From 28647f5aff465cc5947466e3d5c2efd0edf49758 Mon Sep 17 00:00:00 2001 From: weixiao-huang Date: Sat, 20 Aug 2022 00:14:19 +0800 Subject: [PATCH 01/14] feat(deploy): add virtink helm chart --- deploy/helm/virtink/.helmignore | 23 ++++ deploy/helm/virtink/Chart.yaml | 6 + deploy/helm/virtink/templates/_helpers.tpl | 63 ++++++++++ .../templates/virt-controller/cert.yaml | 20 +++ .../templates/virt-controller/deployment.yaml | 59 +++++++++ .../templates/virt-controller/manifests.yaml | 57 +++++++++ .../templates/virt-controller/rbac.yaml | 118 ++++++++++++++++++ .../templates/virt-controller/service.yaml | 15 +++ .../templates/virt-daemon/daemonset.yaml | 46 +++++++ .../virtink/templates/virt-daemon/rbac.yaml | 66 ++++++++++ deploy/helm/virtink/values.yaml | 76 +++++++++++ 11 files changed, 549 insertions(+) create mode 100644 deploy/helm/virtink/.helmignore create mode 100644 deploy/helm/virtink/Chart.yaml create mode 100644 deploy/helm/virtink/templates/_helpers.tpl create mode 100644 deploy/helm/virtink/templates/virt-controller/cert.yaml create mode 100644 deploy/helm/virtink/templates/virt-controller/deployment.yaml create mode 100644 deploy/helm/virtink/templates/virt-controller/manifests.yaml create mode 100644 deploy/helm/virtink/templates/virt-controller/rbac.yaml create mode 100644 deploy/helm/virtink/templates/virt-controller/service.yaml create mode 100644 deploy/helm/virtink/templates/virt-daemon/daemonset.yaml create mode 100644 deploy/helm/virtink/templates/virt-daemon/rbac.yaml create mode 100644 deploy/helm/virtink/values.yaml diff --git a/deploy/helm/virtink/.helmignore b/deploy/helm/virtink/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/deploy/helm/virtink/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/deploy/helm/virtink/Chart.yaml b/deploy/helm/virtink/Chart.yaml new file mode 100644 index 0000000..d859cc0 --- /dev/null +++ b/deploy/helm/virtink/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: virtink +description: A helm chart for installing virtink +type: application +version: 0.9.0 +appVersion: "1.16.0" diff --git a/deploy/helm/virtink/templates/_helpers.tpl b/deploy/helm/virtink/templates/_helpers.tpl new file mode 100644 index 0000000..a6e7252 --- /dev/null +++ b/deploy/helm/virtink/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "virtink.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "virtink.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "virtink.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "virtink.labels" -}} +helm.sh/chart: {{ include "virtink.chart" . }} +{{ include "virtink.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "virtink.selectorLabels" -}} +app.kubernetes.io/name: {{ include "virtink.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "virtink.image" -}} +{{- $registryName := .registry -}} +{{- $repositoryName := .repository -}} +{{- $tag := .tag | toString -}} +{{- $digest := .digest | toString -}} +{{- if $digest }} + {{- printf "%s/%s@%s" $registryName $repositoryName $digest -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} diff --git a/deploy/helm/virtink/templates/virt-controller/cert.yaml b/deploy/helm/virtink/templates/virt-controller/cert.yaml new file mode 100644 index 0000000..273a9cc --- /dev/null +++ b/deploy/helm/virtink/templates/virt-controller/cert.yaml @@ -0,0 +1,20 @@ +{{- $service := .Values.virtController }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ $service.name }}-cert +spec: + issuerRef: + kind: Issuer + name: {{ $service.name }}-cert-issuer + dnsNames: + - {{ $service.name }}.{{ .Release.Namespace }}.svc + - {{ $service.name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + secretName: {{ $service.name }}-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ $service.name }}-cert-issuer +spec: + selfSigned: {} diff --git a/deploy/helm/virtink/templates/virt-controller/deployment.yaml b/deploy/helm/virtink/templates/virt-controller/deployment.yaml new file mode 100644 index 0000000..2e69050 --- /dev/null +++ b/deploy/helm/virtink/templates/virt-controller/deployment.yaml @@ -0,0 +1,59 @@ +{{- $service := .Values.virtController }} +{{- $image := merge $service.image .Values.image }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $service.name }} + labels: + {{- include "virtink.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ $service.name }} +spec: + selector: + matchLabels: + {{- include "virtink.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: {{ $service.name }} + template: + metadata: + {{- with $service.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "virtink.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: {{ $service.name }} + spec: + serviceAccountName: {{ $service.name }} + securityContext: + {{- toYaml $service.podSecurityContext | nindent 8 }} + containers: + - name: {{ $service.name }} + image: {{ include "virtink.image" $image }} + imagePullPolicy: {{ $image.pullPolicy }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + args: + - --zap-time-encoding=iso8601 + - --leader-elect + volumeMounts: + - name: cert + mountPath: /tmp/k8s-webhook-server/serving-certs + readOnly: true + resources: + {{- toYaml .Values.virtController.resources | nindent 12 }} + volumes: + - name: cert + secret: + secretName: {{ $service.name }}-cert + defaultMode: 0644 + {{- with .Values.virtController.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.virtController.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.virtController.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/deploy/helm/virtink/templates/virt-controller/manifests.yaml b/deploy/helm/virtink/templates/virt-controller/manifests.yaml new file mode 100644 index 0000000..f3ca2d9 --- /dev/null +++ b/deploy/helm/virtink/templates/virt-controller/manifests.yaml @@ -0,0 +1,57 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: {{ include "virtink.fullname" . }} + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.virtController.name }}-cert +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: {{ .Values.virtController.name }} + namespace: {{ .Release.Namespace }} + path: /mutate-v1alpha1-virtualmachine + failurePolicy: Fail + name: mutate.virtualmachine.v1alpha1.virt.virtink.smartx.com + rules: + - apiGroups: + - virt.virtink.smartx.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: {{ include "virtink.fullname" . }} + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.virtController.name }}-cert +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: {{ .Values.virtController.name }} + namespace: {{ .Release.Namespace }} + path: /validate-v1alpha1-virtualmachine + failurePolicy: Fail + name: validate.virtualmachine.v1alpha1.virt.virtink.smartx.com + rules: + - apiGroups: + - virt.virtink.smartx.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None diff --git a/deploy/helm/virtink/templates/virt-controller/rbac.yaml b/deploy/helm/virtink/templates/virt-controller/rbac.yaml new file mode 100644 index 0000000..fb22d37 --- /dev/null +++ b/deploy/helm/virtink/templates/virt-controller/rbac.yaml @@ -0,0 +1,118 @@ +{{- $service := .Values.virtController }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ $service.name }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdi.kubevirt.io + resources: + - datavolumes + verbs: + - get + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - virt.virtink.smartx.com + resources: + - virtualmachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - virt.virtink.smartx.com + resources: + - virtualmachines/finalizers + verbs: + - update +- apiGroups: + - virt.virtink.smartx.com + resources: + - virtualmachines/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ $service.name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $service.name }} +subjects: + - kind: ServiceAccount + name: {{ $service.name }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $service.name }} diff --git a/deploy/helm/virtink/templates/virt-controller/service.yaml b/deploy/helm/virtink/templates/virt-controller/service.yaml new file mode 100644 index 0000000..46f0700 --- /dev/null +++ b/deploy/helm/virtink/templates/virt-controller/service.yaml @@ -0,0 +1,15 @@ +{{- $service := .Values.virtDaemon }} +apiVersion: v1 +kind: Service +metadata: + name: {{ $service.name }} + labels: + {{- include "virtink.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ $service.name }} +spec: + selector: + {{- include "virtink.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: {{ $service.name }} + ports: + - port: 443 + targetPort: 9443 diff --git a/deploy/helm/virtink/templates/virt-daemon/daemonset.yaml b/deploy/helm/virtink/templates/virt-daemon/daemonset.yaml new file mode 100644 index 0000000..07352dd --- /dev/null +++ b/deploy/helm/virtink/templates/virt-daemon/daemonset.yaml @@ -0,0 +1,46 @@ +{{- $service := .Values.virtDaemon }} +{{- $image := merge $service.image .Values.image }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ $service.name }} + labels: + app.kubernetes.io/component: {{ $service.name }} +spec: + selector: + matchLabels: + {{- include "virtink.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: {{ $service.name }} + template: + metadata: + {{- with $service.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "virtink.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: {{ $service.name }} + spec: + serviceAccountName: {{ $service.name }} + securityContext: + {{- toYaml $service.podSecurityContext | nindent 8 }} + containers: + - name: {{ $service.name }} + image: {{ include "virtink.image" $image }} + imagePullPolicy: {{ $image.pullPolicy }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + args: + - --zap-time-encoding=iso8601 + volumeMounts: + - name: kubelet-pods + mountPath: /var/lib/kubelet/pods + volumes: + - name: kubelet-pods + hostPath: + path: /var/lib/kubelet/pods diff --git a/deploy/helm/virtink/templates/virt-daemon/rbac.yaml b/deploy/helm/virtink/templates/virt-daemon/rbac.yaml new file mode 100644 index 0000000..a838761 --- /dev/null +++ b/deploy/helm/virtink/templates/virt-daemon/rbac.yaml @@ -0,0 +1,66 @@ +{{- $service := .Values.virtDaemon }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ $service.name }} +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - virt.virtink.smartx.com + resources: + - virtualmachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - virt.virtink.smartx.com + resources: + - virtualmachines/finalizers + verbs: + - update +- apiGroups: + - virt.virtink.smartx.com + resources: + - virtualmachines/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ $service.name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $service.name }} +subjects: + - kind: ServiceAccount + name: {{ $service.name }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $service.name }} diff --git a/deploy/helm/virtink/values.yaml b/deploy/helm/virtink/values.yaml new file mode 100644 index 0000000..b430fdb --- /dev/null +++ b/deploy/helm/virtink/values.yaml @@ -0,0 +1,76 @@ +# Default values for virtink. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +virtController: + name: virt-controller + replicas: 1 + nodeSelector: {} + tolerations: [] + affinity: {} + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + podAnnotations: {} + podSecurityContext: {} + # fsGroup: 2000 + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + image: + repository: smartxworks/virt-controller + +virtDaemon: + name: virt-daemon + nodeSelector: {} + tolerations: [] + affinity: {} + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + podAnnotations: {} + podSecurityContext: {} + # fsGroup: 2000 + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + image: + repository: smartxworks/virt-daemon + +clusterDomain: cluster.local + +image: + registry: "" + repository: "" + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v0.9.0" + +nameOverride: "" +fullnameOverride: "" From 6e8ebd7b7100f998a02d64b8ef8b296f8c2f6ae7 Mon Sep 17 00:00:00 2001 From: weixiao-huang Date: Sat, 20 Aug 2022 08:49:48 +0800 Subject: [PATCH 02/14] fix: image name bug --- deploy/helm/virtink/templates/_helpers.tpl | 8 ++++++++ deploy/helm/virtink/values.yaml | 1 + 2 files changed, 9 insertions(+) diff --git a/deploy/helm/virtink/templates/_helpers.tpl b/deploy/helm/virtink/templates/_helpers.tpl index a6e7252..4e5f917 100644 --- a/deploy/helm/virtink/templates/_helpers.tpl +++ b/deploy/helm/virtink/templates/_helpers.tpl @@ -56,8 +56,16 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- $tag := .tag | toString -}} {{- $digest := .digest | toString -}} {{- if $digest }} + {{- if $registryName }} {{- printf "%s/%s@%s" $registryName $repositoryName $digest -}} + {{- else -}} + {{- printf "%s@%s" $repositoryName $digest -}} + {{- end -}} {{- else -}} + {{- if $registryName }} {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- else -}} + {{- printf "%s:%s" $repositoryName $tag -}} + {{- end -}} {{- end -}} {{- end -}} diff --git a/deploy/helm/virtink/values.yaml b/deploy/helm/virtink/values.yaml index b430fdb..76d1b26 100644 --- a/deploy/helm/virtink/values.yaml +++ b/deploy/helm/virtink/values.yaml @@ -71,6 +71,7 @@ image: pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "v0.9.0" + digest: "" nameOverride: "" fullnameOverride: "" From a62c3c6d9d41b73a18392511565afc453e38cb8d Mon Sep 17 00:00:00 2001 From: weixiao-huang Date: Sat, 20 Aug 2022 08:57:16 +0800 Subject: [PATCH 03/14] feat: add crds dir --- .../virtink/crds/virt.virtink.smartx.com_virtualmachines.yaml | 1 + 1 file changed, 1 insertion(+) create mode 120000 deploy/helm/virtink/crds/virt.virtink.smartx.com_virtualmachines.yaml diff --git a/deploy/helm/virtink/crds/virt.virtink.smartx.com_virtualmachines.yaml b/deploy/helm/virtink/crds/virt.virtink.smartx.com_virtualmachines.yaml new file mode 120000 index 0000000..de57bde --- /dev/null +++ b/deploy/helm/virtink/crds/virt.virtink.smartx.com_virtualmachines.yaml @@ -0,0 +1 @@ +../../../crd/virt.virtink.smartx.com_virtualmachines.yaml \ No newline at end of file From 93914d8597d7052ef2ec4a7393f966fe87e29253 Mon Sep 17 00:00:00 2001 From: weixiao-huang Date: Wed, 31 Aug 2022 22:42:17 +0800 Subject: [PATCH 04/14] feat(deploy): add support for matching live migration --- deploy/helm/virtink/crds | 1 + ...rt.virtink.smartx.com_virtualmachines.yaml | 1 - .../templates/virt-controller/manifests.yaml | 21 +++++++++++++++++++ .../templates/virt-controller/rbac.yaml | 16 ++++++++++++++ .../virtink/templates/virt-daemon/cert.yaml | 20 ++++++++++++++++++ .../templates/virt-daemon/daemonset.yaml | 11 ++++++++++ 6 files changed, 69 insertions(+), 1 deletion(-) create mode 120000 deploy/helm/virtink/crds delete mode 120000 deploy/helm/virtink/crds/virt.virtink.smartx.com_virtualmachines.yaml create mode 100644 deploy/helm/virtink/templates/virt-daemon/cert.yaml diff --git a/deploy/helm/virtink/crds b/deploy/helm/virtink/crds new file mode 120000 index 0000000..bfd7290 --- /dev/null +++ b/deploy/helm/virtink/crds @@ -0,0 +1 @@ +../../crd \ No newline at end of file diff --git a/deploy/helm/virtink/crds/virt.virtink.smartx.com_virtualmachines.yaml b/deploy/helm/virtink/crds/virt.virtink.smartx.com_virtualmachines.yaml deleted file mode 120000 index de57bde..0000000 --- a/deploy/helm/virtink/crds/virt.virtink.smartx.com_virtualmachines.yaml +++ /dev/null @@ -1 +0,0 @@ -../../../crd/virt.virtink.smartx.com_virtualmachines.yaml \ No newline at end of file diff --git a/deploy/helm/virtink/templates/virt-controller/manifests.yaml b/deploy/helm/virtink/templates/virt-controller/manifests.yaml index f3ca2d9..1d7742c 100644 --- a/deploy/helm/virtink/templates/virt-controller/manifests.yaml +++ b/deploy/helm/virtink/templates/virt-controller/manifests.yaml @@ -55,3 +55,24 @@ webhooks: resources: - virtualmachines sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: {{ .Values.virtController.name }} + namespace: {{ .Release.Namespace }} + path: /validate-v1alpha1-virtualmachinemigration + failurePolicy: Fail + name: validate.virtualmachinemigration.v1alpha1.virt.virtink.smartx.com + rules: + - apiGroups: + - virt.virtink.smartx.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinemigrations + sideEffects: None \ No newline at end of file diff --git a/deploy/helm/virtink/templates/virt-controller/rbac.yaml b/deploy/helm/virtink/templates/virt-controller/rbac.yaml index fb22d37..a50ce4d 100644 --- a/deploy/helm/virtink/templates/virt-controller/rbac.yaml +++ b/deploy/helm/virtink/templates/virt-controller/rbac.yaml @@ -72,6 +72,22 @@ rules: - get - list - watch +- apiGroups: + - virt.virtink.smartx.com + resources: + - virtualmachinemigrations + verbs: + - get + - list + - watch +- apiGroups: + - virt.virtink.smartx.com + resources: + - virtualmachinemigrations/status + verbs: + - get + - patch + - update - apiGroups: - virt.virtink.smartx.com resources: diff --git a/deploy/helm/virtink/templates/virt-daemon/cert.yaml b/deploy/helm/virtink/templates/virt-daemon/cert.yaml new file mode 100644 index 0000000..314ddd0 --- /dev/null +++ b/deploy/helm/virtink/templates/virt-daemon/cert.yaml @@ -0,0 +1,20 @@ +{{- $service := .Values.virtDaemon }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ $service.name }}-cert +spec: + issuerRef: + kind: Issuer + name: {{ $service.name }}-cert-issuer + dnsNames: + - {{ $service.name }}.{{ .Release.Namespace }}.svc + - {{ $service.name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + secretName: {{ $service.name }}-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ $service.name }}-cert-issuer +spec: + selfSigned: {} diff --git a/deploy/helm/virtink/templates/virt-daemon/daemonset.yaml b/deploy/helm/virtink/templates/virt-daemon/daemonset.yaml index 07352dd..6f17774 100644 --- a/deploy/helm/virtink/templates/virt-daemon/daemonset.yaml +++ b/deploy/helm/virtink/templates/virt-daemon/daemonset.yaml @@ -35,12 +35,23 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP args: - --zap-time-encoding=iso8601 volumeMounts: - name: kubelet-pods mountPath: /var/lib/kubelet/pods + - name: cert + mountPath: /var/lib/virtink/daemon/cert + readOnly: true volumes: - name: kubelet-pods hostPath: path: /var/lib/kubelet/pods + - name: cert + secret: + secretName: virt-daemon-cert + defaultMode: 420 From e7424cbf6a2ff8f505b2fe7624062584cab70a66 Mon Sep 17 00:00:00 2001 From: weixiao-huang Date: Wed, 31 Aug 2022 22:59:03 +0800 Subject: [PATCH 05/14] ci: add helm into skaffold --- skaffold.yaml | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/skaffold.yaml b/skaffold.yaml index 79172b6..9a42a8a 100644 --- a/skaffold.yaml +++ b/skaffold.yaml @@ -19,6 +19,14 @@ build: docker: dockerfile: build/virt-prerunner/Dockerfile deploy: - kustomize: - paths: - - deploy + helm: + releases: + - name: virtink + namespace: virtink-system + chartPath: ./deploy/helm/virtink + artifactOverrides: + virtController.image: virt-controller + virtDaemon.image: virt-daemon + imageStrategy: + helm: + explicitRegistry: true From 978aa2ff930600035660252d28f7586e6b1362b9 Mon Sep 17 00:00:00 2001 From: weixiao-huang Date: Thu, 1 Sep 2022 00:12:49 +0800 Subject: [PATCH 06/14] feat(deploy): remove kustomization and only use helm --- deploy/kustomization.yaml | 6 - deploy/namespace.yaml | 4 - deploy/virt-controller/cert-issuer.yaml | 7 -- deploy/virt-controller/cert.yaml | 13 --- deploy/virt-controller/deployment.yaml | 30 ----- deploy/virt-controller/kustomization.yaml | 26 ----- deploy/virt-controller/manifests-patch.yaml | 30 ----- deploy/virt-controller/manifests.yaml | 77 ------------- deploy/virt-controller/role.yaml | 117 -------------------- deploy/virt-controller/rolebinding.yaml | 12 -- deploy/virt-controller/sa.yaml | 5 - deploy/virt-controller/service.yaml | 11 -- deploy/virt-daemon/cert-issuer.yaml | 7 -- deploy/virt-daemon/cert.yaml | 13 --- deploy/virt-daemon/daemonset.yaml | 43 ------- deploy/virt-daemon/kustomization.yaml | 7 -- deploy/virt-daemon/role.yaml | 49 -------- deploy/virt-daemon/rolebinding.yaml | 12 -- deploy/virt-daemon/sa.yaml | 5 - 19 files changed, 474 deletions(-) delete mode 100644 deploy/kustomization.yaml delete mode 100644 deploy/namespace.yaml delete mode 100644 deploy/virt-controller/cert-issuer.yaml delete mode 100644 deploy/virt-controller/cert.yaml delete mode 100644 deploy/virt-controller/deployment.yaml delete mode 100644 deploy/virt-controller/kustomization.yaml delete mode 100644 deploy/virt-controller/manifests-patch.yaml delete mode 100644 deploy/virt-controller/manifests.yaml delete mode 100644 deploy/virt-controller/role.yaml delete mode 100644 deploy/virt-controller/rolebinding.yaml delete mode 100644 deploy/virt-controller/sa.yaml delete mode 100644 deploy/virt-controller/service.yaml delete mode 100644 deploy/virt-daemon/cert-issuer.yaml delete mode 100644 deploy/virt-daemon/cert.yaml delete mode 100644 deploy/virt-daemon/daemonset.yaml delete mode 100644 deploy/virt-daemon/kustomization.yaml delete mode 100644 deploy/virt-daemon/role.yaml delete mode 100644 deploy/virt-daemon/rolebinding.yaml delete mode 100644 deploy/virt-daemon/sa.yaml diff --git a/deploy/kustomization.yaml b/deploy/kustomization.yaml deleted file mode 100644 index c9775d4..0000000 --- a/deploy/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -resources: - - crd/virt.virtink.smartx.com_virtualmachines.yaml - - crd/virt.virtink.smartx.com_virtualmachinemigrations.yaml - - namespace.yaml - - virt-controller - - virt-daemon diff --git a/deploy/namespace.yaml b/deploy/namespace.yaml deleted file mode 100644 index 2aa002d..0000000 --- a/deploy/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: virtink-system diff --git a/deploy/virt-controller/cert-issuer.yaml b/deploy/virt-controller/cert-issuer.yaml deleted file mode 100644 index 67bf348..0000000 --- a/deploy/virt-controller/cert-issuer.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: virt-controller-cert-issuer - namespace: virtink-system -spec: - selfSigned: {} diff --git a/deploy/virt-controller/cert.yaml b/deploy/virt-controller/cert.yaml deleted file mode 100644 index 1cb02a0..0000000 --- a/deploy/virt-controller/cert.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: virt-controller-cert - namespace: virtink-system -spec: - issuerRef: - kind: Issuer - name: virt-controller-cert-issuer - dnsNames: - - virt-controller.virtink-system.svc - - virt-controller.virtink-system.svc.cluster.local - secretName: virt-controller-cert diff --git a/deploy/virt-controller/deployment.yaml b/deploy/virt-controller/deployment.yaml deleted file mode 100644 index 927d9a4..0000000 --- a/deploy/virt-controller/deployment.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: virt-controller - namespace: virtink-system -spec: - selector: - matchLabels: - name: virt-controller - template: - metadata: - labels: - name: virt-controller - spec: - serviceAccountName: virt-controller - containers: - - name: virt-controller - image: virt-controller - args: - - --zap-time-encoding=iso8601 - - --leader-elect - volumeMounts: - - name: cert - mountPath: /tmp/k8s-webhook-server/serving-certs - readOnly: true - volumes: - - name: cert - secret: - secretName: virt-controller-cert - defaultMode: 0644 diff --git a/deploy/virt-controller/kustomization.yaml b/deploy/virt-controller/kustomization.yaml deleted file mode 100644 index 4d6b6b1..0000000 --- a/deploy/virt-controller/kustomization.yaml +++ /dev/null @@ -1,26 +0,0 @@ -resources: - - deployment.yaml - - rolebinding.yaml - - role.yaml - - sa.yaml - - manifests.yaml - - service.yaml - - cert.yaml - - cert-issuer.yaml - -patchesStrategicMerge: - - manifests-patch.yaml - -patchesJson6902: - - target: - name: mutating-webhook-configuration - patch: |- - - op: replace - path: /metadata/name - value: virtink-mutating-webhook-configuration - - target: - name: validating-webhook-configuration - patch: |- - - op: replace - path: /metadata/name - value: virtink-validating-webhook-configuration diff --git a/deploy/virt-controller/manifests-patch.yaml b/deploy/virt-controller/manifests-patch.yaml deleted file mode 100644 index 6c59bea..0000000 --- a/deploy/virt-controller/manifests-patch.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: mutating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: virtink-system/virt-controller-cert -webhooks: - - name: mutate.virtualmachine.v1alpha1.virt.virtink.smartx.com - clientConfig: - service: - name: virt-controller - namespace: virtink-system ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: virtink-system/virt-controller-cert -webhooks: - - name: validate.virtualmachine.v1alpha1.virt.virtink.smartx.com - clientConfig: - service: - name: virt-controller - namespace: virtink-system - - name: validate.virtualmachinemigration.v1alpha1.virt.virtink.smartx.com - clientConfig: - service: - name: virt-controller - namespace: virtink-system diff --git a/deploy/virt-controller/manifests.yaml b/deploy/virt-controller/manifests.yaml deleted file mode 100644 index b320940..0000000 --- a/deploy/virt-controller/manifests.yaml +++ /dev/null @@ -1,77 +0,0 @@ ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - creationTimestamp: null - name: mutating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-v1alpha1-virtualmachine - failurePolicy: Fail - name: mutate.virtualmachine.v1alpha1.virt.virtink.smartx.com - rules: - - apiGroups: - - virt.virtink.smartx.com - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - virtualmachines - sideEffects: None ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - creationTimestamp: null - name: validating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-v1alpha1-virtualmachine - failurePolicy: Fail - name: validate.virtualmachine.v1alpha1.virt.virtink.smartx.com - rules: - - apiGroups: - - virt.virtink.smartx.com - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - virtualmachines - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-v1alpha1-virtualmachinemigration - failurePolicy: Fail - name: validate.virtualmachinemigration.v1alpha1.virt.virtink.smartx.com - rules: - - apiGroups: - - virt.virtink.smartx.com - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - virtualmachinemigrations - sideEffects: None diff --git a/deploy/virt-controller/role.yaml b/deploy/virt-controller/role.yaml deleted file mode 100644 index a776f1a..0000000 --- a/deploy/virt-controller/role.yaml +++ /dev/null @@ -1,117 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: virt-controller -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - cdi.kubevirt.io - resources: - - datavolumes - verbs: - - get - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - k8s.cni.cncf.io - resources: - - network-attachment-definitions - verbs: - - get - - list - - watch -- apiGroups: - - virt.virtink.smartx.com - resources: - - virtualmachinemigrations - verbs: - - get - - list - - watch -- apiGroups: - - virt.virtink.smartx.com - resources: - - virtualmachinemigrations/status - verbs: - - get - - patch - - update -- apiGroups: - - virt.virtink.smartx.com - resources: - - virtualmachines - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - virt.virtink.smartx.com - resources: - - virtualmachines/finalizers - verbs: - - update -- apiGroups: - - virt.virtink.smartx.com - resources: - - virtualmachines/status - verbs: - - get - - patch - - update diff --git a/deploy/virt-controller/rolebinding.yaml b/deploy/virt-controller/rolebinding.yaml deleted file mode 100644 index 2075d15..0000000 --- a/deploy/virt-controller/rolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: virt-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: virt-controller -subjects: - - kind: ServiceAccount - name: virt-controller - namespace: virtink-system diff --git a/deploy/virt-controller/sa.yaml b/deploy/virt-controller/sa.yaml deleted file mode 100644 index 3ad95a8..0000000 --- a/deploy/virt-controller/sa.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: virt-controller - namespace: virtink-system diff --git a/deploy/virt-controller/service.yaml b/deploy/virt-controller/service.yaml deleted file mode 100644 index 5fdffed..0000000 --- a/deploy/virt-controller/service.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: virt-controller - namespace: virtink-system -spec: - selector: - name: virt-controller - ports: - - port: 443 - targetPort: 9443 diff --git a/deploy/virt-daemon/cert-issuer.yaml b/deploy/virt-daemon/cert-issuer.yaml deleted file mode 100644 index 692c4e5..0000000 --- a/deploy/virt-daemon/cert-issuer.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: virt-daemon-cert-issuer - namespace: virtink-system -spec: - selfSigned: {} diff --git a/deploy/virt-daemon/cert.yaml b/deploy/virt-daemon/cert.yaml deleted file mode 100644 index f6551d2..0000000 --- a/deploy/virt-daemon/cert.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: virt-daemon-cert - namespace: virtink-system -spec: - issuerRef: - kind: Issuer - name: virt-daemon-cert-issuer - dnsNames: - - virt-daemon.virtink-system.svc - - virt-daemon.virtink-system.svc.cluster.local - secretName: virt-daemon-cert diff --git a/deploy/virt-daemon/daemonset.yaml b/deploy/virt-daemon/daemonset.yaml deleted file mode 100644 index ad16a2c..0000000 --- a/deploy/virt-daemon/daemonset.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: virt-daemon - namespace: virtink-system -spec: - selector: - matchLabels: - name: virt-daemon - template: - metadata: - labels: - name: virt-daemon - spec: - serviceAccountName: virt-daemon - containers: - - name: virt-daemon - image: virt-daemon - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: NODE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - args: - - --zap-time-encoding=iso8601 - volumeMounts: - - name: kubelet-pods - mountPath: /var/lib/kubelet/pods - - name: cert - mountPath: /var/lib/virtink/daemon/cert - readOnly: true - volumes: - - name: kubelet-pods - hostPath: - path: /var/lib/kubelet/pods - - name: cert - secret: - secretName: virt-daemon-cert - defaultMode: 420 diff --git a/deploy/virt-daemon/kustomization.yaml b/deploy/virt-daemon/kustomization.yaml deleted file mode 100644 index 43c908d..0000000 --- a/deploy/virt-daemon/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -resources: - - daemonset.yaml - - rolebinding.yaml - - role.yaml - - sa.yaml - - cert.yaml - - cert-issuer.yaml diff --git a/deploy/virt-daemon/role.yaml b/deploy/virt-daemon/role.yaml deleted file mode 100644 index a9641fb..0000000 --- a/deploy/virt-daemon/role.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: virt-daemon -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - virt.virtink.smartx.com - resources: - - virtualmachines - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - virt.virtink.smartx.com - resources: - - virtualmachines/finalizers - verbs: - - update -- apiGroups: - - virt.virtink.smartx.com - resources: - - virtualmachines/status - verbs: - - get - - patch - - update diff --git a/deploy/virt-daemon/rolebinding.yaml b/deploy/virt-daemon/rolebinding.yaml deleted file mode 100644 index d86a6bf..0000000 --- a/deploy/virt-daemon/rolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: virt-daemon -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: virt-daemon -subjects: - - kind: ServiceAccount - name: virt-daemon - namespace: virtink-system diff --git a/deploy/virt-daemon/sa.yaml b/deploy/virt-daemon/sa.yaml deleted file mode 100644 index 04ed352..0000000 --- a/deploy/virt-daemon/sa.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: virt-daemon - namespace: virtink-system From ead3529c7a12eba914221a129a66a6776ee332f5 Mon Sep 17 00:00:00 2001 From: weixiao-huang Date: Thu, 1 Sep 2022 08:57:03 +0800 Subject: [PATCH 07/14] feat(deploy): bump version from 0.9.0 to 0.10.0 --- deploy/helm/virtink/Chart.yaml | 2 +- deploy/helm/virtink/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/helm/virtink/Chart.yaml b/deploy/helm/virtink/Chart.yaml index d859cc0..5919b4a 100644 --- a/deploy/helm/virtink/Chart.yaml +++ b/deploy/helm/virtink/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: virtink description: A helm chart for installing virtink type: application -version: 0.9.0 +version: 0.10.0 appVersion: "1.16.0" diff --git a/deploy/helm/virtink/values.yaml b/deploy/helm/virtink/values.yaml index 76d1b26..a57f0d1 100644 --- a/deploy/helm/virtink/values.yaml +++ b/deploy/helm/virtink/values.yaml @@ -70,7 +70,7 @@ image: repository: "" pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "v0.9.0" + tag: "v0.10.0" digest: "" nameOverride: "" From f20433b0015829b7a124dfa3c7de11ce5cb180d6 Mon Sep 17 00:00:00 2001 From: weixiao-huang Date: Thu, 1 Sep 2022 20:31:01 +0800 Subject: [PATCH 08/14] feat(helm): remove securityContext and bump AppVersion --- deploy/helm/virtink/Chart.yaml | 2 +- .../templates/virt-controller/deployment.yaml | 4 ---- .../templates/virt-daemon/daemonset.yaml | 4 ---- deploy/helm/virtink/values.yaml | 18 ------------------ 4 files changed, 1 insertion(+), 27 deletions(-) diff --git a/deploy/helm/virtink/Chart.yaml b/deploy/helm/virtink/Chart.yaml index 5919b4a..6ce8c20 100644 --- a/deploy/helm/virtink/Chart.yaml +++ b/deploy/helm/virtink/Chart.yaml @@ -3,4 +3,4 @@ name: virtink description: A helm chart for installing virtink type: application version: 0.10.0 -appVersion: "1.16.0" +appVersion: "v0.10.0" diff --git a/deploy/helm/virtink/templates/virt-controller/deployment.yaml b/deploy/helm/virtink/templates/virt-controller/deployment.yaml index 2e69050..ee73bec 100644 --- a/deploy/helm/virtink/templates/virt-controller/deployment.yaml +++ b/deploy/helm/virtink/templates/virt-controller/deployment.yaml @@ -23,14 +23,10 @@ spec: app.kubernetes.io/component: {{ $service.name }} spec: serviceAccountName: {{ $service.name }} - securityContext: - {{- toYaml $service.podSecurityContext | nindent 8 }} containers: - name: {{ $service.name }} image: {{ include "virtink.image" $image }} imagePullPolicy: {{ $image.pullPolicy }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} args: - --zap-time-encoding=iso8601 - --leader-elect diff --git a/deploy/helm/virtink/templates/virt-daemon/daemonset.yaml b/deploy/helm/virtink/templates/virt-daemon/daemonset.yaml index 6f17774..522a279 100644 --- a/deploy/helm/virtink/templates/virt-daemon/daemonset.yaml +++ b/deploy/helm/virtink/templates/virt-daemon/daemonset.yaml @@ -22,14 +22,10 @@ spec: app.kubernetes.io/component: {{ $service.name }} spec: serviceAccountName: {{ $service.name }} - securityContext: - {{- toYaml $service.podSecurityContext | nindent 8 }} containers: - name: {{ $service.name }} image: {{ include "virtink.image" $image }} imagePullPolicy: {{ $image.pullPolicy }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} env: - name: NODE_NAME valueFrom: diff --git a/deploy/helm/virtink/values.yaml b/deploy/helm/virtink/values.yaml index a57f0d1..e646945 100644 --- a/deploy/helm/virtink/values.yaml +++ b/deploy/helm/virtink/values.yaml @@ -21,15 +21,6 @@ virtController: # memory: 128Mi podAnnotations: {} - podSecurityContext: {} - # fsGroup: 2000 - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 image: repository: smartxworks/virt-controller @@ -51,15 +42,6 @@ virtDaemon: # memory: 128Mi podAnnotations: {} - podSecurityContext: {} - # fsGroup: 2000 - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 image: repository: smartxworks/virt-daemon From 031daf98a83980bedf2fe2be4bb17ef8d6013912 Mon Sep 17 00:00:00 2001 From: weixiao-huang Date: Thu, 1 Sep 2022 21:29:29 +0800 Subject: [PATCH 09/14] feat(deploy): improve role generation --- .../templates/virt-controller/cert.yaml | 13 +- .../templates/virt-controller/deployment.yaml | 14 +- .../templates/virt-controller/rbac.yaml | 125 +----------------- .../templates/virt-controller/role.yaml | 117 ++++++++++++++++ .../templates/virt-controller/service.yaml | 7 +- .../virtink/templates/virt-daemon/cert.yaml | 13 +- .../templates/virt-daemon/daemonset.yaml | 12 +- .../virtink/templates/virt-daemon/rbac.yaml | 57 +------- .../virtink/templates/virt-daemon/role.yaml | 49 +++++++ deploy/helm/virtink/values.yaml | 2 - hack/generate.sh | 11 +- 11 files changed, 210 insertions(+), 210 deletions(-) create mode 100644 deploy/helm/virtink/templates/virt-controller/role.yaml create mode 100644 deploy/helm/virtink/templates/virt-daemon/role.yaml diff --git a/deploy/helm/virtink/templates/virt-controller/cert.yaml b/deploy/helm/virtink/templates/virt-controller/cert.yaml index 273a9cc..56749d2 100644 --- a/deploy/helm/virtink/templates/virt-controller/cert.yaml +++ b/deploy/helm/virtink/templates/virt-controller/cert.yaml @@ -1,20 +1,19 @@ -{{- $service := .Values.virtController }} apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: {{ $service.name }}-cert + name: virt-controller-cert spec: issuerRef: kind: Issuer - name: {{ $service.name }}-cert-issuer + name: virt-controller-cert-issuer dnsNames: - - {{ $service.name }}.{{ .Release.Namespace }}.svc - - {{ $service.name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - secretName: {{ $service.name }}-cert + - virt-controller.{{ .Release.Namespace }}.svc + - virt-controller.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + secretName: virt-controller-cert --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: - name: {{ $service.name }}-cert-issuer + name: virt-controller-cert-issuer spec: selfSigned: {} diff --git a/deploy/helm/virtink/templates/virt-controller/deployment.yaml b/deploy/helm/virtink/templates/virt-controller/deployment.yaml index ee73bec..f8cd6cf 100644 --- a/deploy/helm/virtink/templates/virt-controller/deployment.yaml +++ b/deploy/helm/virtink/templates/virt-controller/deployment.yaml @@ -3,15 +3,15 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ $service.name }} + name: virt-controller labels: {{- include "virtink.labels" . | nindent 4 }} - app.kubernetes.io/component: {{ $service.name }} + app.kubernetes.io/component: virt-controller spec: selector: matchLabels: {{- include "virtink.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: {{ $service.name }} + app.kubernetes.io/component: virt-controller template: metadata: {{- with $service.podAnnotations }} @@ -20,11 +20,11 @@ spec: {{- end }} labels: {{- include "virtink.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: {{ $service.name }} + app.kubernetes.io/component: virt-controller spec: - serviceAccountName: {{ $service.name }} + serviceAccountName: virt-controller containers: - - name: {{ $service.name }} + - name: virt-controller image: {{ include "virtink.image" $image }} imagePullPolicy: {{ $image.pullPolicy }} args: @@ -39,7 +39,7 @@ spec: volumes: - name: cert secret: - secretName: {{ $service.name }}-cert + secretName: virt-controller-cert defaultMode: 0644 {{- with .Values.virtController.nodeSelector }} nodeSelector: diff --git a/deploy/helm/virtink/templates/virt-controller/rbac.yaml b/deploy/helm/virtink/templates/virt-controller/rbac.yaml index a50ce4d..d0bdf34 100644 --- a/deploy/helm/virtink/templates/virt-controller/rbac.yaml +++ b/deploy/helm/virtink/templates/virt-controller/rbac.yaml @@ -1,134 +1,17 @@ -{{- $service := .Values.virtController }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ $service.name }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - cdi.kubevirt.io - resources: - - datavolumes - verbs: - - get - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - k8s.cni.cncf.io - resources: - - network-attachment-definitions - verbs: - - get - - list - - watch -- apiGroups: - - virt.virtink.smartx.com - resources: - - virtualmachinemigrations - verbs: - - get - - list - - watch -- apiGroups: - - virt.virtink.smartx.com - resources: - - virtualmachinemigrations/status - verbs: - - get - - patch - - update -- apiGroups: - - virt.virtink.smartx.com - resources: - - virtualmachines - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - virt.virtink.smartx.com - resources: - - virtualmachines/finalizers - verbs: - - update -- apiGroups: - - virt.virtink.smartx.com - resources: - - virtualmachines/status - verbs: - - get - - patch - - update ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ $service.name }} + name: virt-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ $service.name }} + name: virt-controller subjects: - kind: ServiceAccount - name: {{ $service.name }} + name: virt-controller namespace: {{ .Release.Namespace }} --- apiVersion: v1 kind: ServiceAccount metadata: - name: {{ $service.name }} + name: virt-controller diff --git a/deploy/helm/virtink/templates/virt-controller/role.yaml b/deploy/helm/virtink/templates/virt-controller/role.yaml new file mode 100644 index 0000000..a776f1a --- /dev/null +++ b/deploy/helm/virtink/templates/virt-controller/role.yaml @@ -0,0 +1,117 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: virt-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cdi.kubevirt.io + resources: + - datavolumes + verbs: + - get + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - virt.virtink.smartx.com + resources: + - virtualmachinemigrations + verbs: + - get + - list + - watch +- apiGroups: + - virt.virtink.smartx.com + resources: + - virtualmachinemigrations/status + verbs: + - get + - patch + - update +- apiGroups: + - virt.virtink.smartx.com + resources: + - virtualmachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - virt.virtink.smartx.com + resources: + - virtualmachines/finalizers + verbs: + - update +- apiGroups: + - virt.virtink.smartx.com + resources: + - virtualmachines/status + verbs: + - get + - patch + - update diff --git a/deploy/helm/virtink/templates/virt-controller/service.yaml b/deploy/helm/virtink/templates/virt-controller/service.yaml index 46f0700..20cd6aa 100644 --- a/deploy/helm/virtink/templates/virt-controller/service.yaml +++ b/deploy/helm/virtink/templates/virt-controller/service.yaml @@ -1,15 +1,14 @@ -{{- $service := .Values.virtDaemon }} apiVersion: v1 kind: Service metadata: - name: {{ $service.name }} + name: virt-daemon labels: {{- include "virtink.labels" . | nindent 4 }} - app.kubernetes.io/component: {{ $service.name }} + app.kubernetes.io/component: virt-daemon spec: selector: {{- include "virtink.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: {{ $service.name }} + app.kubernetes.io/component: virt-daemon ports: - port: 443 targetPort: 9443 diff --git a/deploy/helm/virtink/templates/virt-daemon/cert.yaml b/deploy/helm/virtink/templates/virt-daemon/cert.yaml index 314ddd0..b09ca95 100644 --- a/deploy/helm/virtink/templates/virt-daemon/cert.yaml +++ b/deploy/helm/virtink/templates/virt-daemon/cert.yaml @@ -1,20 +1,19 @@ -{{- $service := .Values.virtDaemon }} apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: {{ $service.name }}-cert + name: virt-daemon-cert spec: issuerRef: kind: Issuer - name: {{ $service.name }}-cert-issuer + name: virt-daemon-cert-issuer dnsNames: - - {{ $service.name }}.{{ .Release.Namespace }}.svc - - {{ $service.name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - secretName: {{ $service.name }}-cert + - virt-daemon.{{ .Release.Namespace }}.svc + - virt-daemon.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + secretName: virt-daemon-cert --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: - name: {{ $service.name }}-cert-issuer + name: virt-daemon-cert-issuer spec: selfSigned: {} diff --git a/deploy/helm/virtink/templates/virt-daemon/daemonset.yaml b/deploy/helm/virtink/templates/virt-daemon/daemonset.yaml index 522a279..0d6a34e 100644 --- a/deploy/helm/virtink/templates/virt-daemon/daemonset.yaml +++ b/deploy/helm/virtink/templates/virt-daemon/daemonset.yaml @@ -3,14 +3,14 @@ apiVersion: apps/v1 kind: DaemonSet metadata: - name: {{ $service.name }} + name: virt-daemon labels: - app.kubernetes.io/component: {{ $service.name }} + app.kubernetes.io/component: virt-daemon spec: selector: matchLabels: {{- include "virtink.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: {{ $service.name }} + app.kubernetes.io/component: virt-daemon template: metadata: {{- with $service.podAnnotations }} @@ -19,11 +19,11 @@ spec: {{- end }} labels: {{- include "virtink.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: {{ $service.name }} + app.kubernetes.io/component: virt-daemon spec: - serviceAccountName: {{ $service.name }} + serviceAccountName: virt-daemon containers: - - name: {{ $service.name }} + - name: virt-daemon image: {{ include "virtink.image" $image }} imagePullPolicy: {{ $image.pullPolicy }} env: diff --git a/deploy/helm/virtink/templates/virt-daemon/rbac.yaml b/deploy/helm/virtink/templates/virt-daemon/rbac.yaml index a838761..bf7c050 100644 --- a/deploy/helm/virtink/templates/virt-daemon/rbac.yaml +++ b/deploy/helm/virtink/templates/virt-daemon/rbac.yaml @@ -1,66 +1,17 @@ -{{- $service := .Values.virtDaemon }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ $service.name }} -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - virt.virtink.smartx.com - resources: - - virtualmachines - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - virt.virtink.smartx.com - resources: - - virtualmachines/finalizers - verbs: - - update -- apiGroups: - - virt.virtink.smartx.com - resources: - - virtualmachines/status - verbs: - - get - - patch - - update ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ $service.name }} + name: virt-daemon roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ $service.name }} + name: virt-daemon subjects: - kind: ServiceAccount - name: {{ $service.name }} + name: virt-daemon namespace: {{ .Release.Namespace }} --- apiVersion: v1 kind: ServiceAccount metadata: - name: {{ $service.name }} + name: virt-daemon diff --git a/deploy/helm/virtink/templates/virt-daemon/role.yaml b/deploy/helm/virtink/templates/virt-daemon/role.yaml new file mode 100644 index 0000000..a9641fb --- /dev/null +++ b/deploy/helm/virtink/templates/virt-daemon/role.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: virt-daemon +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - virt.virtink.smartx.com + resources: + - virtualmachines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - virt.virtink.smartx.com + resources: + - virtualmachines/finalizers + verbs: + - update +- apiGroups: + - virt.virtink.smartx.com + resources: + - virtualmachines/status + verbs: + - get + - patch + - update diff --git a/deploy/helm/virtink/values.yaml b/deploy/helm/virtink/values.yaml index e646945..43c1c1a 100644 --- a/deploy/helm/virtink/values.yaml +++ b/deploy/helm/virtink/values.yaml @@ -3,7 +3,6 @@ # Declare variables to be passed into your templates. virtController: - name: virt-controller replicas: 1 nodeSelector: {} tolerations: [] @@ -25,7 +24,6 @@ virtController: repository: smartxworks/virt-controller virtDaemon: - name: virt-daemon nodeSelector: {} tolerations: [] affinity: {} diff --git a/hack/generate.sh b/hack/generate.sh index a5a8116..99de9c0 100755 --- a/hack/generate.sh +++ b/hack/generate.sh @@ -4,13 +4,18 @@ set -o errexit set -o nounset set -o pipefail -bash $GOPATH/src/k8s.io/code-generator/generate-groups.sh "deepcopy,client,informer,lister" \ +bash "$GOPATH"/src/k8s.io/code-generator/generate-groups.sh "deepcopy,client,informer,lister" \ github.com/smartxworks/virtink/pkg/generated github.com/smartxworks/virtink/pkg/apis \ virt:v1alpha1 \ --go-header-file ./hack/boilerplate.go.txt +dir="deploy/helm/virtink/templates" + controller-gen paths=./pkg/apis/... crd output:crd:artifacts:config=deploy/crd -controller-gen paths=./cmd/virt-controller/... paths=./pkg/controller/... rbac:roleName=virt-controller output:rbac:artifacts:config=deploy/virt-controller webhook output:webhook:artifacts:config=deploy/virt-controller -controller-gen paths=./cmd/virt-daemon/... paths=./pkg/daemon/... rbac:roleName=virt-daemon output:rbac:artifacts:config=deploy/virt-daemon +controller-gen paths=./cmd/virt-controller/... paths=./pkg/controller/... rbac:roleName=virt-controller \ + output:rbac:artifacts:config="$dir"/virt-controller \ + webhook output:webhook:artifacts:config="$dir"/virt-controller +controller-gen paths=./cmd/virt-daemon/... paths=./pkg/daemon/... rbac:roleName=virt-daemon \ + output:rbac:artifacts:config="$dir"/virt-daemon go generate ./... From de2a44e446126e7d76fd7d95a3c8bd4b9939fe5d Mon Sep 17 00:00:00 2001 From: weixiao-huang Date: Thu, 1 Sep 2022 21:58:30 +0800 Subject: [PATCH 10/14] feat(deploy): use sed for hacking generate helm manifests --- .../templates/virt-controller/manifests.yaml | 41 ++++++++++--------- hack/generate.sh | 13 ++++++ 2 files changed, 35 insertions(+), 19 deletions(-) diff --git a/deploy/helm/virtink/templates/virt-controller/manifests.yaml b/deploy/helm/virtink/templates/virt-controller/manifests.yaml index 1d7742c..78c7a2e 100644 --- a/deploy/helm/virtink/templates/virt-controller/manifests.yaml +++ b/deploy/helm/virtink/templates/virt-controller/manifests.yaml @@ -1,16 +1,18 @@ +--- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: - name: {{ include "virtink.fullname" . }} + creationTimestamp: null + name: virt-controller annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.virtController.name }}-cert + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/virt-controller-cert webhooks: - admissionReviewVersions: - v1 - v1beta1 clientConfig: service: - name: {{ .Values.virtController.name }} + name: virt-controller namespace: {{ .Release.Namespace }} path: /mutate-v1alpha1-virtualmachine failurePolicy: Fail @@ -30,16 +32,17 @@ webhooks: apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: - name: {{ include "virtink.fullname" . }} + creationTimestamp: null + name: virt-controller annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.virtController.name }}-cert + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/virt-controller-cert webhooks: - admissionReviewVersions: - v1 - v1beta1 clientConfig: service: - name: {{ .Values.virtController.name }} + name: virt-controller namespace: {{ .Release.Namespace }} path: /validate-v1alpha1-virtualmachine failurePolicy: Fail @@ -56,23 +59,23 @@ webhooks: - virtualmachines sideEffects: None - admissionReviewVersions: - - v1 - - v1beta1 + - v1 + - v1beta1 clientConfig: service: - name: {{ .Values.virtController.name }} + name: virt-controller namespace: {{ .Release.Namespace }} path: /validate-v1alpha1-virtualmachinemigration failurePolicy: Fail name: validate.virtualmachinemigration.v1alpha1.virt.virtink.smartx.com rules: - - apiGroups: - - virt.virtink.smartx.com - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - virtualmachinemigrations - sideEffects: None \ No newline at end of file + - apiGroups: + - virt.virtink.smartx.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinemigrations + sideEffects: None diff --git a/hack/generate.sh b/hack/generate.sh index 99de9c0..8b0075d 100755 --- a/hack/generate.sh +++ b/hack/generate.sh @@ -18,4 +18,17 @@ controller-gen paths=./cmd/virt-controller/... paths=./pkg/controller/... rbac:r controller-gen paths=./cmd/virt-daemon/... paths=./pkg/daemon/... rbac:roleName=virt-daemon \ output:rbac:artifacts:config="$dir"/virt-daemon +# TODO: should use a more elegant way for editing generated manifests.yaml +replace=" name: virt-controller + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/virt-controller-cert" + +# Replace newlines with literal \n, replace \ -> \/ for sed replace below +replace="$(echo "${replace//$'\n'/\\n}" | sed "s/\//\\\\\//g")" + +sed -i "s/ name: mutating-webhook-configuration/$replace/g; + s/ name: validating-webhook-configuration/$replace/g; + s/name: webhook-service/name: virt-controller/g; + s/namespace: system/namespace: {{ .Release.Namespace }}/g" "$dir"/virt-controller/manifests.yaml + go generate ./... From 6adad98359937dd792dc0fe91abd471226948637 Mon Sep 17 00:00:00 2001 From: weixiao-huang Date: Fri, 2 Sep 2022 11:54:59 +0800 Subject: [PATCH 11/14] fix: virt-daemon typo and add createNamespace --- deploy/helm/virtink/templates/virt-controller/service.yaml | 6 +++--- skaffold.yaml | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/deploy/helm/virtink/templates/virt-controller/service.yaml b/deploy/helm/virtink/templates/virt-controller/service.yaml index 20cd6aa..6d869e6 100644 --- a/deploy/helm/virtink/templates/virt-controller/service.yaml +++ b/deploy/helm/virtink/templates/virt-controller/service.yaml @@ -1,14 +1,14 @@ apiVersion: v1 kind: Service metadata: - name: virt-daemon + name: virt-controller labels: {{- include "virtink.labels" . | nindent 4 }} - app.kubernetes.io/component: virt-daemon + app.kubernetes.io/component: virt-controller spec: selector: {{- include "virtink.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: virt-daemon + app.kubernetes.io/component: virt-controller ports: - port: 443 targetPort: 9443 diff --git a/skaffold.yaml b/skaffold.yaml index 9a42a8a..7154122 100644 --- a/skaffold.yaml +++ b/skaffold.yaml @@ -23,6 +23,7 @@ deploy: releases: - name: virtink namespace: virtink-system + createNamespace: true chartPath: ./deploy/helm/virtink artifactOverrides: virtController.image: virt-controller From 1089ba9788b9988f667daad58f3a705249e8bb74 Mon Sep 17 00:00:00 2001 From: weixiao-huang Date: Fri, 2 Sep 2022 12:07:03 +0800 Subject: [PATCH 12/14] fix: add namespace in all namespace-scoped templates --- deploy/helm/virtink/templates/virt-controller/cert.yaml | 2 ++ deploy/helm/virtink/templates/virt-controller/deployment.yaml | 1 + deploy/helm/virtink/templates/virt-controller/rbac.yaml | 1 + deploy/helm/virtink/templates/virt-controller/service.yaml | 1 + deploy/helm/virtink/templates/virt-daemon/cert.yaml | 2 ++ deploy/helm/virtink/templates/virt-daemon/daemonset.yaml | 1 + deploy/helm/virtink/templates/virt-daemon/rbac.yaml | 1 + 7 files changed, 9 insertions(+) diff --git a/deploy/helm/virtink/templates/virt-controller/cert.yaml b/deploy/helm/virtink/templates/virt-controller/cert.yaml index 56749d2..c9d79ef 100644 --- a/deploy/helm/virtink/templates/virt-controller/cert.yaml +++ b/deploy/helm/virtink/templates/virt-controller/cert.yaml @@ -2,6 +2,7 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: virt-controller-cert + namespace: {{ .Release.Namespace }} spec: issuerRef: kind: Issuer @@ -15,5 +16,6 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: virt-controller-cert-issuer + namespace: {{ .Release.Namespace }} spec: selfSigned: {} diff --git a/deploy/helm/virtink/templates/virt-controller/deployment.yaml b/deploy/helm/virtink/templates/virt-controller/deployment.yaml index f8cd6cf..ffe092e 100644 --- a/deploy/helm/virtink/templates/virt-controller/deployment.yaml +++ b/deploy/helm/virtink/templates/virt-controller/deployment.yaml @@ -4,6 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: virt-controller + namespace: {{ .Release.Namespace }} labels: {{- include "virtink.labels" . | nindent 4 }} app.kubernetes.io/component: virt-controller diff --git a/deploy/helm/virtink/templates/virt-controller/rbac.yaml b/deploy/helm/virtink/templates/virt-controller/rbac.yaml index d0bdf34..ed579f2 100644 --- a/deploy/helm/virtink/templates/virt-controller/rbac.yaml +++ b/deploy/helm/virtink/templates/virt-controller/rbac.yaml @@ -15,3 +15,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: virt-controller + namespace: {{ .Release.Namespace }} diff --git a/deploy/helm/virtink/templates/virt-controller/service.yaml b/deploy/helm/virtink/templates/virt-controller/service.yaml index 6d869e6..e5a9f35 100644 --- a/deploy/helm/virtink/templates/virt-controller/service.yaml +++ b/deploy/helm/virtink/templates/virt-controller/service.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: virt-controller + namespace: {{ .Release.Namespace }} labels: {{- include "virtink.labels" . | nindent 4 }} app.kubernetes.io/component: virt-controller diff --git a/deploy/helm/virtink/templates/virt-daemon/cert.yaml b/deploy/helm/virtink/templates/virt-daemon/cert.yaml index b09ca95..b35e1d0 100644 --- a/deploy/helm/virtink/templates/virt-daemon/cert.yaml +++ b/deploy/helm/virtink/templates/virt-daemon/cert.yaml @@ -2,6 +2,7 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: virt-daemon-cert + namespace: {{ .Release.Namespace }} spec: issuerRef: kind: Issuer @@ -15,5 +16,6 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: virt-daemon-cert-issuer + namespace: {{ .Release.Namespace }} spec: selfSigned: {} diff --git a/deploy/helm/virtink/templates/virt-daemon/daemonset.yaml b/deploy/helm/virtink/templates/virt-daemon/daemonset.yaml index 0d6a34e..301afac 100644 --- a/deploy/helm/virtink/templates/virt-daemon/daemonset.yaml +++ b/deploy/helm/virtink/templates/virt-daemon/daemonset.yaml @@ -4,6 +4,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: virt-daemon + namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/component: virt-daemon spec: diff --git a/deploy/helm/virtink/templates/virt-daemon/rbac.yaml b/deploy/helm/virtink/templates/virt-daemon/rbac.yaml index bf7c050..fc496df 100644 --- a/deploy/helm/virtink/templates/virt-daemon/rbac.yaml +++ b/deploy/helm/virtink/templates/virt-daemon/rbac.yaml @@ -15,3 +15,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: virt-daemon + namespace: {{ .Release.Namespace }} From dc19360b1f6ed9c4af292d5190f13d7d26d4355d Mon Sep 17 00:00:00 2001 From: weixiao-huang Date: Fri, 2 Sep 2022 23:30:52 +0800 Subject: [PATCH 13/14] feat: add PRERUNNER_IMAGE --- deploy/helm/virtink/templates/virt-controller/deployment.yaml | 4 ++++ deploy/helm/virtink/values.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/deploy/helm/virtink/templates/virt-controller/deployment.yaml b/deploy/helm/virtink/templates/virt-controller/deployment.yaml index ffe092e..50f84a8 100644 --- a/deploy/helm/virtink/templates/virt-controller/deployment.yaml +++ b/deploy/helm/virtink/templates/virt-controller/deployment.yaml @@ -1,5 +1,6 @@ {{- $service := .Values.virtController }} {{- $image := merge $service.image .Values.image }} +{{- $prerunnerImage := merge .Values.virtPrerunner.image .Values.image }} apiVersion: apps/v1 kind: Deployment metadata: @@ -28,6 +29,9 @@ spec: - name: virt-controller image: {{ include "virtink.image" $image }} imagePullPolicy: {{ $image.pullPolicy }} + env: + - name: PRERUNNER_IMAGE + value: {{ include "virtink.image" $prerunnerImage }} args: - --zap-time-encoding=iso8601 - --leader-elect diff --git a/deploy/helm/virtink/values.yaml b/deploy/helm/virtink/values.yaml index 43c1c1a..e1de9fd 100644 --- a/deploy/helm/virtink/values.yaml +++ b/deploy/helm/virtink/values.yaml @@ -23,6 +23,10 @@ virtController: image: repository: smartxworks/virt-controller +virtPrerunner: + image: + repository: smartxworks/virt-prerunner + virtDaemon: nodeSelector: {} tolerations: [] From fd306d6ca58d01b0ab68528b88d07b67bf3ca23e Mon Sep 17 00:00:00 2001 From: weixiao-huang Date: Sat, 3 Sep 2022 18:29:01 +0800 Subject: [PATCH 14/14] feat: use kustomize to generate manifests.yaml --- .../templates/virt-controller/manifests.yaml | 17 ++-- hack/Dockerfile | 1 + hack/generate.sh | 16 +--- hack/webhook/kustomization.yaml | 19 +++++ hack/webhook/manifests-patch.yaml | 30 ++++++++ hack/webhook/manifests.yaml | 77 +++++++++++++++++++ 6 files changed, 137 insertions(+), 23 deletions(-) create mode 100644 hack/webhook/kustomization.yaml create mode 100644 hack/webhook/manifests-patch.yaml create mode 100644 hack/webhook/manifests.yaml diff --git a/deploy/helm/virtink/templates/virt-controller/manifests.yaml b/deploy/helm/virtink/templates/virt-controller/manifests.yaml index 78c7a2e..3fb8a37 100644 --- a/deploy/helm/virtink/templates/virt-controller/manifests.yaml +++ b/deploy/helm/virtink/templates/virt-controller/manifests.yaml @@ -1,11 +1,9 @@ ---- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: - creationTimestamp: null - name: virt-controller annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/virt-controller-cert + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/virt-controller-cert' + name: virtink-mutating-webhook-configuration webhooks: - admissionReviewVersions: - v1 @@ -13,7 +11,7 @@ webhooks: clientConfig: service: name: virt-controller - namespace: {{ .Release.Namespace }} + namespace: '{{ .Release.Namespace }}' path: /mutate-v1alpha1-virtualmachine failurePolicy: Fail name: mutate.virtualmachine.v1alpha1.virt.virtink.smartx.com @@ -32,10 +30,9 @@ webhooks: apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: - creationTimestamp: null - name: virt-controller annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/virt-controller-cert + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/virt-controller-cert' + name: virtink-validating-webhook-configuration webhooks: - admissionReviewVersions: - v1 @@ -43,7 +40,7 @@ webhooks: clientConfig: service: name: virt-controller - namespace: {{ .Release.Namespace }} + namespace: '{{ .Release.Namespace }}' path: /validate-v1alpha1-virtualmachine failurePolicy: Fail name: validate.virtualmachine.v1alpha1.virt.virtink.smartx.com @@ -64,7 +61,7 @@ webhooks: clientConfig: service: name: virt-controller - namespace: {{ .Release.Namespace }} + namespace: '{{ .Release.Namespace }}' path: /validate-v1alpha1-virtualmachinemigration failurePolicy: Fail name: validate.virtualmachinemigration.v1alpha1.virt.virtink.smartx.com diff --git a/hack/Dockerfile b/hack/Dockerfile index ad48d91..d612a13 100644 --- a/hack/Dockerfile +++ b/hack/Dockerfile @@ -8,3 +8,4 @@ COPY go.sum go.sum RUN git clone --branch=v0.24.1 --depth=1 https://github.com/kubernetes/code-generator.git $GOPATH/src/k8s.io/code-generator RUN go install sigs.k8s.io/controller-tools/cmd/controller-gen RUN go install github.com/golang/mock/mockgen +RUN go install sigs.k8s.io/kustomize/kustomize/v4@latest diff --git a/hack/generate.sh b/hack/generate.sh index 8b0075d..501c676 100755 --- a/hack/generate.sh +++ b/hack/generate.sh @@ -10,25 +10,15 @@ bash "$GOPATH"/src/k8s.io/code-generator/generate-groups.sh "deepcopy,client,inf --go-header-file ./hack/boilerplate.go.txt dir="deploy/helm/virtink/templates" +webhook_dir="hack/webhook" controller-gen paths=./pkg/apis/... crd output:crd:artifacts:config=deploy/crd controller-gen paths=./cmd/virt-controller/... paths=./pkg/controller/... rbac:roleName=virt-controller \ output:rbac:artifacts:config="$dir"/virt-controller \ - webhook output:webhook:artifacts:config="$dir"/virt-controller + webhook output:webhook:artifacts:config="$webhook_dir" controller-gen paths=./cmd/virt-daemon/... paths=./pkg/daemon/... rbac:roleName=virt-daemon \ output:rbac:artifacts:config="$dir"/virt-daemon -# TODO: should use a more elegant way for editing generated manifests.yaml -replace=" name: virt-controller - annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/virt-controller-cert" - -# Replace newlines with literal \n, replace \ -> \/ for sed replace below -replace="$(echo "${replace//$'\n'/\\n}" | sed "s/\//\\\\\//g")" - -sed -i "s/ name: mutating-webhook-configuration/$replace/g; - s/ name: validating-webhook-configuration/$replace/g; - s/name: webhook-service/name: virt-controller/g; - s/namespace: system/namespace: {{ .Release.Namespace }}/g" "$dir"/virt-controller/manifests.yaml +kustomize build "$webhook_dir" > "$dir"/virt-controller/manifests.yaml go generate ./... diff --git a/hack/webhook/kustomization.yaml b/hack/webhook/kustomization.yaml new file mode 100644 index 0000000..ddfd9d9 --- /dev/null +++ b/hack/webhook/kustomization.yaml @@ -0,0 +1,19 @@ +resources: + - manifests.yaml + +patchesStrategicMerge: + - manifests-patch.yaml + +patchesJson6902: + - target: + name: mutating-webhook-configuration + patch: |- + - op: replace + path: /metadata/name + value: virtink-mutating-webhook-configuration + - target: + name: validating-webhook-configuration + patch: |- + - op: replace + path: /metadata/name + value: virtink-validating-webhook-configuration diff --git a/hack/webhook/manifests-patch.yaml b/hack/webhook/manifests-patch.yaml new file mode 100644 index 0000000..7513784 --- /dev/null +++ b/hack/webhook/manifests-patch.yaml @@ -0,0 +1,30 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: mutating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/virt-controller-cert" +webhooks: + - name: mutate.virtualmachine.v1alpha1.virt.virtink.smartx.com + clientConfig: + service: + name: virt-controller + namespace: "{{ .Release.Namespace }}" +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/virt-controller-cert" +webhooks: + - name: validate.virtualmachine.v1alpha1.virt.virtink.smartx.com + clientConfig: + service: + name: virt-controller + namespace: "{{ .Release.Namespace }}" + - name: validate.virtualmachinemigration.v1alpha1.virt.virtink.smartx.com + clientConfig: + service: + name: virt-controller + namespace: "{{ .Release.Namespace }}" diff --git a/hack/webhook/manifests.yaml b/hack/webhook/manifests.yaml new file mode 100644 index 0000000..b320940 --- /dev/null +++ b/hack/webhook/manifests.yaml @@ -0,0 +1,77 @@ +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + creationTimestamp: null + name: mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-v1alpha1-virtualmachine + failurePolicy: Fail + name: mutate.virtualmachine.v1alpha1.virt.virtink.smartx.com + rules: + - apiGroups: + - virt.virtink.smartx.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + name: validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-v1alpha1-virtualmachine + failurePolicy: Fail + name: validate.virtualmachine.v1alpha1.virt.virtink.smartx.com + rules: + - apiGroups: + - virt.virtink.smartx.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - virtualmachines + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-v1alpha1-virtualmachinemigration + failurePolicy: Fail + name: validate.virtualmachinemigration.v1alpha1.virt.virtink.smartx.com + rules: + - apiGroups: + - virt.virtink.smartx.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - virtualmachinemigrations + sideEffects: None