From: Yolanda Robla Date: Mon, 20 May 2019 14:27:41 +0000 (+0200) Subject: Start adding operators to the deployments X-Git-Tag: akraino_r1~3 X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F56%2F756%2F2;p=kni%2Ftemplates.git Start adding operators to the deployments Create a new folder for operators, that will hold the common manifests for both blueprints. This folder could be accessed after with kustomize, from each different repo Change-Id: I6c845f73816c4b0090f98aff07814d27e7d20b0d --- diff --git a/workloads/kustomization.yaml b/workloads/kustomization.yaml new file mode 100644 index 0000000..4457b8d --- /dev/null +++ b/workloads/kustomization.yaml @@ -0,0 +1,3 @@ +resources: +- operators/kubevirt/kubevirt-operator.yaml +- operators/kubevirt/kubevirt-cr.yaml diff --git a/workloads/operators/kubevirt/kubevirt-cr.yaml b/workloads/operators/kubevirt/kubevirt-cr.yaml new file mode 100644 index 0000000..0208bb8 --- /dev/null +++ b/workloads/operators/kubevirt/kubevirt-cr.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kubevirt.io/v1alpha3 +kind: KubeVirt +metadata: + name: kubevirt + namespace: kubevirt +spec: + imagePullPolicy: IfNotPresent diff --git a/workloads/operators/kubevirt/kubevirt-operator.yaml b/workloads/operators/kubevirt/kubevirt-operator.yaml new file mode 100644 index 0000000..43b507c --- /dev/null +++ b/workloads/operators/kubevirt/kubevirt-operator.yaml @@ -0,0 +1,533 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + kubevirt.io: "" + name: kubevirt +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + operator.kubevirt.io: "" + name: kubevirts.kubevirt.io +spec: + additionalPrinterColumns: + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.phase + name: Phase + type: string + group: kubevirt.io + names: + kind: KubeVirt + plural: kubevirts + shortNames: + - kv + - kvs + singular: kubevirt + scope: Namespaced + version: v1alpha3 + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubevirt.io:operator + labels: + operator.kubevirt.io: "" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + kubevirt.io: "" + name: kubevirt-operator + namespace: kubevirt +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + kubevirt.io: "" + name: kubevirt-operator +rules: +- apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - watch + - patch + - update + - patch +- apiGroups: + - "" + resources: + - serviceaccounts + - services + - endpoints + verbs: + - get + - list + - watch + - create + - update + - delete + - patch +- apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - delete + - patch +- apiGroups: + - apps + resources: + - deployments + - daemonsets + verbs: + - get + - list + - watch + - create + - delete + - patch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - get + - list + - watch + - create + - delete + - patch + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - delete + - patch +- apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - get + - list + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - get + - patch + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - create + - update +- apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - create + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + - virtualmachineinstancemigrations + verbs: + - get + - list + - watch + - patch +- apiGroups: + - kubevirt.io + resources: + - virtualmachineinstancepresets + verbs: + - watch + - list +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - limitranges + verbs: + - watch + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - delete + - update + - create +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - delete + - create +- apiGroups: + - "" + resources: + - pods + - configmaps + - endpoints + verbs: + - get + - list + - watch + - delete + - update + - create +- apiGroups: + - "" + resources: + - events + verbs: + - update + - create + - patch +- apiGroups: + - "" + resources: + - pods/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - kubevirt.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - cdi.kubevirt.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - kubevirt.io + resources: + - virtualmachineinstances + verbs: + - update + - list + - watch +- apiGroups: + - "" + resources: + - secrets + - persistentvolumeclaims + verbs: + - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +- apiGroups: + - subresources.kubevirt.io + resources: + - version + verbs: + - get + - list +- apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachineinstances/console + - virtualmachineinstances/vnc + verbs: + - get +- apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/restart + verbs: + - put + - update +- apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + - virtualmachineinstancepresets + - virtualmachineinstancereplicasets + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection +- apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachineinstances/console + - virtualmachineinstances/vnc + verbs: + - get +- apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/restart + verbs: + - put + - update +- apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + - virtualmachineinstancepresets + - virtualmachineinstancereplicasets + verbs: + - get + - delete + - create + - update + - patch + - list + - watch +- apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + - virtualmachineinstancepresets + - virtualmachineinstancereplicasets + verbs: + - get + - list + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + kubevirt.io: "" + name: kubevirt-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubevirt-operator +subjects: +- kind: ServiceAccount + name: kubevirt-operator + namespace: kubevirt + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + kubevirt.io: virt-operator + name: virt-operator + namespace: kubevirt +spec: + replicas: 2 + selector: + matchLabels: + kubevirt.io: virt-operator + strategy: + type: RollingUpdate + template: + metadata: + annotations: + scheduler.alpha.kubernetes.io/critical-pod: "" + scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly","operator":"Exists"}]' + labels: + kubevirt.io: virt-operator + prometheus.kubevirt.io: "" + name: virt-operator + spec: + containers: + - command: + - virt-operator + - --port + - "8443" + - -v + - "2" + env: + - name: OPERATOR_IMAGE + value: index.docker.io/kubevirt/virt-operator:v0.17.0 + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + image: index.docker.io/kubevirt/virt-operator:v0.17.0 + imagePullPolicy: IfNotPresent + name: virt-operator + ports: + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /metrics + port: 8443 + scheme: HTTPS + initialDelaySeconds: 5 + timeoutSeconds: 10 + resources: {} + securityContext: + runAsNonRoot: true + serviceAccountName: kubevirt-operator