diff options
Diffstat (limited to 'kud/deployment_infra/helm/cdi-operator/templates')
8 files changed, 432 insertions, 0 deletions
diff --git a/kud/deployment_infra/helm/cdi-operator/templates/_helpers.tpl b/kud/deployment_infra/helm/cdi-operator/templates/_helpers.tpl new file mode 100644 index 00000000..ebb48a4d --- /dev/null +++ b/kud/deployment_infra/helm/cdi-operator/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "cdi-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cdi-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cdi-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "cdi-operator.labels" -}} +helm.sh/chart: {{ include "cdi-operator.chart" . }} +{{ include "cdi-operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "cdi-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cdi-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cdi-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "cdi-operator.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/kud/deployment_infra/helm/cdi-operator/templates/clusterrole.yaml b/kud/deployment_infra/helm/cdi-operator/templates/clusterrole.yaml new file mode 100644 index 00000000..3f813e58 --- /dev/null +++ b/kud/deployment_infra/helm/cdi-operator/templates/clusterrole.yaml @@ -0,0 +1,203 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cdi-operator-cluster + labels: + {{- include "cdi-operator.labels" . | nindent 4 }} + operator.cdi.kubevirt.io: "" +rules: +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - '*' +- apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - get + - list + - watch + - update + - create +- apiGroups: + - "" + resources: + - pods + - services + verbs: + - get + - list + - watch + - delete +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - cdi.kubevirt.io + - upload.cdi.kubevirt.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - '*' +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get +- apiGroups: + - cdi.kubevirt.io + resources: + - datavolumes + verbs: + - list + - get +- apiGroups: + - cdi.kubevirt.io + resources: + - cdis + verbs: + - get +- apiGroups: + - cdi.kubevirt.io + resources: + - cdis/finalizers + verbs: + - '*' +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - volumesnapshots + verbs: + - get + - list + - watch + - create + - update + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims/finalizers + - pods/finalizers + - volumesnapshots/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - pods + - services + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - get + - list + - watch +- apiGroups: + - config.openshift.io + resources: + - proxies + verbs: + - get + - list + - watch +- apiGroups: + - cdi.kubevirt.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - snapshot.storage.k8s.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get diff --git a/kud/deployment_infra/helm/cdi-operator/templates/clusterrolebinding.yaml b/kud/deployment_infra/helm/cdi-operator/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..9f6b1c37 --- /dev/null +++ b/kud/deployment_infra/helm/cdi-operator/templates/clusterrolebinding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cdi-operator + labels: + {{- include "cdi-operator.labels" . | nindent 4 }} + operator.cdi.kubevirt.io: "" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cdi-operator-cluster +subjects: +- kind: ServiceAccount + name: {{ include "cdi-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/kud/deployment_infra/helm/cdi-operator/templates/configmap.yaml b/kud/deployment_infra/helm/cdi-operator/templates/configmap.yaml new file mode 100644 index 00000000..b04c3c9a --- /dev/null +++ b/kud/deployment_infra/helm/cdi-operator/templates/configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cdi-operator-leader-election-helper + labels: + {{- include "cdi-operator.labels" . | nindent 4 }} + operator.cdi.kubevirt.io: "" diff --git a/kud/deployment_infra/helm/cdi-operator/templates/deployment.yaml b/kud/deployment_infra/helm/cdi-operator/templates/deployment.yaml new file mode 100644 index 00000000..3010d6e7 --- /dev/null +++ b/kud/deployment_infra/helm/cdi-operator/templates/deployment.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "cdi-operator.fullname" . }} + labels: + {{- include "cdi-operator.labels" . | nindent 4 }} + operator.cdi.kubevirt.io: "" +spec: + replicas: 1 + selector: + matchLabels: + {{- include "cdi-operator.selectorLabels" . | nindent 6 }} + operator.cdi.kubevirt.io: "" + strategy: {} + template: + metadata: + labels: + {{- include "cdi-operator.selectorLabels" . | nindent 8 }} + operator.cdi.kubevirt.io: "" + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "cdi-operator.serviceAccountName" . }} + containers: + - name: cdi-operator + image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: DEPLOY_CLUSTER_RESOURCES + value: "true" + - name: OPERATOR_VERSION + value: {{ .Values.image.tag | default .Chart.AppVersion }} + - name: CONTROLLER_IMAGE + value: {{ .Values.controllerImage.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} + - name: IMPORTER_IMAGE + value: {{ .Values.importerImage.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} + - name: CLONER_IMAGE + value: {{ .Values.clonerImage.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} + - name: APISERVER_IMAGE + value: {{ .Values.apiserverImage.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} + - name: UPLOAD_SERVER_IMAGE + value: {{ .Values.uploadServerImage.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} + - name: UPLOAD_PROXY_IMAGE + value: {{ .Values.uploadProxyImage.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} + - name: VERBOSITY + value: "1" + - name: PULL_POLICY + value: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 60000 + name: metrics + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 10 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + securityContext: + {{- toYaml .Values.securityContext | nindent 8 }} diff --git a/kud/deployment_infra/helm/cdi-operator/templates/role.yaml b/kud/deployment_infra/helm/cdi-operator/templates/role.yaml new file mode 100644 index 00000000..6dc2cafb --- /dev/null +++ b/kud/deployment_infra/helm/cdi-operator/templates/role.yaml @@ -0,0 +1,47 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: cdi-operator + labels: + {{- include "cdi-operator.labels" . | nindent 4 }} + cdi.kubevirt.io: "" +rules: +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - '*' +- apiGroups: + - "" + resources: + - serviceaccounts + - configmaps + - events + - secrets + - services + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + verbs: + - '*' +- apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - '*' +- apiGroups: + - config.openshift.io + resources: + - proxies + verbs: + - get + - list + - watch diff --git a/kud/deployment_infra/helm/cdi-operator/templates/rolebinding.yaml b/kud/deployment_infra/helm/cdi-operator/templates/rolebinding.yaml new file mode 100644 index 00000000..51122838 --- /dev/null +++ b/kud/deployment_infra/helm/cdi-operator/templates/rolebinding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cdi-operator + labels: + {{- include "cdi-operator.labels" . | nindent 4 }} + cdi.kubevirt.io: "" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cdi-operator +subjects: +- kind: ServiceAccount + name: {{ include "cdi-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/kud/deployment_infra/helm/cdi-operator/templates/serviceaccount.yaml b/kud/deployment_infra/helm/cdi-operator/templates/serviceaccount.yaml new file mode 100644 index 00000000..bb328dd6 --- /dev/null +++ b/kud/deployment_infra/helm/cdi-operator/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "cdi-operator.serviceAccountName" . }} + labels: + {{- include "cdi-operator.labels" . | nindent 4 }} + operator.cdi.kubevirt.io: "" + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + |