feat(deploy): Add Helm chart

deploy/helm/virtink/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

deploy/helm/virtink/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: virtink
+description: A helm chart for installing virtink
+type: application
+version: 0.10.0
+appVersion: "v0.10.0"

deploy/helm/virtink/crds

@@ -0,0 +1 @@
+../../crd

deploy/helm/virtink/templates/_helpers.tpl

@@ -0,0 +1,71 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "virtink.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "virtink.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "virtink.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "virtink.labels" -}}
+helm.sh/chart: {{ include "virtink.chart" . }}
+{{ include "virtink.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "virtink.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "virtink.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{- define "virtink.image" -}}
+{{- $registryName := .registry -}}
+{{- $repositoryName := .repository -}}
+{{- $tag := .tag | toString -}}
+{{- $digest := .digest | toString -}}
+{{- if $digest }}
+  {{- if $registryName }}
+    {{- printf "%s/%s@%s" $registryName $repositoryName $digest -}}
+  {{- else -}}
+    {{- printf "%s@%s" $repositoryName $digest -}}
+  {{- end -}}
+{{- else -}}
+  {{- if $registryName }}
+    {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+  {{- else -}}
+    {{- printf "%s:%s" $repositoryName $tag -}}
+  {{- end -}}
+{{- end -}}
+{{- end -}}

deploy/helm/virtink/templates/virt-controller/cert.yaml

@@ -0,0 +1,21 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: virt-controller-cert
+  namespace: {{ .Release.Namespace }}
+spec:
+  issuerRef:
+    kind: Issuer
+    name: virt-controller-cert-issuer
+  dnsNames:
+    - virt-controller.{{ .Release.Namespace }}.svc
+    - virt-controller.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
+  secretName: virt-controller-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: virt-controller-cert-issuer
+  namespace: {{ .Release.Namespace }}
+spec:
+  selfSigned: {}

deploy/helm/virtink/templates/virt-controller/deployment.yaml

@@ -0,0 +1,60 @@
+{{- $service := .Values.virtController }}
+{{- $image := merge $service.image .Values.image }}
+{{- $prerunnerImage := merge .Values.virtPrerunner.image .Values.image }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: virt-controller
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "virtink.labels" . | nindent 4 }}
+    app.kubernetes.io/component: virt-controller
+spec:
+  selector:
+    matchLabels:
+      {{- include "virtink.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: virt-controller
+  template:
+    metadata:
+      {{- with $service.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "virtink.selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: virt-controller
+    spec:
+      serviceAccountName: virt-controller
+      containers:
+        - name: virt-controller
+          image: {{ include "virtink.image" $image }}
+          imagePullPolicy: {{ $image.pullPolicy }}
+          env:
+            - name: PRERUNNER_IMAGE
+              value: {{ include "virtink.image" $prerunnerImage }}
+          args:
+            - --zap-time-encoding=iso8601
+            - --leader-elect
+          volumeMounts:
+            - name: cert
+              mountPath: /tmp/k8s-webhook-server/serving-certs
+              readOnly: true
+          resources:
+            {{- toYaml .Values.virtController.resources | nindent 12 }}
+      volumes:
+        - name: cert
+          secret:
+            secretName: virt-controller-cert
+            defaultMode: 0644
+      {{- with .Values.virtController.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.virtController.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.virtController.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

deploy/helm/virtink/templates/virt-controller/manifests.yaml

@@ -0,0 +1,78 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/virt-controller-cert'
+  name: virtink-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: virt-controller
+      namespace: '{{ .Release.Namespace }}'
+      path: /mutate-v1alpha1-virtualmachine
+  failurePolicy: Fail
+  name: mutate.virtualmachine.v1alpha1.virt.virtink.smartx.com
+  rules:
+  - apiGroups:
+    - virt.virtink.smartx.com
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - virtualmachines
+  sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/virt-controller-cert'
+  name: virtink-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: virt-controller
+      namespace: '{{ .Release.Namespace }}'
+      path: /validate-v1alpha1-virtualmachine
+  failurePolicy: Fail
+  name: validate.virtualmachine.v1alpha1.virt.virtink.smartx.com
+  rules:
+  - apiGroups:
+    - virt.virtink.smartx.com
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - virtualmachines
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: virt-controller
+      namespace: '{{ .Release.Namespace }}'
+      path: /validate-v1alpha1-virtualmachinemigration
+  failurePolicy: Fail
+  name: validate.virtualmachinemigration.v1alpha1.virt.virtink.smartx.com
+  rules:
+  - apiGroups:
+    - virt.virtink.smartx.com
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - virtualmachinemigrations
+  sideEffects: None

deploy/virt-controller/rolebinding.yaml → deploy/helm/virtink/templates/virt-controller/rbac.yaml

@@ -9,4 +9,10 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: virt-controller
-    namespace: virtink-system
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: virt-controller
+  namespace: {{ .Release.Namespace }}

deploy/helm/virtink/templates/virt-controller/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: virt-controller
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "virtink.labels" . | nindent 4 }}
+    app.kubernetes.io/component: virt-controller
+spec:
+  selector:
+    {{- include "virtink.selectorLabels" . | nindent 4 }}
+    app.kubernetes.io/component: virt-controller
+  ports:
+    - port: 443
+      targetPort: 9443

deploy/helm/virtink/templates/virt-daemon/cert.yaml

@@ -0,0 +1,21 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: virt-daemon-cert
+  namespace: {{ .Release.Namespace }}
+spec:
+  issuerRef:
+    kind: Issuer
+    name: virt-daemon-cert-issuer
+  dnsNames:
+    - virt-daemon.{{ .Release.Namespace }}.svc
+    - virt-daemon.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
+  secretName: virt-daemon-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: virt-daemon-cert-issuer
+  namespace: {{ .Release.Namespace }}
+spec:
+  selfSigned: {}

deploy/virt-daemon/daemonset.yaml → deploy/helm/virtink/templates/virt-daemon/daemonset.yaml

@@ -1,21 +1,32 @@
+{{- $service := .Values.virtDaemon }}
+{{- $image := merge $service.image .Values.image }}
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: virt-daemon
-  namespace: virtink-system
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/component: virt-daemon
 spec:
   selector:
     matchLabels:
-      name: virt-daemon
+      {{- include "virtink.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: virt-daemon
   template:
     metadata:
+      {{- with $service.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       labels:
-        name: virt-daemon
+        {{- include "virtink.selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: virt-daemon
     spec:
       serviceAccountName: virt-daemon
       containers:
         - name: virt-daemon
-          image: virt-daemon
+          image: {{ include "virtink.image" $image }}
+          imagePullPolicy: {{ $image.pullPolicy }}
           env:
             - name: NODE_NAME
               valueFrom:

deploy/virt-daemon/rolebinding.yaml → deploy/helm/virtink/templates/virt-daemon/rbac.yaml

@@ -9,4 +9,10 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: virt-daemon
-    namespace: virtink-system
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: virt-daemon
+  namespace: {{ .Release.Namespace }}