.liqo.io_virtualnodes.yaml | 0 deployments/liqo/charts/liqo-crds/values.yaml | 82 + .../ip-controller/ip_controller.go | 2 +- tmp | 3934 +++++++++++++++++ 33 files changed, 4073 insertions(+), 34 deletions(-) create mode 100644 deployments/liqo/charts/liqo-crds/.helmignore create mode 100644 deployments/liqo/charts/liqo-crds/Chart.yaml rename deployments/liqo/{ => charts/liqo-crds}/crds/discovery.liqo.io_foreignclusters.yaml (100%) rename deployments/liqo/{ => charts/liqo-crds}/crds/discovery.liqo.io_resourcerequests.yaml (100%) rename deployments/liqo/{ => charts/liqo-crds}/crds/ipam.liqo.io_ips.yaml (96%) rename deployments/liqo/{ => charts/liqo-crds}/crds/ipam.liqo.io_networks.yaml (96%) rename deployments/liqo/{ => charts/liqo-crds}/crds/net.liqo.io_ipamstorages.yaml (100%) rename deployments/liqo/{ => charts/liqo-crds}/crds/net.liqo.io_natmappings.yaml (100%) rename deployments/liqo/{ => charts/liqo-crds}/crds/net.liqo.io_networkconfigs.yaml (100%) rename deployments/liqo/{ => charts/liqo-crds}/crds/net.liqo.io_tunnelendpoints.yaml (100%) rename deployments/liqo/{ => charts/liqo-crds}/crds/networking.liqo.io_configurations.yaml (98%) rename deployments/liqo/{ => charts/liqo-crds}/crds/networking.liqo.io_connections.yaml (98%) rename deployments/liqo/{ => charts/liqo-crds}/crds/networking.liqo.io_firewallconfigurations.yaml (98%) rename deployments/liqo/{ => charts/liqo-crds}/crds/networking.liqo.io_gatewayclients.yaml (98%) rename deployments/liqo/{ => charts/liqo-crds}/crds/networking.liqo.io_gatewayservers.yaml (99%) rename deployments/liqo/{ => charts/liqo-crds}/crds/networking.liqo.io_publickeys.yaml (95%) rename deployments/liqo/{ => charts/liqo-crds}/crds/networking.liqo.io_wggatewayclients.yaml (99%) rename deployments/liqo/{ => charts/liqo-crds}/crds/networking.liqo.io_wggatewayclienttemplates.yaml (99%) rename deployments/liqo/{ => charts/liqo-crds}/crds/networking.liqo.io_wggatewayservers.yaml (99%) rename deployments/liqo/{ => charts/liqo-crds}/crds/networking.liqo.io_wggatewayservertemplates.yaml (99%) rename deployments/liqo/{ => charts/liqo-crds}/crds/offloading.liqo.io_namespaceoffloadings.yaml (100%) rename deployments/liqo/{ => charts/liqo-crds}/crds/sharing.liqo.io_resourceoffers.yaml (100%) rename deployments/liqo/{ => charts/liqo-crds}/crds/virtualkubelet.liqo.io_namespacemaps.yaml (100%) rename deployments/liqo/{ => charts/liqo-crds}/crds/virtualkubelet.liqo.io_shadowendpointslices.yaml (100%) rename deployments/liqo/{ => charts/liqo-crds}/crds/virtualkubelet.liqo.io_shadowpods.yaml (100%) rename deployments/liqo/{ => charts/liqo-crds}/crds/virtualkubelet.liqo.io_virtualnodes.yaml (100%) create mode 100644 deployments/liqo/charts/liqo-crds/values.yaml create mode 100644 tmp diff --git a/Makefile b/Makefile index f421868704..9a7a4cca73 100644 --- a/Makefile +++ b/Makefile @@ -49,7 +49,7 @@ purge: manifests ctl # Generate manifests e.g. CRD, RBAC etc. manifests: controller-gen rm -f deployments/liqo/crds/* - $(CONTROLLER_GEN) paths="./apis/..." crd:generateEmbeddedObjectMeta=true output:crd:artifacts:config=deployments/liqo/crds + $(CONTROLLER_GEN) paths="./apis/..." crd:generateEmbeddedObjectMeta=true output:crd:artifacts:config=deployments/liqo/charts/liqo-crds/crds #Generate RBAC for each controller rbacs: controller-gen diff --git a/apis/ipam/v1alpha1/zz_generated.deepcopy.go b/apis/ipam/v1alpha1/zz_generated.deepcopy.go index 3e6627aca2..b5ca0aa7ab 100644 --- a/apis/ipam/v1alpha1/zz_generated.deepcopy.go +++ b/apis/ipam/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Copyright 2019-2023 The Liqo Authors // diff --git a/apis/networking/v1alpha1/zz_generated.deepcopy.go b/apis/networking/v1alpha1/zz_generated.deepcopy.go index f934d7e41d..1bbcc2e4bb 100644 --- a/apis/networking/v1alpha1/zz_generated.deepcopy.go +++ b/apis/networking/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Copyright 2019-2023 The Liqo Authors // diff --git a/deployments/liqo/Chart.yaml b/deployments/liqo/Chart.yaml index ec29bab0ca..07bdfb5f71 100644 --- a/deployments/liqo/Chart.yaml +++ b/deployments/liqo/Chart.yaml @@ -14,9 +14,5 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: "0.1" - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. -# AppVersion is commented by default. Uncomment it or add it as extra-args to helm package if you want to release a new Liqo version -# appVersion: +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 diff --git a/deployments/liqo/charts/liqo-crds/.helmignore b/deployments/liqo/charts/liqo-crds/.helmignore new file mode 100644 index 0000000000..0e8a0eb36f --- /dev/null +++ b/deployments/liqo/charts/liqo-crds/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/deployments/liqo/charts/liqo-crds/Chart.yaml b/deployments/liqo/charts/liqo-crds/Chart.yaml new file mode 100644 index 0000000000..dfea5fd4c1 --- /dev/null +++ b/deployments/liqo/charts/liqo-crds/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: liqo-crds +description: A Helm chart for Liqo, contains the CRDs + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 diff --git a/deployments/liqo/crds/discovery.liqo.io_foreignclusters.yaml b/deployments/liqo/charts/liqo-crds/crds/discovery.liqo.io_foreignclusters.yaml similarity index 100% rename from deployments/liqo/crds/discovery.liqo.io_foreignclusters.yaml rename to deployments/liqo/charts/liqo-crds/crds/discovery.liqo.io_foreignclusters.yaml diff --git a/deployments/liqo/crds/discovery.liqo.io_resourcerequests.yaml b/deployments/liqo/charts/liqo-crds/crds/discovery.liqo.io_resourcerequests.yaml similarity index 100% rename from deployments/liqo/crds/discovery.liqo.io_resourcerequests.yaml rename to deployments/liqo/charts/liqo-crds/crds/discovery.liqo.io_resourcerequests.yaml diff --git a/deployments/liqo/crds/ipam.liqo.io_ips.yaml b/deployments/liqo/charts/liqo-crds/crds/ipam.liqo.io_ips.yaml similarity index 96% rename from deployments/liqo/crds/ipam.liqo.io_ips.yaml rename to deployments/liqo/charts/liqo-crds/crds/ipam.liqo.io_ips.yaml index 00ddee8198..d78ee90d19 100644 --- a/deployments/liqo/crds/ipam.liqo.io_ips.yaml +++ b/deployments/liqo/charts/liqo-crds/crds/ipam.liqo.io_ips.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 name: ips.ipam.liqo.io spec: group: ipam.liqo.io diff --git a/deployments/liqo/crds/ipam.liqo.io_networks.yaml b/deployments/liqo/charts/liqo-crds/crds/ipam.liqo.io_networks.yaml similarity index 96% rename from deployments/liqo/crds/ipam.liqo.io_networks.yaml rename to deployments/liqo/charts/liqo-crds/crds/ipam.liqo.io_networks.yaml index 8e4882c4be..3a9df598e1 100644 --- a/deployments/liqo/crds/ipam.liqo.io_networks.yaml +++ b/deployments/liqo/charts/liqo-crds/crds/ipam.liqo.io_networks.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 name: networks.ipam.liqo.io spec: group: ipam.liqo.io diff --git a/deployments/liqo/crds/net.liqo.io_ipamstorages.yaml b/deployments/liqo/charts/liqo-crds/crds/net.liqo.io_ipamstorages.yaml similarity index 100% rename from deployments/liqo/crds/net.liqo.io_ipamstorages.yaml rename to deployments/liqo/charts/liqo-crds/crds/net.liqo.io_ipamstorages.yaml diff --git a/deployments/liqo/crds/net.liqo.io_natmappings.yaml b/deployments/liqo/charts/liqo-crds/crds/net.liqo.io_natmappings.yaml similarity index 100% rename from deployments/liqo/crds/net.liqo.io_natmappings.yaml rename to deployments/liqo/charts/liqo-crds/crds/net.liqo.io_natmappings.yaml diff --git a/deployments/liqo/crds/net.liqo.io_networkconfigs.yaml b/deployments/liqo/charts/liqo-crds/crds/net.liqo.io_networkconfigs.yaml similarity index 100% rename from deployments/liqo/crds/net.liqo.io_networkconfigs.yaml rename to deployments/liqo/charts/liqo-crds/crds/net.liqo.io_networkconfigs.yaml diff --git a/deployments/liqo/crds/net.liqo.io_tunnelendpoints.yaml b/deployments/liqo/charts/liqo-crds/crds/net.liqo.io_tunnelendpoints.yaml similarity index 100% rename from deployments/liqo/crds/net.liqo.io_tunnelendpoints.yaml rename to deployments/liqo/charts/liqo-crds/crds/net.liqo.io_tunnelendpoints.yaml diff --git a/deployments/liqo/crds/networking.liqo.io_configurations.yaml b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_configurations.yaml similarity index 98% rename from deployments/liqo/crds/networking.liqo.io_configurations.yaml rename to deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_configurations.yaml index aeb0a22994..3beb860377 100644 --- a/deployments/liqo/crds/networking.liqo.io_configurations.yaml +++ b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_configurations.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 name: configurations.networking.liqo.io spec: group: networking.liqo.io diff --git a/deployments/liqo/crds/networking.liqo.io_connections.yaml b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_connections.yaml similarity index 98% rename from deployments/liqo/crds/networking.liqo.io_connections.yaml rename to deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_connections.yaml index f395ca4e25..abf0861514 100644 --- a/deployments/liqo/crds/networking.liqo.io_connections.yaml +++ b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_connections.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 name: connections.networking.liqo.io spec: group: networking.liqo.io diff --git a/deployments/liqo/crds/networking.liqo.io_firewallconfigurations.yaml b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_firewallconfigurations.yaml similarity index 98% rename from deployments/liqo/crds/networking.liqo.io_firewallconfigurations.yaml rename to deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_firewallconfigurations.yaml index 2ec7be1558..b593766be6 100644 --- a/deployments/liqo/crds/networking.liqo.io_firewallconfigurations.yaml +++ b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_firewallconfigurations.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 name: firewallconfigurations.networking.liqo.io spec: group: networking.liqo.io diff --git a/deployments/liqo/crds/networking.liqo.io_gatewayclients.yaml b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_gatewayclients.yaml similarity index 98% rename from deployments/liqo/crds/networking.liqo.io_gatewayclients.yaml rename to deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_gatewayclients.yaml index 9bb781fe46..7f8593bf38 100644 --- a/deployments/liqo/crds/networking.liqo.io_gatewayclients.yaml +++ b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_gatewayclients.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 name: gatewayclients.networking.liqo.io spec: group: networking.liqo.io diff --git a/deployments/liqo/crds/networking.liqo.io_gatewayservers.yaml b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_gatewayservers.yaml similarity index 99% rename from deployments/liqo/crds/networking.liqo.io_gatewayservers.yaml rename to deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_gatewayservers.yaml index 1d13ceaba8..0b73a9b025 100644 --- a/deployments/liqo/crds/networking.liqo.io_gatewayservers.yaml +++ b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_gatewayservers.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 name: gatewayservers.networking.liqo.io spec: group: networking.liqo.io diff --git a/deployments/liqo/crds/networking.liqo.io_publickeys.yaml b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_publickeys.yaml similarity index 95% rename from deployments/liqo/crds/networking.liqo.io_publickeys.yaml rename to deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_publickeys.yaml index e154607247..6549afa6c2 100644 --- a/deployments/liqo/crds/networking.liqo.io_publickeys.yaml +++ b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_publickeys.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 name: publickeys.networking.liqo.io spec: group: networking.liqo.io diff --git a/deployments/liqo/crds/networking.liqo.io_wggatewayclients.yaml b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_wggatewayclients.yaml similarity index 99% rename from deployments/liqo/crds/networking.liqo.io_wggatewayclients.yaml rename to deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_wggatewayclients.yaml index 2e2bb88f26..d6ecfba619 100644 --- a/deployments/liqo/crds/networking.liqo.io_wggatewayclients.yaml +++ b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_wggatewayclients.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 name: wggatewayclients.networking.liqo.io spec: group: networking.liqo.io diff --git a/deployments/liqo/crds/networking.liqo.io_wggatewayclienttemplates.yaml b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_wggatewayclienttemplates.yaml similarity index 99% rename from deployments/liqo/crds/networking.liqo.io_wggatewayclienttemplates.yaml rename to deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_wggatewayclienttemplates.yaml index 0e307758dc..f36ca087d0 100644 --- a/deployments/liqo/crds/networking.liqo.io_wggatewayclienttemplates.yaml +++ b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_wggatewayclienttemplates.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 name: wggatewayclienttemplates.networking.liqo.io spec: group: networking.liqo.io diff --git a/deployments/liqo/crds/networking.liqo.io_wggatewayservers.yaml b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_wggatewayservers.yaml similarity index 99% rename from deployments/liqo/crds/networking.liqo.io_wggatewayservers.yaml rename to deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_wggatewayservers.yaml index 6f2b4b62a7..77d8105c15 100644 --- a/deployments/liqo/crds/networking.liqo.io_wggatewayservers.yaml +++ b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_wggatewayservers.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 name: wggatewayservers.networking.liqo.io spec: group: networking.liqo.io diff --git a/deployments/liqo/crds/networking.liqo.io_wggatewayservertemplates.yaml b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_wggatewayservertemplates.yaml similarity index 99% rename from deployments/liqo/crds/networking.liqo.io_wggatewayservertemplates.yaml rename to deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_wggatewayservertemplates.yaml index 237335b019..4122a69574 100644 --- a/deployments/liqo/crds/networking.liqo.io_wggatewayservertemplates.yaml +++ b/deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_wggatewayservertemplates.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 name: wggatewayservertemplates.networking.liqo.io spec: group: networking.liqo.io diff --git a/deployments/liqo/crds/offloading.liqo.io_namespaceoffloadings.yaml b/deployments/liqo/charts/liqo-crds/crds/offloading.liqo.io_namespaceoffloadings.yaml similarity index 100% rename from deployments/liqo/crds/offloading.liqo.io_namespaceoffloadings.yaml rename to deployments/liqo/charts/liqo-crds/crds/offloading.liqo.io_namespaceoffloadings.yaml diff --git a/deployments/liqo/crds/sharing.liqo.io_resourceoffers.yaml b/deployments/liqo/charts/liqo-crds/crds/sharing.liqo.io_resourceoffers.yaml similarity index 100% rename from deployments/liqo/crds/sharing.liqo.io_resourceoffers.yaml rename to deployments/liqo/charts/liqo-crds/crds/sharing.liqo.io_resourceoffers.yaml diff --git a/deployments/liqo/crds/virtualkubelet.liqo.io_namespacemaps.yaml b/deployments/liqo/charts/liqo-crds/crds/virtualkubelet.liqo.io_namespacemaps.yaml similarity index 100% rename from deployments/liqo/crds/virtualkubelet.liqo.io_namespacemaps.yaml rename to deployments/liqo/charts/liqo-crds/crds/virtualkubelet.liqo.io_namespacemaps.yaml diff --git a/deployments/liqo/crds/virtualkubelet.liqo.io_shadowendpointslices.yaml b/deployments/liqo/charts/liqo-crds/crds/virtualkubelet.liqo.io_shadowendpointslices.yaml similarity index 100% rename from deployments/liqo/crds/virtualkubelet.liqo.io_shadowendpointslices.yaml rename to deployments/liqo/charts/liqo-crds/crds/virtualkubelet.liqo.io_shadowendpointslices.yaml diff --git a/deployments/liqo/crds/virtualkubelet.liqo.io_shadowpods.yaml b/deployments/liqo/charts/liqo-crds/crds/virtualkubelet.liqo.io_shadowpods.yaml similarity index 100% rename from deployments/liqo/crds/virtualkubelet.liqo.io_shadowpods.yaml rename to deployments/liqo/charts/liqo-crds/crds/virtualkubelet.liqo.io_shadowpods.yaml diff --git a/deployments/liqo/crds/virtualkubelet.liqo.io_virtualnodes.yaml b/deployments/liqo/charts/liqo-crds/crds/virtualkubelet.liqo.io_virtualnodes.yaml similarity index 100% rename from deployments/liqo/crds/virtualkubelet.liqo.io_virtualnodes.yaml rename to deployments/liqo/charts/liqo-crds/crds/virtualkubelet.liqo.io_virtualnodes.yaml diff --git a/deployments/liqo/charts/liqo-crds/values.yaml b/deployments/liqo/charts/liqo-crds/values.yaml new file mode 100644 index 0000000000..c81df98717 --- /dev/null +++ b/deployments/liqo/charts/liqo-crds/values.yaml @@ -0,0 +1,82 @@ +# Default values for liqo-crds. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/pkg/liqo-controller-manager/ip-controller/ip_controller.go b/pkg/liqo-controller-manager/ip-controller/ip_controller.go index 9dae9dc1ec..93259c33f5 100644 --- a/pkg/liqo-controller-manager/ip-controller/ip_controller.go +++ b/pkg/liqo-controller-manager/ip-controller/ip_controller.go @@ -16,7 +16,6 @@ package ipctrl import ( "context" - "slices" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" @@ -29,6 +28,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/reconcile" + "slices" ipamv1alpha1 "github.com/liqotech/liqo/apis/ipam/v1alpha1" "github.com/liqotech/liqo/apis/virtualkubelet/v1alpha1" diff --git a/tmp b/tmp new file mode 100644 index 0000000000..b21aeef2a4 --- /dev/null +++ b/tmp @@ -0,0 +1,3934 @@ +--- +# Source: liqo/templates/liqo-auth-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: liqo-auth + labels: + app.kubernetes.io/name: "auth" + app.kubernetes.io/instance: "liqo-auth" + app.kubernetes.io/component: "discovery" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +--- +# Source: liqo/templates/liqo-controller-manager-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: liqo-controller-manager + labels: + app.kubernetes.io/name: "controller-manager" + app.kubernetes.io/instance: "liqo-controller-manager" + app.kubernetes.io/component: "controller-manager" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +--- +# Source: liqo/templates/liqo-crd-replicator-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: liqo-crd-replicator + labels: + app.kubernetes.io/name: "crd-replicator" + app.kubernetes.io/instance: "liqo-crd-replicator" + app.kubernetes.io/component: "dispatcher" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +--- +# Source: liqo/templates/liqo-gateway-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: liqo-gateway + labels: + app.kubernetes.io/name: "gateway" + app.kubernetes.io/instance: "liqo-gateway" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +--- +# Source: liqo/templates/liqo-metric-agent-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: liqo-metric-agent + labels: + app.kubernetes.io/name: "metric-agent" + app.kubernetes.io/instance: "liqo-metric-agent" + app.kubernetes.io/component: "metrics" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +--- +# Source: liqo/templates/liqo-network-manager-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: liqo-network-manager + labels: + app.kubernetes.io/name: "network-manager" + app.kubernetes.io/instance: "liqo-network-manager" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +--- +# Source: liqo/templates/liqo-route-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: liqo-route + labels: + app.kubernetes.io/name: "route" + app.kubernetes.io/instance: "liqo-route" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +--- +# Source: liqo/templates/liqo-telemetry-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: liqo-telemetry + labels: + app.kubernetes.io/name: "telemetry" + app.kubernetes.io/instance: "liqo-telemetry" + app.kubernetes.io/component: "telemetry" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +--- +# Source: liqo/templates/liqo-clusterid-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: "clusterid-configmap" + app.kubernetes.io/instance: "liqo-clusterid-configmap" + app.kubernetes.io/component: "clusterid-configmap" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + name: liqo-clusterid-configmap +data: + CLUSTER_ID: 328edb70-711b-43e4-a543-bf8b3b1f745c + CLUSTER_NAME: aaa +--- +# Source: liqo/templates/liqo-proxy-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: liqo-proxy + labels: + app.kubernetes.io/name: "proxy" + app.kubernetes.io/instance: "liqo-proxy" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +data: + config: | + admin: + address: + socket_address: + protocol: TCP + address: 0.0.0.0 + port_value: 9901 + static_resources: + listeners: + - name: listener_http + address: + socket_address: + protocol: TCP + address: 0.0.0.0 + port_value: 8118 + access_log: + name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/stdout + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: ingress_http + route_config: + name: local_route + virtual_hosts: + - name: local_service + domains: + - "*" + routes: + - match: + connect_matcher: + {} + route: + cluster: api_server + upgrade_configs: + - upgrade_type: CONNECT + connect_config: + {} + http_filters: + - name: envoy.filters.http.router + clusters: + - name: api_server + connect_timeout: 1.25s + type: STRICT_DNS + respect_dns_ttl: true + dns_lookup_family: V4_ONLY + dns_refresh_rate: 300s + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: api_server + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: kubernetes.default + port_value: 443 +--- +# Source: liqo/templates/liqo-storage-class.yaml +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: liqo +provisioner: liqo.io/storage +volumeBindingMode: WaitForFirstConsumer +--- +# Source: liqo/templates/liqo-auth-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: liqo-auth + labels: + app.kubernetes.io/name: "auth" + app.kubernetes.io/instance: "liqo-auth" + app.kubernetes.io/component: "discovery" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - create + - get + - list + - watch +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests/approval + verbs: + - update +- apiGroups: + - certificates.k8s.io + resources: + - signers + verbs: + - approve +- apiGroups: + - "" + resourceNames: + - aws-auth + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - delete + - deletecollection + - get + - patch + - update +--- +# Source: liqo/templates/liqo-controller-manager-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: liqo-controller-manager + labels: + app.kubernetes.io/name: "controller-manager" + app.kubernetes.io/instance: "liqo-controller-manager" + app.kubernetes.io/component: "controller-manager" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - get + - list + - watch +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests/approval + verbs: + - update +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests/status + verbs: + - update +- apiGroups: + - certificates.k8s.io + resourceNames: + - beta.eks.amazonaws.com/app-serving + resources: + - signers + verbs: + - approve +- apiGroups: + - certificates.k8s.io + resourceNames: + - kubernetes.io/kubelet-serving + resources: + - signers + verbs: + - approve +- apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - discovery.liqo.io + resources: + - foreignclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - discovery.liqo.io + resources: + - foreignclusters/finalizers + verbs: + - get + - patch + - update +- apiGroups: + - discovery.liqo.io + resources: + - foreignclusters/finalizers + - foreignclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - discovery.liqo.io + resources: + - foreignclusters/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - discovery.liqo.io + resources: + - resourcerequests + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - discovery.liqo.io + resources: + - resourcerequests/finalizers + verbs: + - get + - patch + - update +- apiGroups: + - discovery.liqo.io + resources: + - resourcerequests/finalizers + - resourcerequests/status + verbs: + - get + - patch + - update +- apiGroups: + - discovery.liqo.io + resources: + - resourcerequests/status + verbs: + - create + - delete + - deletecollection + - list + - watch +- apiGroups: + - ipam.liqo.io + resources: + - ips + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ipam.liqo.io + resources: + - ips/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ipam.liqo.io + resources: + - ips/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ipam.liqo.io + resources: + - networks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ipam.liqo.io + resources: + - networks/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ipam.liqo.io + resources: + - networks/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - metrics.liqo.io + resources: + - scrape + - scrape/metrics + verbs: + - get +- apiGroups: + - net.liqo.io + resources: + - networkconfigs + verbs: + - '*' +- apiGroups: + - net.liqo.io + resources: + - networkconfigs/status + verbs: + - '*' +- apiGroups: + - net.liqo.io + resources: + - tunnelendpoints + verbs: + - get + - list + - watch +- apiGroups: + - net.liqo.io + resources: + - tunnelendpoints/status + verbs: + - get + - update + - watch +- apiGroups: + - offloading.liqo.io + resources: + - namespaceoffloadings + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - offloading.liqo.io + resources: + - namespaceoffloadings/finalizers + verbs: + - get + - patch + - update +- apiGroups: + - offloading.liqo.io + resources: + - namespaceoffloadings/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - sharing.liqo.io + resources: + - resourceoffers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - sharing.liqo.io + resources: + - resourceoffers/finalizers + verbs: + - get + - patch + - update +- apiGroups: + - sharing.liqo.io + resources: + - resourceoffers/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - virtualkubelet.liqo.io + resources: + - namespacemaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - virtualkubelet.liqo.io + resources: + - namespacemaps/finalizers + verbs: + - get + - patch + - update +- apiGroups: + - virtualkubelet.liqo.io + resources: + - shadowendpointslices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - virtualkubelet.liqo.io + resources: + - shadowpods + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - virtualkubelet.liqo.io + resources: + - shadowpods/finalizers + verbs: + - get + - patch + - update +- apiGroups: + - virtualkubelet.liqo.io + resources: + - shadowpods/status + verbs: + - get + - patch + - update +- apiGroups: + - virtualkubelet.liqo.io + resources: + - virtualnode + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - virtualkubelet.liqo.io + resources: + - virtualnodes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - virtualkubelet.liqo.io + resources: + - virtualnodes/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - virtualkubelet.liqo.io + resources: + - virtualnodes/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +# Source: liqo/templates/liqo-crd-replicator-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: liqo-crd-replicator + labels: + app.kubernetes.io/name: "crd-replicator" + app.kubernetes.io/instance: "liqo-crd-replicator" + app.kubernetes.io/component: "dispatcher" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - discovery.liqo.io + resources: + - foreignclusters + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - discovery.liqo.io + resources: + - foreignclusters/status + verbs: + - get +--- +# Source: liqo/templates/liqo-gateway-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: liqo-gateway + labels: + app.kubernetes.io/name: "gateway" + app.kubernetes.io/instance: "liqo-gateway" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - list + - patch + - update + - watch +- apiGroups: + - net.liqo.io + resources: + - natmappings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - net.liqo.io + resources: + - tunnelendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - net.liqo.io + resources: + - tunnelendpoints/status + verbs: + - get + - patch + - update +--- +# Source: liqo/templates/liqo-metric-agent-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: liqo-metric-agent + labels: + app.kubernetes.io/name: "metric-agent" + app.kubernetes.io/instance: "liqo-metric-agent" + app.kubernetes.io/component: "metrics" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +rules: +- apiGroups: + - "" + resources: + - namespaces + - nodes + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes/proxy + verbs: + - get +--- +# Source: liqo/templates/liqo-network-manager-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: liqo-network-manager + labels: + app.kubernetes.io/name: "network-manager" + app.kubernetes.io/instance: "liqo-network-manager" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - discovery.liqo.io + resources: + - foreignclusters + verbs: + - get + - list + - watch +- apiGroups: + - discovery.liqo.io + resources: + - foreignclusters/finalizers + - foreignclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - net.liqo.io + resources: + - ipamstorages + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - net.liqo.io + resources: + - natmappings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - net.liqo.io + resources: + - networkconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - net.liqo.io + resources: + - networkconfigs/status + verbs: + - get + - patch + - update +- apiGroups: + - net.liqo.io + resources: + - tunnelendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.liqo.io + resources: + - configuration + verbs: + - get + - list + - update + - watch +--- +# Source: liqo/templates/liqo-remote-peering-rbac.yaml +# to be enabled with the creation of the Tenant Namespace, +# this ClusterRole has the basic permissions to give to a remote cluster +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: liqo-remote-peering-basic + labels: + app.kubernetes.io/name: "remote-peering-basic" + app.kubernetes.io/instance: "liqo-remote-peering-basic" + app.kubernetes.io/component: "discovery" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + # This label is used by the discovery/authentication logic to retrieve the appropriate ClusterRoles. + # In case a change is performed here, the modification must be propagated to the corresponding code definition. + auth.liqo.io/remote-peering-permissions: "basic" +rules: +- apiGroups: + - discovery.liqo.io + resources: + - resourcerequests + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - discovery.liqo.io + resources: + - resourcerequests/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +# Source: liqo/templates/liqo-remote-peering-rbac.yaml +# to be enabled when a ResourceRequest has been accepted, +# this ClusterRole has the permissions required to a remote cluster to manage an outgoing peering (incoming for the local cluster), +# when the Pods will be offloaded to the local cluster +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: liqo-remote-peering-incoming + labels: + app.kubernetes.io/name: "remote-peering-incoming" + app.kubernetes.io/instance: "liqo-remote-peering-incoming" + app.kubernetes.io/component: "discovery" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + # This label is used by the discovery/authentication logic to retrieve the appropriate ClusterRoles. + # In case a change is performed here, the modification must be propagated to the corresponding code definition. + auth.liqo.io/remote-peering-permissions: "incoming" +rules: +- apiGroups: + - net.liqo.io + resources: + - networkconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - net.liqo.io + resources: + - networkconfigs/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - virtualkubelet.liqo.io + resources: + - namespacemaps + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - virtualkubelet.liqo.io + resources: + - namespacemaps/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +# Source: liqo/templates/liqo-remote-peering-rbac.yaml +# to be enabled when we send a ResourceRequest, +# this ClusterRole has the permissions required to a remote cluster to manage an incoming peering (outgoing for the local cluster), +# when the Pods will be offloaded from the local cluster +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: liqo-remote-peering-outgoing + labels: + app.kubernetes.io/name: "remote-peering-outgoing" + app.kubernetes.io/instance: "liqo-remote-peering-outgoing" + app.kubernetes.io/component: "discovery" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + # This label is used by the discovery/authentication logic to retrieve the appropriate ClusterRoles. + # In case a change is performed here, the modification must be propagated to the corresponding code definition. + auth.liqo.io/remote-peering-permissions: "outgoing" +rules: +- apiGroups: + - net.liqo.io + resources: + - networkconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - net.liqo.io + resources: + - networkconfigs/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - sharing.liqo.io + resources: + - resourceoffers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - sharing.liqo.io + resources: + - resourceoffers/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +# Source: liqo/templates/liqo-route-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: liqo-route + labels: + app.kubernetes.io/name: "route" + app.kubernetes.io/instance: "liqo-route" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - net.liqo.io + resources: + - tunnelendpoints + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - net.liqo.io + resources: + - tunnelendpoints/status + verbs: + - get + - patch + - update +--- +# Source: liqo/templates/liqo-telemetry-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: liqo-telemetry + labels: + app.kubernetes.io/name: "telemetry" + app.kubernetes.io/instance: "liqo-telemetry" + app.kubernetes.io/component: "telemetry" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +rules: +- apiGroups: + - "" + resources: + - configmaps + - nodes + - pods + verbs: + - get + - list + - watch +- apiGroups: + - discovery.liqo.io + resources: + - foreignclusters + verbs: + - get + - list + - watch +- apiGroups: + - net.liqo.io + resources: + - tunnelendpoints + verbs: + - get + - list + - watch +- apiGroups: + - offloading.liqo.io + resources: + - namespaceoffloadings + verbs: + - get + - list + - watch +- apiGroups: + - sharing.liqo.io + resources: + - resourceoffers + verbs: + - get + - list + - watch +- apiGroups: + - virtualkubelet.liqo.io + resources: + - virtualnodes + verbs: + - get + - list + - watch +--- +# Source: liqo/templates/liqo-virtual-kubelet-local.yaml +# to be enabled with the creation of the Tenant Namespace, +# this ClusterRole has the basic permissions to give to a remote cluster +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: liqo-virtual-kubelet-local + labels: + app.kubernetes.io/name: "virtual-kubelet-local" + app.kubernetes.io/instance: "liqo-virtual-kubelet-local" + app.kubernetes.io/component: "virtualkubelet" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - create + - get + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - update +- apiGroups: + - "" + resources: + - configmaps + - secrets + - services + - services/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + - nodes/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create +- apiGroups: + - "" + resources: + - pods/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - patch + - update +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - discovery.liqo.io + resources: + - foreignclusters + verbs: + - get + - list + - watch +- apiGroups: + - discovery.liqo.io + resources: + - foreignclusters/status + verbs: + - get + - list + - watch +- apiGroups: + - net.liqo.io + resources: + - tunnelendpoints + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - virtualkubelet.liqo.io + resources: + - namespacemaps + - virtualnodes + verbs: + - get + - list + - watch +--- +# Source: liqo/templates/liqo-virtual-kubelet-remote.yaml +# to be enabled with the creation of the Tenant Namespace, +# this ClusterRole has the basic permissions to give to a remote cluster +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: liqo-virtual-kubelet-remote + labels: + app.kubernetes.io/name: "virtual-kubelet-remote" + app.kubernetes.io/instance: "liqo-virtual-kubelet-remote" + app.kubernetes.io/component: "virtualkubelet" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods/attach + verbs: + - create +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list +- apiGroups: + - "" + resources: + - pods/portforward + verbs: + - create + - get +- apiGroups: + - metrics.k8s.io + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - virtualkubelet.liqo.io + resources: + - shadowendpointslices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - virtualkubelet.liqo.io + resources: + - shadowpods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +# Source: liqo/templates/liqo-auth-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: liqo-auth + labels: + app.kubernetes.io/name: "auth" + app.kubernetes.io/instance: "liqo-auth" + app.kubernetes.io/component: "discovery" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +subjects: + - kind: ServiceAccount + name: liqo-auth + namespace: liqo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: liqo-auth +--- +# Source: liqo/templates/liqo-controller-manager-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: liqo-controller-manager + labels: + app.kubernetes.io/name: "controller-manager" + app.kubernetes.io/instance: "liqo-controller-manager" + app.kubernetes.io/component: "controller-manager" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +subjects: + - kind: ServiceAccount + name: liqo-controller-manager + namespace: liqo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: liqo-controller-manager +--- +# Source: liqo/templates/liqo-controller-manager-rbac.yaml +# The controller-manager needs to be also granted the local virtual kubelet permissions, +# as it needs to create the necessary cluster role binding associated with the virtual kubelet. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: liqo-controller-manager-grant-virtual-kubelet-local + labels: + app.kubernetes.io/name: "controller-manager" + app.kubernetes.io/instance: "liqo-controller-manager" + app.kubernetes.io/component: "controller-manager" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +subjects: + - kind: ServiceAccount + name: liqo-controller-manager + namespace: liqo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: liqo-virtual-kubelet-local +--- +# Source: liqo/templates/liqo-controller-manager-rbac.yaml +# The controller-manager needs to be also granted the remote virtual kubelet permissions, +# as it needs to create the necessary role binding in reflected namespaces. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: liqo-controller-manager-grant-virtual-kubelet-remote + labels: + app.kubernetes.io/name: "controller-manager" + app.kubernetes.io/instance: "liqo-controller-manager" + app.kubernetes.io/component: "controller-manager" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +subjects: + - kind: ServiceAccount + name: liqo-controller-manager + namespace: liqo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: liqo-virtual-kubelet-remote +--- +# Source: liqo/templates/liqo-crd-replicator-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: liqo-crd-replicator + labels: + app.kubernetes.io/name: "crd-replicator" + app.kubernetes.io/instance: "liqo-crd-replicator" + app.kubernetes.io/component: "dispatcher" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: liqo-crd-replicator +subjects: + - kind: ServiceAccount + name: liqo-crd-replicator + namespace: liqo +--- +# Source: liqo/templates/liqo-gateway-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: liqo-gateway + labels: + app.kubernetes.io/name: "gateway" + app.kubernetes.io/instance: "liqo-gateway" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: liqo-gateway +subjects: + - kind: ServiceAccount + name: liqo-gateway + namespace: liqo +--- +# Source: liqo/templates/liqo-metric-agent-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: liqo-metric-agent + labels: + app.kubernetes.io/name: "metric-agent" + app.kubernetes.io/instance: "liqo-metric-agent" + app.kubernetes.io/component: "metrics" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +subjects: + - kind: ServiceAccount + name: liqo-metric-agent + namespace: liqo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: liqo-metric-agent +--- +# Source: liqo/templates/liqo-network-manager-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: liqo-network-manager + labels: + app.kubernetes.io/name: "network-manager" + app.kubernetes.io/instance: "liqo-network-manager" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: liqo-network-manager +subjects: + - kind: ServiceAccount + name: liqo-network-manager + namespace: liqo +--- +# Source: liqo/templates/liqo-remote-peering-rbac.yaml +# tenant namespace management + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: liqo-remote-peering-basic + labels: + app.kubernetes.io/name: "auth" + app.kubernetes.io/instance: "liqo-auth" + app.kubernetes.io/component: "discovery" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +subjects: + - kind: ServiceAccount + name: liqo-auth + namespace: liqo + - kind: ServiceAccount + name: liqo-controller-manager + namespace: liqo + - kind: ServiceAccount + name: liqo-crd-replicator + namespace: liqo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: liqo-remote-peering-basic +--- +# Source: liqo/templates/liqo-remote-peering-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: liqo-remote-peering-incoming + labels: + app.kubernetes.io/name: "auth" + app.kubernetes.io/instance: "liqo-auth" + app.kubernetes.io/component: "discovery" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +subjects: + - kind: ServiceAccount + name: liqo-auth + namespace: liqo + - kind: ServiceAccount + name: liqo-controller-manager + namespace: liqo + - kind: ServiceAccount + name: liqo-crd-replicator + namespace: liqo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: liqo-remote-peering-incoming +--- +# Source: liqo/templates/liqo-remote-peering-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: liqo-remote-peering-outgoing + labels: + app.kubernetes.io/name: "auth" + app.kubernetes.io/instance: "liqo-auth" + app.kubernetes.io/component: "discovery" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +subjects: + - kind: ServiceAccount + name: liqo-auth + namespace: liqo + - kind: ServiceAccount + name: liqo-controller-manager + namespace: liqo + - kind: ServiceAccount + name: liqo-crd-replicator + namespace: liqo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: liqo-remote-peering-outgoing +--- +# Source: liqo/templates/liqo-route-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: liqo-route + labels: + app.kubernetes.io/name: "route" + app.kubernetes.io/instance: "liqo-route" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: liqo-route +subjects: + - kind: ServiceAccount + name: liqo-route + namespace: liqo +--- +# Source: liqo/templates/liqo-telemetry-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: liqo-telemetry + labels: + app.kubernetes.io/name: "telemetry" + app.kubernetes.io/instance: "liqo-telemetry" + app.kubernetes.io/component: "telemetry" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +subjects: + - kind: ServiceAccount + name: liqo-telemetry + namespace: liqo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: liqo-telemetry +--- +# Source: liqo/templates/liqo-auth-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: liqo-auth + labels: + app.kubernetes.io/name: "auth" + app.kubernetes.io/instance: "liqo-auth" + app.kubernetes.io/component: "discovery" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +# Source: liqo/templates/liqo-controller-manager-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: liqo-controller-manager + labels: + app.kubernetes.io/name: "controller-manager" + app.kubernetes.io/instance: "liqo-controller-manager" + app.kubernetes.io/component: "controller-manager" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +--- +# Source: liqo/templates/liqo-crd-replicator-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: liqo-crd-replicator + labels: + app.kubernetes.io/name: "crd-replicator" + app.kubernetes.io/instance: "liqo-crd-replicator" + app.kubernetes.io/component: "dispatcher" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +--- +# Source: liqo/templates/liqo-gateway-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: liqo-gateway + labels: + app.kubernetes.io/name: "gateway" + app.kubernetes.io/instance: "liqo-gateway" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +# Source: liqo/templates/liqo-network-manager-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: liqo-network-manager + labels: + app.kubernetes.io/name: "network-manager" + app.kubernetes.io/instance: "liqo-network-manager" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +--- +# Source: liqo/templates/liqo-route-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: liqo-route + labels: + app.kubernetes.io/name: "route" + app.kubernetes.io/instance: "liqo-route" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - patch + - update + - watch +--- +# Source: liqo/templates/liqo-auth-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: liqo-auth + labels: + app.kubernetes.io/name: "auth" + app.kubernetes.io/instance: "liqo-auth" + app.kubernetes.io/component: "discovery" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +subjects: + - kind: ServiceAccount + name: liqo-auth + namespace: liqo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: liqo-auth +--- +# Source: liqo/templates/liqo-controller-manager-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: liqo-controller-manager + labels: + app.kubernetes.io/name: "controller-manager" + app.kubernetes.io/instance: "liqo-controller-manager" + app.kubernetes.io/component: "controller-manager" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: liqo-controller-manager +subjects: + - kind: ServiceAccount + name: liqo-controller-manager + namespace: liqo +--- +# Source: liqo/templates/liqo-crd-replicator-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: liqo-crd-replicator + labels: + app.kubernetes.io/name: "crd-replicator" + app.kubernetes.io/instance: "liqo-crd-replicator" + app.kubernetes.io/component: "dispatcher" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: liqo-crd-replicator +subjects: + - kind: ServiceAccount + name: liqo-crd-replicator + namespace: liqo +--- +# Source: liqo/templates/liqo-gateway-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: liqo-gateway + labels: + app.kubernetes.io/name: "gateway" + app.kubernetes.io/instance: "liqo-gateway" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: liqo-gateway +subjects: + - kind: ServiceAccount + name: liqo-gateway + namespace: liqo +--- +# Source: liqo/templates/liqo-network-manager-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: liqo-network-manager + labels: + app.kubernetes.io/name: "network-manager" + app.kubernetes.io/instance: "liqo-network-manager" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: liqo-network-manager +subjects: + - kind: ServiceAccount + name: liqo-network-manager + namespace: liqo +--- +# Source: liqo/templates/liqo-route-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: liqo-route + labels: + app.kubernetes.io/name: "route" + app.kubernetes.io/instance: "liqo-route" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: liqo-route +subjects: + - kind: ServiceAccount + name: liqo-route + namespace: liqo +--- +# Source: liqo/templates/liqo-auth-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: liqo-auth + labels: + app.kubernetes.io/name: "auth" + app.kubernetes.io/instance: "liqo-auth" + app.kubernetes.io/component: "discovery" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + run: auth-service + annotations: +spec: + type: LoadBalancer + selector: + app.kubernetes.io/name: "auth" + app.kubernetes.io/instance: "liqo-auth" + app.kubernetes.io/component: "discovery" + app.kubernetes.io/part-of: "liqo" + run: auth-service + ports: + - name: https + protocol: TCP + port: 443 + targetPort: 8443 +--- +# Source: liqo/templates/liqo-controller-manager-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: liqo-controller-manager + labels: + app.kubernetes.io/name: "controller-manager" + app.kubernetes.io/instance: "liqo-controller-manager" + app.kubernetes.io/component: "controller-manager" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +spec: + selector: + app.kubernetes.io/name: "controller-manager" + app.kubernetes.io/instance: "liqo-controller-manager" + app.kubernetes.io/component: "controller-manager" + app.kubernetes.io/part-of: "liqo" + type: ClusterIP + ports: + - port: 9443 + targetPort: webhook +--- +# Source: liqo/templates/liqo-gateway-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: liqo-gateway + annotations: + labels: + app.kubernetes.io/name: "gateway" + app.kubernetes.io/instance: "liqo-gateway" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + net.liqo.io/gateway: "true" +spec: + type: LoadBalancer + ports: + - name: wireguard + port: 5871 + targetPort: wireguard + protocol: UDP + selector: + net.liqo.io/gateway: "active" +--- +# Source: liqo/templates/liqo-metric-agent-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: liqo-metric-agent + labels: + app.kubernetes.io/name: "metric-agent" + app.kubernetes.io/instance: "liqo-metric-agent" + app.kubernetes.io/component: "metrics" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + run: metric-agent +spec: + selector: + app.kubernetes.io/name: "metric-agent" + app.kubernetes.io/instance: "liqo-metric-agent" + app.kubernetes.io/component: "metrics" + app.kubernetes.io/part-of: "liqo" + run: metric-agent + ports: + - name: https + protocol: TCP + port: 443 + targetPort: 8443 +--- +# Source: liqo/templates/liqo-network-manager-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: liqo-network-manager + labels: + app.kubernetes.io/name: "network-manager" + app.kubernetes.io/instance: "liqo-network-manager" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +spec: + # This service is made to be consumed within the cluster, in particular by the virtual kubelet + type: ClusterIP + ports: + - name: ipam-api + port: 6000 + protocol: TCP + selector: + app.kubernetes.io/name: "network-manager" + app.kubernetes.io/instance: "liqo-network-manager" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" +--- +# Source: liqo/templates/liqo-proxy-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: liqo-proxy + labels: + app.kubernetes.io/name: "proxy" + app.kubernetes.io/instance: "liqo-proxy" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +spec: + type: ClusterIP + ports: + - name: http + port: 8118 + targetPort: 8118 + protocol: TCP + selector: + app.kubernetes.io/name: "proxy" + app.kubernetes.io/instance: "liqo-proxy" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" +--- +# Source: liqo/templates/liqo-route-daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/name: "route" + app.kubernetes.io/instance: "liqo-route" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + name: liqo-route +spec: + selector: + matchLabels: + app.kubernetes.io/name: "route" + app.kubernetes.io/instance: "liqo-route" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + template: + metadata: + labels: + app.kubernetes.io/name: "route" + app.kubernetes.io/instance: "liqo-route" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + spec: + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + serviceAccountName: liqo-route + containers: + - image: ghcr.io/liqotech/liqonet-ci:aaaa + imagePullPolicy: IfNotPresent + name: route + command: ["/usr/bin/liqonet"] + args: + - --run-as=liqo-route + - --route.vxlan-mtu=1340 + resources: + limits: {} + requests: {} + securityContext: + privileged: true + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: IPTABLES_MODE + value: nf_tables + volumeMounts: + - mountPath: /run/xtables.lock + name: xtables-lock + hostNetwork: true + volumes: + - hostPath: + path: /run/xtables.lock + type: FileOrCreate + name: xtables-lock +--- +# Source: liqo/templates/liqo-auth-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: liqo-auth + labels: + app.kubernetes.io/name: "auth" + app.kubernetes.io/instance: "liqo-auth" + app.kubernetes.io/component: "discovery" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +spec: + selector: + matchLabels: + app.kubernetes.io/name: "auth" + app.kubernetes.io/instance: "liqo-auth" + app.kubernetes.io/component: "discovery" + app.kubernetes.io/part-of: "liqo" + run: auth-service + template: + metadata: + labels: + app.kubernetes.io/name: "auth" + app.kubernetes.io/instance: "liqo-auth" + app.kubernetes.io/component: "discovery" + app.kubernetes.io/part-of: "liqo" + run: auth-service + spec: + securityContext: + + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + serviceAccountName: liqo-auth + initContainers: + - name: cert-creator + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + image: ghcr.io/liqotech/cert-creator-ci:aaaa + volumeMounts: + - mountPath: '/certs' + name: certs + command: [ "/usr/bin/openssl" ] + args: + - req + - -x509 + - -subj + - /C=IT/ST=Turin/O=Liqo + - -nodes + - -days + - "365" + - -newkey + - rsa:4096 + - -keyout + - /certs/key.pem + - -out + - /certs/cert.pem + resources: + limits: {} + requests: {} + containers: + - image: ghcr.io/liqotech/auth-service-ci:aaaa + securityContext: + allowPrivilegeEscalation: false + name: auth + imagePullPolicy: IfNotPresent + command: ["/usr/bin/auth-service"] + args: + - --cluster-id=$(CLUSTER_ID) + - --cluster-name=aaa + - --namespace=$(POD_NAMESPACE) + - --address=:8443 + - --enable-tls + - --enable-authentication=true + env: + - name: CLUSTER_ID + valueFrom: + configMapKeyRef: + name: liqo-clusterid-configmap + key: CLUSTER_ID + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + limits: {} + requests: {} + volumeMounts: + - mountPath: '/certs' + name: certs + volumes: + - name: certs + emptyDir: {} +--- +# Source: liqo/templates/liqo-controller-manager-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: "controller-manager" + app.kubernetes.io/instance: "liqo-controller-manager" + app.kubernetes.io/component: "controller-manager" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + name: liqo-controller-manager +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: "controller-manager" + app.kubernetes.io/instance: "liqo-controller-manager" + app.kubernetes.io/component: "controller-manager" + app.kubernetes.io/part-of: "liqo" + template: + metadata: + labels: + app.kubernetes.io/name: "controller-manager" + app.kubernetes.io/instance: "liqo-controller-manager" + app.kubernetes.io/component: "controller-manager" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + spec: + securityContext: + + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + serviceAccountName: liqo-controller-manager + containers: + - image: ghcr.io/liqotech/liqo-controller-manager-ci:aaaa + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + name: controller-manager + command: ["/usr/bin/liqo-controller-manager"] + args: + - --cluster-id=$(CLUSTER_ID) + - --cluster-name=aaa + - --liqo-namespace=$(POD_NAMESPACE) + - --enable-incoming-peering=true + - --resource-sharing-percentage=30 + - --pod-reflection-workers=10 + - --service-reflection-workers=3 + - --endpointslice-reflection-workers=10 + - --ingress-reflection-workers=3 + - --configmap-reflection-workers=3 + - --secret-reflection-workers=3 + - --serviceaccount-reflection-workers=3 + - --persistentvolumeclaim-reflection-workers=3 + - --event-reflection-workers=3 + - --service-reflection-type=DenyList + - --endpointslice-reflection-type=DenyList + - --ingress-reflection-type=DenyList + - --configmap-reflection-type=DenyList + - --secret-reflection-type=DenyList + - --event-reflection-type=DenyList + - --annotations-not-reflected=cloud.google.com/neg,cloud.google.com/neg-status,kubernetes.digitalocean.com/load-balancer-id,ingress.kubernetes.io/backends,ingress.kubernetes.io/forwarding-rule,ingress.kubernetes.io/target-proxy,ingress.kubernetes.io/url-map,metallb.universe.tf/address-pool,metallb.universe.tf/ip-allocated-from-pool,metallb.universe.tf/loadBalancerIPs + - --kubelet-image=ghcr.io/liqotech/virtual-kubelet-ci:aaaa + - --ipam-server=liqo-network-manager.liqo:6000 + - --auto-join-discovered-clusters=true + - --enable-storage=true + - --webhook-port=9443 + - --virtual-storage-class-name=liqo + - --real-storage-class-name= + - --storage-namespace=liqo-storage + - --kubelet-extra-args=--enable-apiserver-support=true + - --offer-update-threshold-percentage=5 + env: + - name: CLUSTER_ID + valueFrom: + configMapKeyRef: + name: liqo-clusterid-configmap + key: CLUSTER_ID + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + limits: {} + requests: {} + volumeMounts: + - name: webhook-certs + mountPath: /tmp/k8s-webhook-server/serving-certs/ + readOnly: true + ports: + - name: webhook + containerPort: 9443 + protocol: TCP + - name: healthz + containerPort: 8081 + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + volumes: + - name: webhook-certs + secret: + secretName: liqo-webhook-certs + defaultMode: 420 +--- +# Source: liqo/templates/liqo-crd-replicator-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: "crd-replicator" + app.kubernetes.io/instance: "liqo-crd-replicator" + app.kubernetes.io/component: "dispatcher" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + name: liqo-crd-replicator +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: "crd-replicator" + app.kubernetes.io/instance: "liqo-crd-replicator" + app.kubernetes.io/component: "dispatcher" + app.kubernetes.io/part-of: "liqo" + template: + metadata: + labels: + app.kubernetes.io/name: "crd-replicator" + app.kubernetes.io/instance: "liqo-crd-replicator" + app.kubernetes.io/component: "dispatcher" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + spec: + securityContext: + + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + serviceAccountName: liqo-crd-replicator + containers: + - image: ghcr.io/liqotech/crd-replicator-ci:aaaa + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + name: crd-replicator + command: ["/usr/bin/crd-replicator"] + args: + - --cluster-id=$(CLUSTER_ID) + - --cluster-name=$(CLUSTER_NAME) + env: + - name: CLUSTER_ID + valueFrom: + configMapKeyRef: + name: liqo-clusterid-configmap + key: CLUSTER_ID + - name: CLUSTER_NAME + valueFrom: + configMapKeyRef: + name: liqo-clusterid-configmap + key: CLUSTER_NAME + resources: + limits: {} + requests: {} +--- +# Source: liqo/templates/liqo-gateway-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: "gateway" + app.kubernetes.io/instance: "liqo-gateway" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + name: liqo-gateway +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: "gateway" + app.kubernetes.io/instance: "liqo-gateway" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + template: + metadata: + labels: + app.kubernetes.io/name: "gateway" + app.kubernetes.io/instance: "liqo-gateway" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + spec: + serviceAccountName: liqo-gateway + containers: + - image: ghcr.io/liqotech/liqonet-ci:aaaa + imagePullPolicy: IfNotPresent + name: gateway + ports: + - name: wireguard + containerPort: 5871 + protocol: UDP + command: ["/usr/bin/liqonet"] + args: + - --run-as=liqo-gateway + - --gateway.leader-elect=true + - --gateway.mtu=1340 + - --gateway.listening-port=5871 + resources: + limits: {} + requests: {} + securityContext: + privileged: true + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: WIREGUARD_IMPLEMENTATION + value: kernel + - name: IPTABLES_MODE + value: nf_tables + hostNetwork: true +--- +# Source: liqo/templates/liqo-metric-agent-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: liqo-metric-agent + labels: + app.kubernetes.io/name: "metric-agent" + app.kubernetes.io/instance: "liqo-metric-agent" + app.kubernetes.io/component: "metrics" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +spec: + selector: + matchLabels: + app.kubernetes.io/name: "metric-agent" + app.kubernetes.io/instance: "liqo-metric-agent" + app.kubernetes.io/component: "metrics" + app.kubernetes.io/part-of: "liqo" + run: metric-agent + template: + metadata: + labels: + app.kubernetes.io/name: "metric-agent" + app.kubernetes.io/instance: "liqo-metric-agent" + app.kubernetes.io/component: "metrics" + app.kubernetes.io/part-of: "liqo" + run: metric-agent + spec: + securityContext: + + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + serviceAccountName: liqo-metric-agent + initContainers: + - name: cert-creator + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + image: ghcr.io/liqotech/cert-creator-ci:aaaa + volumeMounts: + - mountPath: '/certs' + name: certs + command: [ "/usr/bin/openssl" ] + args: + - req + - -x509 + - -subj + - /C=IT/ST=Turin/O=Liqo + - -nodes + - -days + - "365" + - -newkey + - rsa:4096 + - -keyout + - /certs/key.pem + - -out + - /certs/cert.pem + resources: + limits: {} + requests: {} + containers: + - image: ghcr.io/liqotech/metric-agent-ci:aaaa + securityContext: + allowPrivilegeEscalation: false + name: metric-agent + imagePullPolicy: IfNotPresent + command: ["/usr/bin/metric-agent"] + args: + - --key-path=/certs/key.pem + - --cert-path=/certs/cert.pem + resources: + limits: {} + requests: {} + volumeMounts: + - mountPath: '/certs' + name: certs + volumes: + - name: certs + emptyDir: {} +--- +# Source: liqo/templates/liqo-network-manager-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: liqo-network-manager + labels: + app.kubernetes.io/name: "network-manager" + app.kubernetes.io/instance: "liqo-network-manager" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +spec: + selector: + matchLabels: + app.kubernetes.io/name: "network-manager" + app.kubernetes.io/instance: "liqo-network-manager" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + template: + metadata: + labels: + app.kubernetes.io/name: "network-manager" + app.kubernetes.io/instance: "liqo-network-manager" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + spec: + securityContext: + + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + serviceAccountName: liqo-network-manager + containers: + - image: ghcr.io/liqotech/liqonet-ci:aaaa + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + name: network-manager + command: ["/usr/bin/liqonet"] + ports: + - name: ipam-api + containerPort: 6000 + args: + - --run-as=liqo-network-manager + - --manager.pod-cidr= + - --manager.service-cidr= + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: IPTABLES_MODE + value: nf_tables + resources: + limits: {} + requests: {} +--- +# Source: liqo/templates/liqo-proxy-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: "proxy" + app.kubernetes.io/instance: "liqo-proxy" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + name: liqo-proxy +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: "proxy" + app.kubernetes.io/instance: "liqo-proxy" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + template: + metadata: + labels: + app.kubernetes.io/name: "proxy" + app.kubernetes.io/instance: "liqo-proxy" + app.kubernetes.io/component: "networking" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + spec: + securityContext: + + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + containers: + - image: envoyproxy/envoy:v1.21.0 + imagePullPolicy: IfNotPresent + name: proxy + securityContext: + allowPrivilegeEscalation: false + ports: + - containerPort: 8118 + resources: + limits: {} + requests: {} + volumeMounts: + - mountPath: /etc/envoy/envoy.yaml + name: config-volume + subPath: config + volumes: + - name: config-volume + configMap: + name: liqo-proxy +--- +# Source: liqo/templates/liqo-telemetry-cronjob.yaml +apiVersion: batch/v1 +kind: CronJob +metadata: + labels: + app.kubernetes.io/name: "telemetry" + app.kubernetes.io/instance: "liqo-telemetry" + app.kubernetes.io/component: "telemetry" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + name: liqo-telemetry +spec: + schedule: "31 09 * * *" + concurrencyPolicy: Replace + successfulJobsHistoryLimit: 0 + jobTemplate: + spec: + backoffLimit: 3 + template: + metadata: + labels: + app.kubernetes.io/name: "telemetry" + app.kubernetes.io/instance: "liqo-telemetry" + app.kubernetes.io/component: "telemetry" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + spec: + securityContext: + + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + serviceAccountName: liqo-telemetry + restartPolicy: Never + containers: + - image: ghcr.io/liqotech/telemetry-ci:aaaa + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + name: telemetry + args: + - --liqo-version=aaaa + - --kubernetes-version=v1.26.0 + - --namespace=liqo + resources: + limits: {} + requests: {} +--- +# Source: liqo/templates/liqo-metric-agent-apiservice.yaml +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + name: v1alpha1.metrics.liqo.io + labels: + app.kubernetes.io/name: "metric-agent" + app.kubernetes.io/instance: "liqo-metric-agent" + app.kubernetes.io/component: "metrics" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +spec: + insecureSkipTLSVerify: true + group: metrics.liqo.io + groupPriorityMinimum: 1000 + versionPriority: 15 + service: + name: liqo-metric-agent + namespace: liqo + version: v1alpha1 +--- +# Source: liqo/templates/webhooks/liqo-mutating-webhook.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: liqo-webhook + labels: + app.kubernetes.io/name: "webhook" + app.kubernetes.io/instance: "liqo-webhook" + app.kubernetes.io/component: "webhook" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +webhooks: + - name: pod.mutate.liqo.io + admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: liqo-controller-manager + namespace: liqo + path: "/mutate/pod" + port: 9443 + rules: + - operations: ["CREATE"] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + sideEffects: None + failurePolicy: Fail + namespaceSelector: + matchLabels: + liqo.io/scheduling-enabled: "true" + - name: fc.mutate.liqo.io + admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: liqo-controller-manager + namespace: liqo + path: "/mutate/foreign-cluster" + port: 9443 + rules: + - operations: ["CREATE","UPDATE"] + apiGroups: ["discovery.liqo.io"] + apiVersions: ["v1alpha1"] + resources: ["foreignclusters"] + sideEffects: None + failurePolicy: Fail + - name: virtualnode.mutate.liqo.io + admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: liqo-controller-manager + namespace: liqo + path: "/mutate/virtualnodes" + port: 9443 + rules: + - operations: ["CREATE","UPDATE"] + apiGroups: ["virtualkubelet.liqo.io"] + apiVersions: ["v1alpha1"] + resources: ["virtualnodes"] + sideEffects: None + failurePolicy: Fail +--- +# Source: liqo/templates/webhooks/liqo-validating-webhook.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: liqo-webhook + labels: + app.kubernetes.io/name: "webhook" + app.kubernetes.io/instance: "liqo-webhook" + app.kubernetes.io/component: "webhook" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +webhooks: + - name: fc.validate.liqo.io + admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: liqo-controller-manager + namespace: liqo + path: "/validate/foreign-cluster" + port: 9443 + rules: + - operations: ["UPDATE"] + apiGroups: ["discovery.liqo.io"] + apiVersions: ["v1alpha1"] + resources: ["foreignclusters"] + sideEffects: None + failurePolicy: Fail + - name: nsoff.validate.liqo.io + admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: liqo-controller-manager + namespace: liqo + path: "/validate/namespace-offloading" + port: 9443 + rules: + - operations: ["CREATE", "UPDATE"] + apiGroups: ["offloading.liqo.io"] + apiVersions: ["v1alpha1"] + resources: ["namespaceoffloadings"] + sideEffects: None + failurePolicy: Fail + - name: shadowpod.validate.liqo.io + admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: liqo-controller-manager + namespace: liqo + path: "/validate/shadowpods" + port: 9443 + rules: + - operations: ["CREATE", "UPDATE", "DELETE"] + apiGroups: ["virtualkubelet.liqo.io"] + apiVersions: ["v1alpha1"] + resources: ["shadowpods"] + sideEffects: None + failurePolicy: Fail + - name: network.validate.liqo.io + admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: liqo-controller-manager + namespace: liqo + path: "/validate/networks" + port: 9443 + rules: + - operations: ["CREATE", "UPDATE"] + apiGroups: ["ipam.liqo.io"] + apiVersions: ["v1alpha1"] + resources: ["networks"] + sideEffects: None + failurePolicy: Fail + - name: ip.validate.liqo.io + admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: liqo-controller-manager + namespace: liqo + path: "/validate/ips" + port: 9443 + rules: + - operations: ["CREATE", "UPDATE"] + apiGroups: ["ipam.liqo.io"] + apiVersions: ["v1alpha1"] + resources: ["ips"] + sideEffects: None + failurePolicy: Fail +--- +# Source: liqo/templates/pre-delete-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: liqo-pre-delete + labels: + app.kubernetes.io/name: "pre-delete" + app.kubernetes.io/instance: "liqo-pre-delete" + app.kubernetes.io/component: "pre-delete" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +--- +# Source: liqo/templates/webhooks/job-patch/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: liqo-webhook-certificate-patch + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app.kubernetes.io/name: "webhook-certificate-patch" + app.kubernetes.io/instance: "liqo-webhook-certificate-patch" + app.kubernetes.io/component: "webhook-certificate-patch" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +--- +# Source: liqo/templates/pre-delete-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: liqo-pre-delete + labels: + app.kubernetes.io/name: "pre-delete" + app.kubernetes.io/instance: "liqo-pre-delete" + app.kubernetes.io/component: "pre-delete" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +rules: +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - discovery.liqo.io + resources: + - foreignclusters + verbs: + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - net.liqo.io + resources: + - networkconfigs + verbs: + - get + - list + - watch +- apiGroups: + - net.liqo.io + resources: + - tunnelendpoints + verbs: + - get + - list + - watch +- apiGroups: + - offloading.liqo.io + resources: + - namespaceoffloadings + verbs: + - get + - list + - watch +--- +# Source: liqo/templates/webhooks/job-patch/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: liqo-webhook-certificate-patch + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app.kubernetes.io/name: "webhook-certificate-patch" + app.kubernetes.io/instance: "liqo-webhook-certificate-patch" + app.kubernetes.io/component: "webhook-certificate-patch" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +rules: + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - update +--- +# Source: liqo/templates/pre-delete-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: liqo-pre-delete + labels: + app.kubernetes.io/name: "pre-delete" + app.kubernetes.io/instance: "liqo-pre-delete" + app.kubernetes.io/component: "pre-delete" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +subjects: + - kind: ServiceAccount + name: liqo-pre-delete + namespace: liqo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: liqo-pre-delete +--- +# Source: liqo/templates/webhooks/job-patch/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: liqo-webhook-certificate-patch + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app.kubernetes.io/name: "webhook-certificate-patch" + app.kubernetes.io/instance: "liqo-webhook-certificate-patch" + app.kubernetes.io/component: "webhook-certificate-patch" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: liqo-webhook-certificate-patch +subjects: + - kind: ServiceAccount + name: liqo-webhook-certificate-patch + namespace: "liqo" +--- +# Source: liqo/templates/pre-delete-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: liqo-pre-delete + labels: + app.kubernetes.io/name: "pre-delete" + app.kubernetes.io/instance: "liqo-pre-delete" + app.kubernetes.io/component: "pre-delete" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +--- +# Source: liqo/templates/webhooks/job-patch/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: liqo-webhook-certificate-patch + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app.kubernetes.io/name: "webhook-certificate-patch" + app.kubernetes.io/instance: "liqo-webhook-certificate-patch" + app.kubernetes.io/component: "webhook-certificate-patch" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +--- +# Source: liqo/templates/webhooks/job-patch/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: liqo-webhook-certificate-patch + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app.kubernetes.io/name: "webhook-certificate-patch" + app.kubernetes.io/instance: "liqo-webhook-certificate-patch" + app.kubernetes.io/component: "webhook-certificate-patch" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: liqo-webhook-certificate-patch +subjects: + - kind: ServiceAccount + name: liqo-webhook-certificate-patch + namespace: "liqo" +--- +# Source: liqo/templates/pre-delete-job.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: liqo-pre-delete + labels: + app.kubernetes.io/name: "pre-delete" + app.kubernetes.io/instance: "liqo-pre-delete" + app.kubernetes.io/component: "pre-delete" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + template: + metadata: + name: liqo-pre-delete + labels: + app.kubernetes.io/name: "pre-delete" + app.kubernetes.io/instance: "liqo-pre-delete" + app.kubernetes.io/component: "pre-delete" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + spec: + securityContext: + + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + restartPolicy: Never + serviceAccountName: liqo-pre-delete + containers: + - name: pre-delete-job + image: ghcr.io/liqotech/uninstaller-ci:aaaa + securityContext: + allowPrivilegeEscalation: false + command: ["/usr/bin/uninstaller"] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + limits: {} + requests: {} +--- +# Source: liqo/templates/webhooks/job-patch/job-create-secret.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: liqo-webhook-certificate-patch-pre + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app.kubernetes.io/name: "webhook-certificate-patch-pre" + app.kubernetes.io/instance: "liqo-webhook-certificate-patch-pre" + app.kubernetes.io/component: "webhook-certificate-patch" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +spec: + ttlSecondsAfterFinished: 150 + template: + metadata: + name: liqo-webhook-certificate-patch-pre + labels: + app.kubernetes.io/name: "webhook-certificate-patch-pre" + app.kubernetes.io/instance: "liqo-webhook-certificate-patch-pre" + app.kubernetes.io/component: "webhook-certificate-patch" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + spec: + containers: + - name: create + image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1 + imagePullPolicy: IfNotPresent + args: + - create + - --host=liqo-controller-manager,liqo-controller-manager.liqo,liqo-controller-manager.liqo.svc,liqo-controller-manager.liqo.svc.cluster.local + - --namespace=liqo + - --secret-name=liqo-webhook-certs + - --cert-name=tls.crt + - --key-name=tls.key + securityContext: + allowPrivilegeEscalation: false + restartPolicy: OnFailure + serviceAccountName: liqo-webhook-certificate-patch + securityContext: + + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 +--- +# Source: liqo/templates/webhooks/job-patch/job-patch-webhook.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: liqo-webhook-certificate-patch-post + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app.kubernetes.io/name: "webhook-certificate-patch-post" + app.kubernetes.io/instance: "liqo-webhook-certificate-patch-post" + app.kubernetes.io/component: "webhook-certificate-patch" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" +spec: + ttlSecondsAfterFinished: 150 + template: + metadata: + name: liqo-webhook-certificate-patch-post + labels: + app.kubernetes.io/name: "webhook-certificate-patch-post" + app.kubernetes.io/instance: "liqo-webhook-certificate-patch-post" + app.kubernetes.io/component: "webhook-certificate-patch" + app.kubernetes.io/part-of: "liqo" + helm.sh/chart: "liqo-aaaa" + app.kubernetes.io/version: "aaaa" + app.kubernetes.io/managed-by: "Helm" + spec: + containers: + - name: create + image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1 + imagePullPolicy: IfNotPresent + args: + - patch + - --webhook-name=liqo-webhook + - --namespace=liqo + - --secret-name=liqo-webhook-certs + securityContext: + allowPrivilegeEscalation: false + restartPolicy: OnFailure + serviceAccountName: liqo-webhook-certificate-patch + securityContext: + + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000