feat(deploy): Add Helm chart

deploy/helm/virtink/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

deploy/helm/virtink/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: virtink
+description: A helm chart for installing virtink
+type: application
+version: 0.10.0
+appVersion: "1.16.0"

deploy/helm/virtink/crds

@@ -0,0 +1 @@
+../../crd

deploy/helm/virtink/templates/_helpers.tpl

@@ -0,0 +1,71 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "virtink.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "virtink.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "virtink.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "virtink.labels" -}}
+helm.sh/chart: {{ include "virtink.chart" . }}
+{{ include "virtink.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "virtink.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "virtink.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{- define "virtink.image" -}}
+{{- $registryName := .registry -}}
+{{- $repositoryName := .repository -}}
+{{- $tag := .tag | toString -}}
+{{- $digest := .digest | toString -}}
+{{- if $digest }}
+  {{- if $registryName }}
+    {{- printf "%s/%s@%s" $registryName $repositoryName $digest -}}
+  {{- else -}}
+    {{- printf "%s@%s" $repositoryName $digest -}}
+  {{- end -}}
+{{- else -}}
+  {{- if $registryName }}
+    {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+  {{- else -}}
+    {{- printf "%s:%s" $repositoryName $tag -}}
+  {{- end -}}
+{{- end -}}
+{{- end -}}

deploy/helm/virtink/templates/virt-controller/cert.yaml

@@ -0,0 +1,20 @@
+{{- $service := .Values.virtController }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ $service.name }}-cert
+spec:
+  issuerRef:
+    kind: Issuer
+    name: {{ $service.name }}-cert-issuer
+  dnsNames:
+    - {{ $service.name }}.{{ .Release.Namespace }}.svc
+    - {{ $service.name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
+  secretName: {{ $service.name }}-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ $service.name }}-cert-issuer
+spec:
+  selfSigned: {}

deploy/helm/virtink/templates/virt-controller/deployment.yaml

@@ -0,0 +1,59 @@
+{{- $service := .Values.virtController }}
+{{- $image := merge $service.image .Values.image }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ $service.name }}
+  labels:
+    {{- include "virtink.labels" . | nindent 4 }}
+    app.kubernetes.io/component: {{ $service.name }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "virtink.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: {{ $service.name }}
+  template:
+    metadata:
+      {{- with $service.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "virtink.selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: {{ $service.name }}
+    spec:
+      serviceAccountName: {{ $service.name }}
+      securityContext:
+        {{- toYaml $service.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ $service.name }}
+          image: {{ include "virtink.image" $image }}
+          imagePullPolicy: {{ $image.pullPolicy }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          args:
+            - --zap-time-encoding=iso8601
+            - --leader-elect
+          volumeMounts:
+            - name: cert
+              mountPath: /tmp/k8s-webhook-server/serving-certs
+              readOnly: true
+          resources:
+            {{- toYaml .Values.virtController.resources | nindent 12 }}
+      volumes:
+        - name: cert
+          secret:
+            secretName: {{ $service.name }}-cert
+            defaultMode: 0644
+      {{- with .Values.virtController.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.virtController.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.virtController.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

deploy/virt-controller/manifests.yaml → deploy/helm/virtink/templates/virt-controller/manifests.yaml

@@ -1,17 +1,17 @@
----
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
-  creationTimestamp: null
-  name: mutating-webhook-configuration
+  name: {{ include "virtink.fullname" . }}
+  annotations:
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.virtController.name }}-cert
 webhooks:
 - admissionReviewVersions:
   - v1
   - v1beta1
   clientConfig:
     service:
-      name: webhook-service
-      namespace: system
+      name: {{ .Values.virtController.name }}
+      namespace: {{ .Release.Namespace }}
       path: /mutate-v1alpha1-virtualmachine
   failurePolicy: Fail
   name: mutate.virtualmachine.v1alpha1.virt.virtink.smartx.com
@@ -30,16 +30,17 @@ webhooks:
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
-  creationTimestamp: null
-  name: validating-webhook-configuration
+  name: {{ include "virtink.fullname" . }}
+  annotations:
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.virtController.name }}-cert
 webhooks:
 - admissionReviewVersions:
   - v1
   - v1beta1
   clientConfig:
     service:
-      name: webhook-service
-      namespace: system
+      name: {{ .Values.virtController.name }}
+      namespace: {{ .Release.Namespace }}
       path: /validate-v1alpha1-virtualmachine
   failurePolicy: Fail
   name: validate.virtualmachine.v1alpha1.virt.virtink.smartx.com
@@ -55,23 +56,23 @@ webhooks:
     - virtualmachines
   sideEffects: None
 - admissionReviewVersions:
-  - v1
-  - v1beta1
+    - v1
+    - v1beta1
   clientConfig:
     service:
-      name: webhook-service
-      namespace: system
+      name: {{ .Values.virtController.name }}
+      namespace: {{ .Release.Namespace }}
       path: /validate-v1alpha1-virtualmachinemigration
   failurePolicy: Fail
   name: validate.virtualmachinemigration.v1alpha1.virt.virtink.smartx.com
   rules:
-  - apiGroups:
-    - virt.virtink.smartx.com
-    apiVersions:
-    - v1alpha1
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - virtualmachinemigrations
-  sideEffects: None
+    - apiGroups:
+        - virt.virtink.smartx.com
+      apiVersions:
+        - v1alpha1
+      operations:
+        - CREATE
+        - UPDATE
+      resources:
+        - virtualmachinemigrations
+  sideEffects: None

deploy/virt-controller/role.yaml → deploy/helm/virtink/templates/virt-controller/rbac.yaml

@@ -1,9 +1,8 @@
----
+{{- $service := .Values.virtController }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  creationTimestamp: null
-  name: virt-controller
+  name: {{ $service.name }}
 rules:
 - apiGroups:
   - ""
@@ -115,3 +114,21 @@ rules:
   - get
   - patch
   - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ $service.name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ $service.name }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ $service.name }}
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ $service.name }}

deploy/helm/virtink/templates/virt-controller/service.yaml

@@ -0,0 +1,15 @@
+{{- $service := .Values.virtDaemon }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ $service.name }}
+  labels:
+    {{- include "virtink.labels" . | nindent 4 }}
+    app.kubernetes.io/component: {{ $service.name }}
+spec:
+  selector:
+    {{- include "virtink.selectorLabels" . | nindent 4 }}
+    app.kubernetes.io/component: {{ $service.name }}
+  ports:
+    - port: 443
+      targetPort: 9443

deploy/helm/virtink/templates/virt-daemon/cert.yaml

@@ -0,0 +1,20 @@
+{{- $service := .Values.virtDaemon }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ $service.name }}-cert
+spec:
+  issuerRef:
+    kind: Issuer
+    name: {{ $service.name }}-cert-issuer
+  dnsNames:
+    - {{ $service.name }}.{{ .Release.Namespace }}.svc
+    - {{ $service.name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
+  secretName: {{ $service.name }}-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ $service.name }}-cert-issuer
+spec:
+  selfSigned: {}

deploy/virt-daemon/daemonset.yaml → deploy/helm/virtink/templates/virt-daemon/daemonset.yaml

@@ -1,21 +1,35 @@
+{{- $service := .Values.virtDaemon }}
+{{- $image := merge $service.image .Values.image }}
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
-  name: virt-daemon
-  namespace: virtink-system
+  name: {{ $service.name }}
+  labels:
+    app.kubernetes.io/component: {{ $service.name }}
 spec:
   selector:
     matchLabels:
-      name: virt-daemon
+      {{- include "virtink.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: {{ $service.name }}
   template:
     metadata:
+      {{- with $service.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       labels:
-        name: virt-daemon
+        {{- include "virtink.selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: {{ $service.name }}
     spec:
-      serviceAccountName: virt-daemon
+      serviceAccountName: {{ $service.name }}
+      securityContext:
+        {{- toYaml $service.podSecurityContext | nindent 8 }}
       containers:
-        - name: virt-daemon
-          image: virt-daemon
+        - name: {{ $service.name }}
+          image: {{ include "virtink.image" $image }}
+          imagePullPolicy: {{ $image.pullPolicy }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
           env:
             - name: NODE_NAME
               valueFrom: