type: object
metaData:
description: MetaData holds the reference to the Secret containing
- host metadata (e.g. meta_data.json which is passed to Config Drive).
+ host metadata (e.g. meta_data.json) which is passed to the Config
+ Drive.
properties:
name:
description: Name is unique within a namespace to reference a
type: object
networkData:
description: NetworkData holds the reference to the Secret containing
- network configuration (e.g content of network_data.json which is
- passed to Config Drive).
+ network configuration (e.g content of network_data.json) which is
+ passed to the Config Drive.
properties:
name:
description: Name is unique within a namespace to reference a
online:
description: Should the server be online?
type: boolean
+ preprovisioningNetworkDataName:
+ description: PreprovisioningNetworkDataName is the name of the Secret
+ in the local namespace containing network configuration (e.g content
+ of network_data.json) which is passed to the preprovisioning image,
+ and to the Config Drive if not overridden by specifying NetworkData.
+ type: string
raid:
description: RAID configuration for bare metal server
properties:
--- /dev/null
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: bmceventsubscriptions.metal3.io
+spec:
+ group: metal3.io
+ names:
+ kind: BMCEventSubscription
+ listKind: BMCEventSubscriptionList
+ plural: bmceventsubscriptions
+ shortNames:
+ - bes
+ - bmcevent
+ singular: bmceventsubscription
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The most recent error message
+ jsonPath: .status.error
+ name: Error
+ type: string
+ - description: Time duration since creation of BMCEventSubscription
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: BMCEventSubscription is the Schema for the fast eventing API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ context:
+ description: Arbitrary user-provided context for the event
+ type: string
+ destination:
+ description: A webhook URL to send events to
+ type: string
+ hostName:
+ description: A reference to a BareMetalHost
+ type: string
+ httpHeadersRef:
+ description: A secret containing HTTP headers which should be passed
+ along to the Destination when making a request
+ properties:
+ name:
+ description: Name is unique within a namespace to reference a
+ secret resource.
+ type: string
+ namespace:
+ description: Namespace defines the space within which the secret
+ name must be unique.
+ type: string
+ type: object
+ type: object
+ status:
+ properties:
+ error:
+ type: string
+ subscriptionID:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
read_only:
description: Whether or not this setting is read only.
type: boolean
- reset_required:
- description: Whether or not a reset is required after changing
- this setting.
- type: boolean
unique:
description: Whether or not this setting's value is unique to
this node, e.g. a serial number.
kind: HostFirmwareSettings
listKind: HostFirmwareSettingsList
plural: hostfirmwaresettings
+ shortNames:
+ - hfs
singular: hostfirmwaresettings
scope: Namespaced
versions:
- type: string
x-kubernetes-int-or-string: true
description: Settings are the desired firmware settings stored as
- name/value pairs. This will be populated with the actual firmware
- settings and only contain the settings that can be modified (i.e.
- not ReadOnly), to facilitate making changes.
+ name/value pairs.
type: object
required:
- settings
description: HostFirmwareSettingsStatus defines the observed state of
HostFirmwareSettings
properties:
+ conditions:
+ description: Track whether settings stored in the spec are valid based
+ on the schema
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
+ \ // +patchStrategy=merge // +listType=map // +listMapKey=type
+ \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
+ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
+ \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ lastUpdated:
+ description: Time that the status was last updated
+ format: date-time
+ type: string
schema:
description: FirmwareSchema is a reference to the Schema used to describe
each FirmwareSetting. By default, this will be a Schema in the same
settings:
additionalProperties:
type: string
- description: Settings are the actual firmware settings stored as name/value
+ description: Settings are the firmware settings stored as name/value
pairs
type: object
required:
--- /dev/null
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: preprovisioningimages.metal3.io
+spec:
+ group: metal3.io
+ names:
+ kind: PreprovisioningImage
+ listKind: PreprovisioningImageList
+ plural: preprovisioningimages
+ shortNames:
+ - ppimg
+ singular: preprovisioningimage
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Whether the image is ready
+ jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: Ready
+ type: string
+ - description: The reason for the image readiness status
+ jsonPath: .status.conditions[?(@.type=='Ready')].reason
+ name: Reason
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: PreprovisioningImage is the Schema for the preprovisioningimages
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: PreprovisioningImageSpec defines the desired state of PreprovisioningImage
+ properties:
+ acceptFormats:
+ description: acceptFormats is a list of acceptable image formats.
+ items:
+ description: ImageFormat enumerates the allowed image formats
+ enum:
+ - iso
+ - initrd
+ type: string
+ type: array
+ architecture:
+ description: architecture is the processor architecture for which
+ to build the image.
+ type: string
+ networkDataName:
+ description: networkDataName is the name of a Secret in the local
+ namespace that contains network data to build in to the image.
+ type: string
+ type: object
+ status:
+ description: PreprovisioningImageStatus defines the observed state of
+ PreprovisioningImage
+ properties:
+ architecture:
+ description: architecture is the processor architecture for which
+ the image is built
+ type: string
+ conditions:
+ description: conditions describe the state of the built image
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
+ \ // +patchStrategy=merge // +listType=map // +listMapKey=type
+ \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
+ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
+ \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ format:
+ description: 'format is the type of image that is available at the
+ download url: either iso or initrd.'
+ enum:
+ - iso
+ - initrd
+ type: string
+ imageUrl:
+ description: imageUrl is the URL from which the built image can be
+ downloaded.
+ type: string
+ networkData:
+ description: networkData is a reference to the version of the Secret
+ containing the network data used to build the image.
+ properties:
+ name:
+ type: string
+ version:
+ type: string
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
- bases/metal3.io_baremetalhosts.yaml
- bases/metal3.io_hostfirmwaresettings.yaml
- bases/metal3.io_firmwareschemas.yaml
-# +kubebuilder:scaffold:crdkustomizeresource
+- bases/metal3.io_preprovisioningimages.yaml
+- bases/metal3.io_bmceventsubscriptions.yaml
+#+kubebuilder:scaffold:crdkustomizeresource
patchesStrategicMerge:
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
#- patches/webhook_in_baremetalhosts.yaml
#- patches/webhook_in_hostfirmwaresettings.yaml
#- patches/webhook_in_firmwareschemas.yaml
-# +kubebuilder:scaffold:crdkustomizewebhookpatch
+#- patches/webhook_in_preprovisioningimages.yaml
+#- patches/webhook_in_bmceventsubscriptions.yaml
+#+kubebuilder:scaffold:crdkustomizewebhookpatch
# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
# patches here are for enabling the CA injection for each CRD
- patches/cainjection_in_baremetalhosts.yaml
#- patches/cainjection_in_hostfirmwaresettings.yaml
#- patches/cainjection_in_firmwareschemas.yaml
-# +kubebuilder:scaffold:crdkustomizecainjectionpatch
+#- patches/cainjection_in_preprovisioningimages.yaml
+#- patches/cainjection_in_bmceventsubscriptions.yaml
+#+kubebuilder:scaffold:crdkustomizecainjectionpatch
# the following config is for teaching kustomize how to do kustomization for CRDs.
configurations:
version: v1
fieldSpecs:
- kind: CustomResourceDefinition
+ version: v1
group: apiextensions.k8s.io
- path: spec/conversion/webhookClientConfig/service/name
+ path: spec/conversion/webhook/clientConfig/service/name
namespace:
- kind: CustomResourceDefinition
+ version: v1
group: apiextensions.k8s.io
- path: spec/conversion/webhookClientConfig/service/namespace
+ path: spec/conversion/webhook/clientConfig/service/namespace
create: false
varReference:
# The following patch adds a directive for certmanager to inject CA into the CRD
-# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
--- /dev/null
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+ name: bmceventsubscriptions.metal3.io
--- /dev/null
+# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+ name: preprovisioningimages.metal3.io
-# The following patch enables conversion webhook for CRD
-# CRD conversion requires k8s 1.13 or later.
+# The following patch enables a conversion webhook for the CRD
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
spec:
conversion:
strategy: Webhook
- webhookClientConfig:
- # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
- # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
- caBundle: Cg==
- service:
- namespace: system
- name: webhook-service
- path: /convert
+ webhook:
+ clientConfig:
+ service:
+ namespace: system
+ name: webhook-service
+ path: /convert
+ caBundle: Cg==
+ conversionReviewVersions:
+ - v1
--- /dev/null
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: bmceventsubscriptions.metal3.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ namespace: system
+ name: webhook-service
+ path: /convert
spec:
conversion:
strategy: Webhook
- webhookClientConfig:
- # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
- # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
- caBundle: Cg==
- service:
- namespace: system
- name: webhook-service
- path: /convert
+ webhook:
+ clientConfig:
+ service:
+ namespace: system
+ name: webhook-service
+ path: /convert
+ caBundle: Cg==
+ conversionReviewVersions:
+ - v1
spec:
conversion:
strategy: Webhook
- webhookClientConfig:
- # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
- # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
- caBundle: Cg==
- service:
- namespace: system
- name: webhook-service
- path: /convert
+ webhook:
+ clientConfig:
+ service:
+ namespace: system
+ name: webhook-service
+ path: /convert
+ caBundle: Cg==
+ conversionReviewVersions:
+ - v1
+
--- /dev/null
+# The following patch enables conversion webhook for CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: preprovisioningimages.metal3.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ namespace: system
+ name: webhook-service
+ path: /convert
+ caBundle: Cg==
+ conversionReviewVersions:
+ - v1
- ../crd
- ../rbac
- ../manager
-# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
# crd/kustomization.yaml
- ../webhook
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
- ../certmanager
-# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
+# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
#- ../prometheus
patchesStrategicMerge:
- # Protect the /metrics endpoint by putting it behind auth.
- # If you want your controller-manager to expose the /metrics
- # endpoint w/o any authn/z, please comment the following line.
+# Protect the /metrics endpoint by putting it behind auth.
+# If you want your controller-manager to expose the /metrics
+# endpoint w/o any authn/z, please comment the following line.
- manager_auth_proxy_patch.yaml
-# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
+# Mount the controller config file for loading manager configurations
+# through a ComponentConfig type
+#- manager_config_patch.yaml
+
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
# crd/kustomization.yaml
- manager_webhook_patch.yaml
-# This patch inject a sidecar container which is a HTTP proxy for the
+# This patch inject a sidecar container which is a HTTP proxy for the
# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
apiVersion: apps/v1
kind: Deployment
--- /dev/null
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: controller-manager
+ namespace: system
+spec:
+ template:
+ spec:
+ containers:
+ - name: manager
+ args:
+ - "--config=controller_manager_config.yaml"
+ volumeMounts:
+ - name: manager-config
+ mountPath: /controller_manager_config.yaml
+ subPath: controller_manager_config.yaml
+ volumes:
+ - name: manager-config
+ configMap:
+ name: manager-config
--- /dev/null
+apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
+kind: ControllerManagerConfig
+health:
+ healthProbeBindAddress: :9440
+metrics:
+ bindAddress: 127.0.0.1:8085
+webhook:
+ port: 9443
+leaderElection:
+ leaderElect: true
+ resourceName: a9498140.metal3.io
resources:
- manager.yaml
+
+generatorOptions:
+ disableNameSuffixHash: true
+
+configMapGenerator:
+- name: manager-config
+ files:
+ - controller_manager_config.yaml
- configMapRef:
name: ironic
name: manager
+ securityContext:
+ allowPrivilegeEscalation: false
livenessProbe:
httpGet:
path: /healthz
port: 9440
- initialDelaySeconds: 3
- periodSeconds: 3
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 2
+ successThreshold: 1
+ failureThreshold: 10
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 9440
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 2
+ successThreshold: 1
+ failureThreshold: 10
+ serviceAccountName: controller-manager
terminationGracePeriodSeconds: 10
metadata:
name: metrics-reader
rules:
-- nonResourceURLs: ["/metrics"]
- verbs: ["get"]
+- nonResourceURLs:
+ - "/metrics"
+ verbs:
+ - get
metadata:
name: proxy-role
rules:
-- apiGroups: ["authentication.k8s.io"]
+- apiGroups:
+ - authentication.k8s.io
resources:
- tokenreviews
- verbs: ["create"]
-- apiGroups: ["authorization.k8s.io"]
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
resources:
- subjectaccessreviews
- verbs: ["create"]
+ verbs:
+ - create
name: proxy-role
subjects:
- kind: ServiceAccount
- name: default
+ name: controller-manager
namespace: system
--- /dev/null
+# permissions for end users to edit bmceventsubscriptions.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: bmceventsubscription-editor-role
+rules:
+- apiGroups:
+ - metal3.io
+ resources:
+ - bmceventsubscriptions
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - metal3.io
+ resources:
+ - bmceventsubscriptions/status
+ verbs:
+ - get
--- /dev/null
+# permissions for end users to view bmceventsubscriptions.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: bmceventsubscription-viewer-role
+rules:
+- apiGroups:
+ - metal3.io
+ resources:
+ - bmceventsubscriptions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metal3.io
+ resources:
+ - bmceventsubscriptions/status
+ verbs:
+ - get
resources:
+# All RBAC will be applied under this service account in
+# the deployment namespace. You may comment out this resource
+# if your manager will use a service account that exists at
+# runtime. Be sure to update RoleBinding and ClusterRoleBinding
+# subjects if changing service account names.
+- service_account.yaml
- role.yaml
- role_binding.yaml
- leader_election_role.yaml
name: leader-election-role
subjects:
- kind: ServiceAccount
- name: default
+ name: controller-manager
namespace: system
--- /dev/null
+# permissions for end users to edit preprovisioningimages.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: preprovisioningimage-editor-role
+rules:
+- apiGroups:
+ - metal3.io
+ resources:
+ - preprovisioningimages
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - metal3.io
+ resources:
+ - preprovisioningimages/status
+ verbs:
+ - get
--- /dev/null
+# permissions for end users to view preprovisioningimages.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: preprovisioningimage-viewer-role
+rules:
+- apiGroups:
+ - metal3.io
+ resources:
+ - preprovisioningimages
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metal3.io
+ resources:
+ - preprovisioningimages/status
+ verbs:
+ - get
- get
- patch
- update
+- apiGroups:
+ - metal3.io
+ resources:
+ - bmceventsubscriptions
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - metal3.io
+ resources:
+ - bmceventsubscriptions/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - metal3.io
+ resources:
+ - firmwareschemas
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - metal3.io
+ resources:
+ - firmwareschemas/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - metal3.io
+ resources:
+ - hostfirmwaresettings
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - metal3.io
+ resources:
+ - hostfirmwaresettings/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - metal3.io
+ resources:
+ - preprovisioningimages
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - metal3.io
+ resources:
+ - preprovisioningimages/status
+ verbs:
+ - get
+ - patch
+ - update
name: manager-role
subjects:
- kind: ServiceAccount
- name: default
+ name: controller-manager
namespace: system
--- /dev/null
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: controller-manager
+ namespace: system
resources:
- baremetalhosts
sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta
+ clientConfig:
+ service:
+ name: webhook-service
+ namespace: system
+ path: /validate-metal3-io-v1alpha1-bmceventsubscription
+ failurePolicy: Fail
+ name: bmceventsubscription.metal3.io
+ rules:
+ - apiGroups:
+ - metal3.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - bmceventsubscriptions
+ sideEffects: None
images:
- name: quay.io/metal3-io/baremetal-operator
- newTag: capm3-v0.5.1
+ newTag: capm3-v0.5.4
configMapGenerator:
- envs:
add: ["NET_ADMIN"]
command:
- /bin/rundnsmasq
+ livenessProbe:
+ exec:
+ command: ["sh", "-c", "ss -lun | grep :67 && ss -lun | grep :69"]
+ initialDelaySeconds: 30
+ periodSeconds: 30
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
+ readinessProbe:
+ exec:
+ command: ["sh", "-c", "ss -lun | grep :67 && ss -lun | grep :69"]
+ initialDelaySeconds: 30
+ periodSeconds: 30
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
volumeMounts:
- mountPath: /shared
name: ironic-data-volume
- configMapRef:
name: ironic-bmo-configmap
- name: mariadb
- image: quay.io/metal3-io/ironic
+ image: quay.io/metal3-io/mariadb
imagePullPolicy: Always
- command:
- - /bin/runmariadb
+ livenessProbe:
+ exec:
+ command: ["sh", "-c", "mysqladmin status -uironic -p$(printenv MARIADB_PASSWORD)"]
+ initialDelaySeconds: 30
+ periodSeconds: 30
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
+ readinessProbe:
+ exec:
+ command: ["sh", "-c", "mysqladmin status -uironic -p$(printenv MARIADB_PASSWORD)"]
+ initialDelaySeconds: 30
+ periodSeconds: 30
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
volumeMounts:
- mountPath: /shared
name: ironic-data-volume
imagePullPolicy: Always
command:
- /bin/runironic-api
+ livenessProbe:
+ exec:
+ command: ["sh", "-c", "curl -sSf http://127.0.0.1:6385 || curl -sSfk https://127.0.0.1:6385"]
+ initialDelaySeconds: 30
+ periodSeconds: 30
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
+ readinessProbe:
+ exec:
+ command: ["sh", "-c", "curl -sSf http://127.0.0.1:6385 || curl -sSfk https://127.0.0.1:6385"]
+ initialDelaySeconds: 30
+ periodSeconds: 30
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
volumeMounts:
- mountPath: /shared
name: ironic-data-volume
imagePullPolicy: Always
command:
- /bin/runironic-conductor
+ readinessProbe:
+ exec:
+ command: ["sh", "-c", "curl -sd '{}' -o – -k https://127.0.0.1:8089 || curl -sd '{}' -o – http://127.0.0.1:8089"]
+ initialDelaySeconds: 30
+ periodSeconds: 30
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
+ livenessProbe:
+ exec:
+ command: ["sh", "-c", "curl -sd '{}' -o – -k https://127.0.0.1:8089 || curl -sd '{}' -o – http://127.0.0.1:8089"]
+ initialDelaySeconds: 30
+ periodSeconds: 30
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
volumeMounts:
- mountPath: /shared
name: ironic-data-volume
- name: ironic-inspector
image: quay.io/metal3-io/ironic
imagePullPolicy: Always
+ readinessProbe:
+ exec:
+ command: ["sh", "-c", "curl -sSf http://127.0.0.1:5050 || curl -sSf -k https://127.0.0.1:5050"]
+ initialDelaySeconds: 30
+ periodSeconds: 30
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
+ livenessProbe:
+ exec:
+ command: ["sh", "-c", "curl -sSf http://127.0.0.1:5050 || curl -sSf -k https://127.0.0.1:5050"]
+ initialDelaySeconds: 30
+ periodSeconds: 30
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
command:
- /bin/runironic-inspector
envFrom:
images:
- name: quay.io/metal3-io/ironic
- newTag: capm3-v0.5.1
+ newTag: capm3-v0.5.4
- name: quay.io/metal3-io/ironic-ipa-downloader
digest: sha256:d2d871675b629bf66514ccda2e2616c50670f7fff9d95b983a216f3a7fdaa1aa
#Bare Metal Operator version to use
# If changing this, the value in deploy/ironic/icn/kustomization.yaml
# must also be changed
-BMO_VERSION="capm3-v0.5.1"
+BMO_VERSION="capm3-v0.5.4"
#KuD repository URL
KUDREPO="${KUDREPO:-https://github.com/onap/multicloud-k8s.git}"
KUSTOMIZE_VERSION="v4.3.0"
#Cluster API version to use
-CAPI_VERSION="v0.4.3"
+CAPI_VERSION="v0.4.7"
#Cluster API version to use
-CAPM3_VERSION="v0.5.1"
+CAPM3_VERSION="v0.5.4"
#The flux version to use
FLUX_VERSION="0.25.3"