airship/airshipctl
Code Issues Proposed changes

Merge "Add manifests for Hardware-Classification-Controller"

Browse Source
This commit is contained in:
Zuul 2020-08-27 14:25:07 +00:00 committed by Gerrit Code Review
commit 69a6c3e406
34 changed files with 843 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
manifests/function/hwcc/README.md Normal file
View File

@ -0,0 +1,39 @@
# Function: hwcc
Controller for classifying host hardware characteristics to expected values.
The HWCC (Hardware Classification Controller) compares and validates the
workload profile against Baremetal Hosts and classifies right match host
and label the host. Also it displays the count for matched, unmatched
and error hosts.
Comparison and validation is done on baremetalhost list provided by `BMO`
against hardware profile mentioned in
`metal3.io_hardwareclassifications.yaml`.
HWCC will label matched hosts.
* Default
`hardwareclassification.metal3.io/<PROFILE-NAME>=matches`
* User Provided
`hardwareclassification.metal3.io/<PROFILE-NAME>=<LABEL>`
HWCC also label hosts which are in error state, e.g.
`hardwareclassification-error=registration-error`
HWCC status shows multiple items w.r.t applied profile :
* Name of the profile
* Profile match status
* Matched Host count
* Error Host count
## Example Usage
User can validate and classify the hosts based on hardware requirement.
User will get to know how many hosts matched to user profile and
how many hosts are in error state. HWCC status will also show number of hosts
falling under different error states.
User can select any of matched host and go for provisioning.

25
manifests/function/hwcc/certmanager/certificate.yaml Normal file
View File

@ -0,0 +1,25 @@
# The following manifests contain a self-signed issuer CR and a certificate CR.
# More document can be found at https://docs.cert-manager.io
# WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for breaking changes
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: selfsigned-issuer
namespace: system
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml
namespace: system
spec:
# $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
dnsNames:
- $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
- $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
issuerRef:
kind: Issuer
name: selfsigned-issuer
secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize

5
manifests/function/hwcc/certmanager/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
resources:
- certificate.yaml
configurations:
- kustomizeconfig.yaml

16
manifests/function/hwcc/certmanager/kustomizeconfig.yaml Normal file
View File

@ -0,0 +1,16 @@
# This configuration is for teaching kustomize how to update name ref and var substitution
nameReference:
- kind: Issuer
group: cert-manager.io
fieldSpecs:
- kind: Certificate
group: cert-manager.io
path: spec/issuerRef/name
varReference:
- kind: Certificate
group: cert-manager.io
path: spec/commonName
- kind: Certificate
group: cert-manager.io
path: spec/dnsNames

227
manifests/function/hwcc/crd/bases/metal3.io_hardwareclassifications.yaml Normal file
View File

@ -0,0 +1,227 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.4
creationTimestamp: null
name: hardwareclassifications.metal3.io
spec:
additionalPrinterColumns:
- JSONPath: .status.profileMatchStatus
description: Profile Match Status
name: ProfileMatchStatus
type: string
- JSONPath: .status.matchedCount
description: Total Matched hosts.
name: MatchedHosts
type: integer
- JSONPath: .status.unmatchedCount
description: Total Unmatched hosts.
name: UnmatchedHosts
type: integer
- JSONPath: .status.errorHosts
description: Total error hosts.
name: ErrorHosts
type: integer
- JSONPath: .status.registrationErrorHosts
description: Total hosts in Registration error state.
name: RegistrationErrorHosts
type: integer
- JSONPath: .status.introspectionErrorHosts
description: Total hosts in Introspection error state.
name: IntrospectionErrorHosts
type: integer
- JSONPath: .status.provisioningErrorHosts
description: Total hosts in Provisioning error state.
name: ProvisioningErrorHosts
type: integer
- JSONPath: .status.powerMgmtErrorHosts
description: Total hosts in Power Management error state.
name: PowerMgmtErrorHosts
type: integer
- JSONPath: .status.errorMessage
description: Most recent error
name: Error
type: string
group: metal3.io
names:
kind: HardwareClassification
listKind: HardwareClassificationList
plural: hardwareclassifications
shortNames:
- hwc
- hc
singular: hardwareclassification
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: HardwareClassification is the Schema for the hardwareclassifications
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: HardwareClassificationSpec defines the desired state of HardwareClassification
properties:
hardwareCharacteristics:
description: HardwareCharacteristics defines expected hardware configurations
for Cpu, Disk, Nic and Ram.
properties:
cpu:
description: Cpu contains cpu details extracted from the hardware
profile
properties:
maximumCount:
description: MaximumCount of cpu should be greater than 0 and
greater than MinimumCount Ex. MaximumCount > 0 && MaximumCount
> MinimumCount
minimum: 1
type: integer
maximumSpeedMHz:
description: 'Maximum speed of cpu should be greater than 0
and greater than MinimumSpeed Ex. MaximumSpeed > 0 && MaximumSpeed
> MinimumSpeed Ex. MaximumSpeed: 3200 User wants CPU speed
3.2 (in GHz), then he should specify as 3200 MHz'
format: int32
minimum: 1000
type: integer
minimumCount:
description: MinimumCount of cpu should be greater than 0 Ex.
MinimumCount > 0
minimum: 1
type: integer
minimumSpeedMHz:
description: 'MinimumSpeed of cpu should be greater than 0 Ex.
MinimumSpeed > 0 Ex. MinimumSpeed: 2600 User wants CPU speed
2.6 (in GHz), then s/he should specify as 2600 MHz'
format: int32
minimum: 1000
type: integer
type: object
disk:
description: Disk contains disk details extracted from the hardware
profile
properties:
maximumCount:
description: MaximumCount of disk should be greater than 0 and
greater than MinimumCount Ex. MaximumCount > 0 && MaximumCount
> MinimumCount
minimum: 1
type: integer
maximumIndividualSizeGB:
description: Maximum individual size should be greater than
0 and greater than MinimumIndividualSizeGB Ex. MaximumIndividualSizeGB
> 0 && MaximumIndividualSizeGB > MinimumIndividualSizeGB
format: int64
minimum: 1
type: integer
minimumCount:
description: MinimumCount of disk should be greater than 0 MinimumCount
> 0
minimum: 1
type: integer
minimumIndividualSizeGB:
description: MinimumIndividualSizeGB should be greater than
0 Ex. MinimumIndividualSizeGB > 0
format: int64
minimum: 1
type: integer
type: object
nic:
description: Nic contains nic details extracted from the hardware
profile
properties:
maximumCount:
description: Maximum count should be greater than 0 and greater
than MinimumCount Ex. MaximumCount > 0 && MaximumCount > MinimumCount
minimum: 1
type: integer
minimumCount:
description: Minimum count should be greater than 0 Ex. MinimumCount
> 0
minimum: 1
type: integer
type: object
ram:
description: Ram contains ram details extracted from the hardware
profile
properties:
maximumSizeGB:
description: MaximumSizeGB should be greater than 0 or greater
than MinimumSizeGB Ex. MaximumSizeGB > 0 && MaximumSizeGB
> MinimumSizeGB
minimum: 1
type: integer
minimumSizeGB:
description: MinimumSizeGB of Ram should be greater than 0 Ex.
MinimumSizeGB > 0
minimum: 1
type: integer
type: object
type: object
type: object
status:
description: HardwareClassificationStatus defines the observed state of
HardwareClassification
properties:
errorHosts:
description: The count of Hosts in error state
type: integer
errorMessage:
description: The last error message reported by the hardwareclassification
system
type: string
errorType:
description: ErrorType indicates the type of failure encountered
type: string
introspectionErrorHosts:
description: The count of hosts in introspection error state
type: integer
matchedCount:
description: The count of matched Hosts per profile reported by hardwareclassification
system
type: integer
powerMgmtErrorHosts:
description: The count of hosts in power management error state
type: integer
profileMatchStatus:
description: ProfileMatchStatus identifies whether a applied profile
is matches or not
type: string
provisioningErrorHosts:
description: The count of hosts in provisioning error state
type: integer
registrationErrorHosts:
description: The count of hosts in registration error state
type: integer
unmatchedCount:
description: The count of unmatched Hosts per profile reported by hardwareclassification
system
type: integer
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

21
manifests/function/hwcc/crd/kustomization.yaml Normal file
View File

@ -0,0 +1,21 @@
# This kustomization.yaml is not intended to be run by itself,
# since it depends on service name and namespace that are out of this kustomize package.
# It should be run by config/default
resources:
- bases/metal3.io_hardwareclassifications.yaml
# +kubebuilder:scaffold:crdkustomizeresource
patchesStrategicMerge:
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
# patches here are for enabling the conversion webhook for each CRD
#- patches/webhook_in_hardwareclassifications.yaml
# +kubebuilder:scaffold:crdkustomizewebhookpatch
# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
# patches here are for enabling the CA injection for each CRD
#- patches/cainjection_in_hardwareclassifications.yaml
# +kubebuilder:scaffold:crdkustomizecainjectionpatch
# the following config is for teaching kustomize how to do kustomization for CRDs.
configurations:
- kustomizeconfig.yaml

17
manifests/function/hwcc/crd/kustomizeconfig.yaml Normal file
View File

@ -0,0 +1,17 @@
# This file is for teaching kustomize how to substitute name and namespace reference in CRD
nameReference:
- kind: Service
version: v1
fieldSpecs:
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhookClientConfig/service/name
namespace:
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhookClientConfig/service/namespace
create: false
varReference:
- path: metadata/annotations

8
manifests/function/hwcc/crd/patches/cainjection_in_hardwareclassifications.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: hardwareclassifications.metal3.io

17
manifests/function/hwcc/crd/patches/webhook_in_hardwareclassifications.yaml Normal file
View File

@ -0,0 +1,17 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: hardwareclassifications.metal3.io
spec:
conversion:
strategy: Webhook
webhookClientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

74
manifests/function/hwcc/default/kustomization.yaml Normal file
View File

@ -0,0 +1,74 @@
# Adds namespace to all resources.
namespace: hardware-classification
# Value of this field is prepended to the
# names of all resources, e.g. a deployment named
# "wordpress" becomes "alices-wordpress".
# Note that it should also match with the prefix (text before '-') of the namespace
# field above.
namePrefix: hardware-classification-
# Labels to add to all resources and selectors.
#commonLabels:
# someName: someValue
bases:
- ../crd
- ../rbac
- ../manager
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in crd/kustomization.yaml
#- ../webhook
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
#- ../certmanager
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
#- ../prometheus
patchesStrategicMerge:
# Protect the /metrics endpoint by putting it behind auth.
# Only one of manager_auth_proxy_patch.yaml and
# manager_prometheus_metrics_patch.yaml should be enabled.
- manager_auth_proxy_patch.yaml
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, uncomment the following line and
# comment manager_auth_proxy_patch.yaml.
# Only one of manager_auth_proxy_patch.yaml and
# manager_prometheus_metrics_patch.yaml should be enabled.
#- manager_prometheus_metrics_patch.yaml
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in crd/kustomization.yaml
#- manager_webhook_patch.yaml
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
# 'CERTMANAGER' needs to be enabled to use ca injection
#- webhookcainjection_patch.yaml
# the following config is for teaching kustomize how to do var substitution
vars:
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
# objref:
# kind: Certificate
# group: cert-manager.io
# version: v1alpha2
# name: serving-cert # this name should match the one in certificate.yaml
# fieldref:
# fieldpath: metadata.namespace
#- name: CERTIFICATE_NAME
# objref:
# kind: Certificate
# group: cert-manager.io
# version: v1alpha2
# name: serving-cert # this name should match the one in certificate.yaml
#- name: SERVICE_NAMESPACE # namespace of the service
# objref:
# kind: Service
# version: v1
# name: webhook-service
# fieldref:
# fieldpath: metadata.namespace
#- name: SERVICE_NAME
# objref:
# kind: Service
# version: v1
# name: webhook-service

25
manifests/function/hwcc/default/manager_auth_proxy_patch.yaml Normal file
View File

@ -0,0 +1,25 @@
# This patch inject a sidecar container which is a HTTP proxy for the controller manager,
# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: kube-rbac-proxy
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8443
name: https
- name: manager
args:
- "--metrics-addr=127.0.0.1:8080"
- "--enable-leader-election"

23
manifests/function/hwcc/default/manager_webhook_patch.yaml Normal file
View File

@ -0,0 +1,23 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
volumes:
- name: cert
secret:
defaultMode: 420
secretName: webhook-server-cert

15
manifests/function/hwcc/default/webhookcainjection_patch.yaml Normal file
View File

@ -0,0 +1,15 @@
# This patch add annotation to admission webhook config and
# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: mutating-webhook-configuration
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: validating-webhook-configuration
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)

5
manifests/function/hwcc/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
resources:
- namespace.yaml
bases:
- default

8
manifests/function/hwcc/manager/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
resources:
- manager.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: controller
newName: controller
newTag: latest

32
manifests/function/hwcc/manager/manager.yaml Normal file
View File

@ -0,0 +1,32 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
labels:
control-plane: controller-manager
spec:
selector:
matchLabels:
control-plane: controller-manager
replicas: 1
template:
metadata:
labels:
control-plane: controller-manager
spec:
containers:
- command:
- /manager
args:
- --enable-leader-election
image: quay.io/hwcc/airship-hcc:v1
name: manager
resources:
limits:
cpu: 100m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
terminationGracePeriodSeconds: 10

6
manifests/function/hwcc/namespace.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
labels:
control-plane: controller-manager
name: hardware-classification

2
manifests/function/hwcc/prometheus/kustomization.yaml Normal file
View File

@ -0,0 +1,2 @@
resources:
- monitor.yaml

15
manifests/function/hwcc/prometheus/monitor.yaml Normal file
View File

@ -0,0 +1,15 @@
# Prometheus Monitor Service (Metrics)
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
control-plane: controller-manager
name: controller-manager-metrics-monitor
namespace: system
spec:
endpoints:
- path: /metrics
port: https
selector:
control-plane: controller-manager

13
manifests/function/hwcc/rbac/auth_proxy_role.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: proxy-role
rules:
- apiGroups: ["authentication.k8s.io"]
resources:
- tokenreviews
verbs: ["create"]
- apiGroups: ["authorization.k8s.io"]
resources:
- subjectaccessreviews
verbs: ["create"]

12
manifests/function/hwcc/rbac/auth_proxy_role_binding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: proxy-role
subjects:
- kind: ServiceAccount
name: default
namespace: system

14
manifests/function/hwcc/rbac/auth_proxy_service.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
labels:
control-plane: controller-manager
name: controller-manager-metrics-service
namespace: system
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
control-plane: controller-manager

26
manifests/function/hwcc/rbac/hardwareclassification_editor_role.yaml Normal file
View File

@ -0,0 +1,26 @@
# permissions to do edit hardwareclassifications.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: hardwareclassification-editor-role
rules:
- apiGroups:
- metal3.io
resources:
- hardwareclassifications
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- metal3.io
resources:
- hardwareclassifications/status
verbs:
- get
- patch
- update

20
manifests/function/hwcc/rbac/hardwareclassification_viewer_role.yaml Normal file
View File

@ -0,0 +1,20 @@
# permissions to do viewer hardwareclassifications.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: hardwareclassification-viewer-role
rules:
- apiGroups:
- metal3.io
resources:
- hardwareclassifications
verbs:
- get
- list
- watch
- apiGroups:
- metal3.io
resources:
- hardwareclassifications/status
verbs:
- get

11
manifests/function/hwcc/rbac/kustomization.yaml Normal file
View File

@ -0,0 +1,11 @@
resources:
- role.yaml
- role_binding.yaml
- leader_election_role.yaml
- leader_election_role_binding.yaml
# Comment the following 3 lines if you want to disable
# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
# which protects your /metrics endpoint.
- auth_proxy_service.yaml
- auth_proxy_role.yaml
- auth_proxy_role_binding.yaml

32
manifests/function/hwcc/rbac/leader_election_role.yaml Normal file
View File

@ -0,0 +1,32 @@
# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: leader-election-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create

12
manifests/function/hwcc/rbac/leader_election_role_binding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: leader-election-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: leader-election-role
subjects:
- kind: ServiceAccount
name: default
namespace: system

43
manifests/function/hwcc/rbac/role.yaml Normal file
View File

@ -0,0 +1,43 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: manager-role
rules:
- apiGroups:
- metal3.io
resources:
- baremetalhosts
verbs:
- get
- list
- watch
- update
- apiGroups:
- metal3.io
resources:
- baremetalhosts/status
verbs:
- get
- apiGroups:
- metal3.io
resources:
- hardwareclassifications
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- metal3.io
resources:
- hardwareclassifications/status
verbs:
- get
- patch
- update

12
manifests/function/hwcc/rbac/role_binding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: manager-role
subjects:
- kind: ServiceAccount
name: default
namespace: system

25
manifests/function/hwcc/samples/metal3.io_v1alpha1_hardwareclassification.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: metal3.io/v1alpha1
kind: HardwareClassification
metadata:
name: hardwareclassification-sample
labels:
hardwareclassification-sample: sample1
hardwareclassification-error: All
spec:
hardwareCharacteristics:
cpu:
minimumCount: 1
maximumCount: 72
minimumSpeedMHz: 1100
maximumSpeedMHz: 3600
disk:
minimumCount: 1
maximumCount: 8
minimumIndividualSizeGB: 2
maximumIndividualSizeGB: 3000
ram:
minimumSizeGB: 1
maximumSizeGB: 180
nic:
minimumCount: 1
maximumCount: 7

6
manifests/function/hwcc/webhook/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
resources:
- manifests.yaml
- service.yaml
configurations:
- kustomizeconfig.yaml

25
manifests/function/hwcc/webhook/kustomizeconfig.yaml Normal file
View File

@ -0,0 +1,25 @@
# the following config is for teaching kustomize where to look at when substituting vars.
# It requires kustomize v2.1.0 or newer to work properly.
nameReference:
- kind: Service
version: v1
fieldSpecs:
- kind: MutatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/name
- kind: ValidatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/name
namespace:
- kind: MutatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/namespace
create: true
- kind: ValidatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/namespace
create: true
varReference:
- path: metadata/annotations

0
manifests/function/hwcc/webhook/manifests.yaml Normal file
View File

12
manifests/function/hwcc/webhook/service.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: webhook-service
namespace: system
spec:
ports:
- port: 443
targetPort: 9443
selector:
control-plane: controller-manager