From 596d1a993d32a73cc35439e10aa667fb596a62f1 Mon Sep 17 00:00:00 2001 From: Xiaodong Ye Date: Thu, 23 Nov 2023 19:47:07 +0800 Subject: [PATCH] Update README.md Signed-off-by: Xiaodong Ye --- Makefile | 5 + README.md | 4 +- deploy/manifests.yaml | 438 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 446 insertions(+), 1 deletion(-) create mode 100644 deploy/manifests.yaml diff --git a/Makefile b/Makefile index bf45726..c3c3bff 100644 --- a/Makefile +++ b/Makefile @@ -119,6 +119,11 @@ deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/c cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} $(KUSTOMIZE) build config/default | kubectl apply -f - +.PHONY: deploy-dry-run +deploy-dry-run: kustomize ## Dry run deploy (generate YAML file instead) + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default --output deploy/manifests.yaml + .PHONY: undeploy undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. $(KUSTOMIZE) build config/default | kubectl delete -f - diff --git a/README.md b/README.md index f25a7e5..b970e70 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # vCluster Operator -[![License](https://img.shields.io/github/license/openloft/vcluster-operator?logo=github)](https://opensource.org/license/mit/) [![Makefile CI](https://github.com/openloft/vcluster-operator/actions/workflows/makefile.yml/badge.svg)](https://github.com/openloft/vcluster-operator/actions/workflows/makefile.yml) +[![License](https://img.shields.io/github/license/openloft/vcluster-operator?logo=github)](https://opensource.org/license/mit/) [![Makefile CI](https://github.com/openloft/vcluster-operator/actions/workflows/makefile.yml/badge.svg)](https://github.com/openloft/vcluster-operator/actions/workflows/makefile.yml) GitHub last commit (branch) ---- + +See [openloft](https://github.com/openloft/openloft/) for more information. \ No newline at end of file diff --git a/deploy/manifests.yaml b/deploy/manifests.yaml new file mode 100644 index 0000000..6a4fd7e --- /dev/null +++ b/deploy/manifests.yaml @@ -0,0 +1,438 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: vcluster-operator + app.kubernetes.io/instance: system + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: namespace + app.kubernetes.io/part-of: vcluster-operator + control-plane: controller-manager + name: openloft-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: virtualclusters.storage.openloft.cn +spec: + group: storage.openloft.cn + names: + kind: VirtualCluster + listKind: VirtualClusterList + plural: virtualclusters + singular: virtualcluster + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: VirtualCluster is the Schema for the virtualclusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of VirtualCluster + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of VirtualCluster + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: vcluster-operator + app.kubernetes.io/instance: controller-manager-sa + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: serviceaccount + app.kubernetes.io/part-of: vcluster-operator + name: vcluster-operator-controller-manager + namespace: openloft-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: vcluster-operator + app.kubernetes.io/instance: leader-election-role + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: role + app.kubernetes.io/part-of: vcluster-operator + name: vcluster-operator-leader-election-role + namespace: openloft-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: vcluster-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - '*' +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - storage.openloft.cn + resources: + - virtualclusters + - virtualclusters/status + - virtualclusters/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + - serviceaccounts + - services + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - '*' +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + - ingressclasses + verbs: + - create + - delete + - patch + - update + - get + - list + - watch +- apiGroups: + - "" + resources: + - limitranges + - resourcequotas + verbs: + - create + - delete + - patch + - update + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - create + - delete + - patch + - update + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: vcluster-operator + app.kubernetes.io/instance: metrics-reader + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: vcluster-operator + name: vcluster-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: vcluster-operator + app.kubernetes.io/instance: proxy-role + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: vcluster-operator + name: vcluster-operator-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: vcluster-operator + app.kubernetes.io/instance: leader-election-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: rolebinding + app.kubernetes.io/part-of: vcluster-operator + name: vcluster-operator-leader-election-rolebinding + namespace: openloft-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: vcluster-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: vcluster-operator-controller-manager + namespace: openloft-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: vcluster-operator + app.kubernetes.io/instance: manager-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/part-of: vcluster-operator + name: vcluster-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: vcluster-operator-manager-role +subjects: +- kind: ServiceAccount + name: vcluster-operator-controller-manager + namespace: openloft-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: vcluster-operator + app.kubernetes.io/instance: proxy-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/part-of: vcluster-operator + name: vcluster-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: vcluster-operator-proxy-role +subjects: +- kind: ServiceAccount + name: vcluster-operator-controller-manager + namespace: openloft-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: vcluster-operator + app.kubernetes.io/instance: controller-manager-metrics-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: vcluster-operator + control-plane: controller-manager + name: vcluster-operator-controller-manager-metrics-service + namespace: openloft-system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: vcluster-operator + app.kubernetes.io/instance: controller-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: deployment + app.kubernetes.io/part-of: vcluster-operator + control-plane: controller-manager + name: vcluster-operator-controller-manager + namespace: openloft-system +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - ppc64le + - s390x + - key: kubernetes.io/os + operator: In + values: + - linux + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --leader-election-id=vcluster-operator + image: ghcr.io/openloft/vcluster-operator:latest + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: vcluster-operator-controller-manager + terminationGracePeriodSeconds: 10