-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #6 from maiqueb/add-installation-manifests
installer: provide an installation manifest
- Loading branch information
Showing
2 changed files
with
337 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,336 @@ | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Namespace | ||
| metadata: | ||
| labels: | ||
| app: ipam-virt-workloads | ||
| app.kubernetes.io/component: manager | ||
| app.kubernetes.io/created-by: kubevirt-ipam-claims | ||
| app.kubernetes.io/instance: system | ||
| app.kubernetes.io/managed-by: kustomize | ||
| app.kubernetes.io/name: namespace | ||
| app.kubernetes.io/part-of: kubevirt-ipam-claims | ||
| control-plane: controller-manager | ||
| name: kubevirt-ipam-claims-system | ||
| --- | ||
| apiVersion: v1 | ||
| kind: ServiceAccount | ||
| metadata: | ||
| labels: | ||
| app: ipam-virt-workloads | ||
| app.kubernetes.io/component: rbac | ||
| app.kubernetes.io/created-by: kubevirt-ipam-claims | ||
| app.kubernetes.io/instance: controller-manager-sa | ||
| app.kubernetes.io/managed-by: kustomize | ||
| app.kubernetes.io/name: serviceaccount | ||
| app.kubernetes.io/part-of: kubevirt-ipam-claims | ||
| name: kubevirt-ipam-claims-controller-manager | ||
| namespace: kubevirt-ipam-claims-system | ||
| --- | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| kind: Role | ||
| metadata: | ||
| labels: | ||
| app: ipam-virt-workloads | ||
| app.kubernetes.io/component: rbac | ||
| app.kubernetes.io/created-by: kubevirt-ipam-claims | ||
| app.kubernetes.io/instance: leader-election-role | ||
| app.kubernetes.io/managed-by: kustomize | ||
| app.kubernetes.io/name: role | ||
| app.kubernetes.io/part-of: kubevirt-ipam-claims | ||
| name: kubevirt-ipam-claims-leader-election-role | ||
| namespace: kubevirt-ipam-claims-system | ||
| rules: | ||
| - apiGroups: | ||
| - "" | ||
| resources: | ||
| - configmaps | ||
| verbs: | ||
| - get | ||
| - list | ||
| - watch | ||
| - create | ||
| - update | ||
| - patch | ||
| - delete | ||
| - apiGroups: | ||
| - coordination.k8s.io | ||
| resources: | ||
| - leases | ||
| verbs: | ||
| - get | ||
| - list | ||
| - watch | ||
| - create | ||
| - update | ||
| - patch | ||
| - delete | ||
| - apiGroups: | ||
| - "" | ||
| resources: | ||
| - events | ||
| verbs: | ||
| - create | ||
| - patch | ||
| --- | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| kind: ClusterRole | ||
| metadata: | ||
| labels: | ||
| app: ipam-virt-workloads | ||
| app.kubernetes.io/component: rbac | ||
| app.kubernetes.io/created-by: kubevirt-ipam-claims | ||
| app.kubernetes.io/instance: manager-role | ||
| app.kubernetes.io/managed-by: kustomize | ||
| app.kubernetes.io/name: clusterrole | ||
| app.kubernetes.io/part-of: kubevirt-ipam-claims | ||
| name: kubevirt-ipam-claims-manager-role | ||
| rules: | ||
| - apiGroups: | ||
| - "" | ||
| resources: | ||
| - pods | ||
| verbs: | ||
| - get | ||
| - list | ||
| - watch | ||
| - apiGroups: | ||
| - kubevirt.io | ||
| resources: | ||
| - virtualmachines | ||
| - virtualmachineinstances | ||
| verbs: | ||
| - get | ||
| - list | ||
| - watch | ||
| - apiGroups: | ||
| - k8s.cni.cncf.io | ||
| resources: | ||
| - ipamclaims | ||
| - network-attachment-definitions | ||
| verbs: | ||
| - get | ||
| - list | ||
| - watch | ||
| - apiGroups: | ||
| - k8s.cni.cncf.io | ||
| resources: | ||
| - ipamclaims | ||
| verbs: | ||
| - create | ||
| --- | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| kind: RoleBinding | ||
| metadata: | ||
| labels: | ||
| app: ipam-virt-workloads | ||
| app.kubernetes.io/component: rbac | ||
| app.kubernetes.io/created-by: kubevirt-ipam-claims | ||
| app.kubernetes.io/instance: leader-election-rolebinding | ||
| app.kubernetes.io/managed-by: kustomize | ||
| app.kubernetes.io/name: rolebinding | ||
| app.kubernetes.io/part-of: kubevirt-ipam-claims | ||
| name: kubevirt-ipam-claims-leader-election-rolebinding | ||
| namespace: kubevirt-ipam-claims-system | ||
| roleRef: | ||
| apiGroup: rbac.authorization.k8s.io | ||
| kind: Role | ||
| name: kubevirt-ipam-claims-leader-election-role | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: kubevirt-ipam-claims-controller-manager | ||
| namespace: kubevirt-ipam-claims-system | ||
| --- | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| kind: ClusterRoleBinding | ||
| metadata: | ||
| labels: | ||
| app: ipam-virt-workloads | ||
| app.kubernetes.io/component: rbac | ||
| app.kubernetes.io/created-by: kubevirt-ipam-claims | ||
| app.kubernetes.io/instance: manager-rolebinding | ||
| app.kubernetes.io/managed-by: kustomize | ||
| app.kubernetes.io/name: clusterrolebinding | ||
| app.kubernetes.io/part-of: kubevirt-ipam-claims | ||
| name: kubevirt-ipam-claims-manager-rolebinding | ||
| roleRef: | ||
| apiGroup: rbac.authorization.k8s.io | ||
| kind: ClusterRole | ||
| name: kubevirt-ipam-claims-manager-role | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: kubevirt-ipam-claims-controller-manager | ||
| namespace: kubevirt-ipam-claims-system | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| labels: | ||
| app: ipam-virt-workloads | ||
| app.kubernetes.io/component: webhook | ||
| app.kubernetes.io/created-by: kubevirt-ipam-claims | ||
| app.kubernetes.io/instance: webhook-service | ||
| app.kubernetes.io/managed-by: kustomize | ||
| app.kubernetes.io/name: service | ||
| app.kubernetes.io/part-of: kubevirt-ipam-claims | ||
| name: kubevirt-ipam-claims-webhook-service | ||
| namespace: kubevirt-ipam-claims-system | ||
| spec: | ||
| ports: | ||
| - port: 443 | ||
| protocol: TCP | ||
| targetPort: 9443 | ||
| selector: | ||
| app: ipam-virt-workloads | ||
| control-plane: controller-manager | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| labels: | ||
| app: ipam-virt-workloads | ||
| app.kubernetes.io/component: manager | ||
| app.kubernetes.io/created-by: kubevirt-ipam-claims | ||
| app.kubernetes.io/instance: controller-manager | ||
| app.kubernetes.io/managed-by: kustomize | ||
| app.kubernetes.io/name: deployment | ||
| app.kubernetes.io/part-of: kubevirt-ipam-claims | ||
| control-plane: controller-manager | ||
| name: kubevirt-ipam-claims-controller-manager | ||
| namespace: kubevirt-ipam-claims-system | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| app: ipam-virt-workloads | ||
| control-plane: controller-manager | ||
| template: | ||
| metadata: | ||
| annotations: | ||
| kubectl.kubernetes.io/default-container: manager | ||
| labels: | ||
| app: ipam-virt-workloads | ||
| control-plane: controller-manager | ||
| spec: | ||
| containers: | ||
| - args: | ||
| - --leader-elect | ||
| command: | ||
| - /manager | ||
| image: ghcr.io/maiqueb/kubevirt-ipam-claims:latest | ||
| livenessProbe: | ||
| httpGet: | ||
| path: /healthz | ||
| port: 8081 | ||
| initialDelaySeconds: 15 | ||
| periodSeconds: 20 | ||
| name: manager | ||
| ports: | ||
| - containerPort: 9443 | ||
| name: webhook-server | ||
| protocol: TCP | ||
| readinessProbe: | ||
| httpGet: | ||
| path: /readyz | ||
| port: 8081 | ||
| initialDelaySeconds: 5 | ||
| periodSeconds: 10 | ||
| resources: | ||
| limits: | ||
| cpu: 500m | ||
| memory: 128Mi | ||
| requests: | ||
| cpu: 10m | ||
| memory: 64Mi | ||
| securityContext: | ||
| allowPrivilegeEscalation: false | ||
| capabilities: | ||
| drop: | ||
| - ALL | ||
| volumeMounts: | ||
| - mountPath: /tmp/k8s-webhook-server/serving-certs | ||
| name: cert | ||
| readOnly: true | ||
| securityContext: | ||
| runAsNonRoot: true | ||
| serviceAccountName: kubevirt-ipam-claims-controller-manager | ||
| terminationGracePeriodSeconds: 10 | ||
| volumes: | ||
| - name: cert | ||
| secret: | ||
| defaultMode: 420 | ||
| secretName: webhook-server-cert | ||
| --- | ||
| apiVersion: cert-manager.io/v1 | ||
| kind: Certificate | ||
| metadata: | ||
| labels: | ||
| app: ipam-virt-workloads | ||
| app.kubernetes.io/component: certificate | ||
| app.kubernetes.io/created-by: kubevirt-ipam-claims | ||
| app.kubernetes.io/instance: serving-cert | ||
| app.kubernetes.io/managed-by: kustomize | ||
| app.kubernetes.io/name: certificate | ||
| app.kubernetes.io/part-of: kubevirt-ipam-claims | ||
| name: kubevirt-ipam-claims-serving-cert | ||
| namespace: kubevirt-ipam-claims-system | ||
| spec: | ||
| dnsNames: | ||
| - kubevirt-ipam-claims-webhook-service.kubevirt-ipam-claims-system.svc | ||
| - kubevirt-ipam-claims-webhook-service.kubevirt-ipam-claims-system.svc.cluster.local | ||
| issuerRef: | ||
| kind: Issuer | ||
| name: kubevirt-ipam-claims-selfsigned-issuer | ||
| secretName: webhook-server-cert | ||
| --- | ||
| apiVersion: cert-manager.io/v1 | ||
| kind: Issuer | ||
| metadata: | ||
| labels: | ||
| app: ipam-virt-workloads | ||
| app.kubernetes.io/component: certificate | ||
| app.kubernetes.io/created-by: kubevirt-ipam-claims | ||
| app.kubernetes.io/instance: serving-cert | ||
| app.kubernetes.io/managed-by: kustomize | ||
| app.kubernetes.io/name: certificate | ||
| app.kubernetes.io/part-of: kubevirt-ipam-claims | ||
| name: kubevirt-ipam-claims-selfsigned-issuer | ||
| namespace: kubevirt-ipam-claims-system | ||
| spec: | ||
| selfSigned: {} | ||
| --- | ||
| apiVersion: admissionregistration.k8s.io/v1 | ||
| kind: MutatingWebhookConfiguration | ||
| metadata: | ||
| annotations: | ||
| cert-manager.io/inject-ca-from: kubevirt-ipam-claims-system/kubevirt-ipam-claims-serving-cert | ||
| labels: | ||
| app: ipam-virt-workloads | ||
| app.kubernetes.io/component: webhook | ||
| app.kubernetes.io/created-by: kubevirt-ipam-claims | ||
| app.kubernetes.io/instance: mutating-webhook-configuration | ||
| app.kubernetes.io/managed-by: kustomize | ||
| app.kubernetes.io/name: mutatingwebhookconfiguration | ||
| app.kubernetes.io/part-of: kubevirt-ipam-claims | ||
| name: kubevirt-ipam-claims-mutating-webhook-configuration | ||
| webhooks: | ||
| - admissionReviewVersions: | ||
| - v1 | ||
| clientConfig: | ||
| service: | ||
| name: kubevirt-ipam-claims-webhook-service | ||
| namespace: kubevirt-ipam-claims-system | ||
| path: /mutate-v1-pod | ||
| failurePolicy: Fail | ||
| name: ipam-claims.k8s.cni.cncf.io | ||
| rules: | ||
| - apiGroups: | ||
| - "" | ||
| apiVersions: | ||
| - v1 | ||
| operations: | ||
| - CREATE | ||
| - UPDATE | ||
| resources: | ||
| - pods | ||
| sideEffects: None |