diff --git a/manifests/function/baremetal-operator/v0.5.0/kustomization.yaml b/manifests/function/baremetal-operator/v0.5.0/kustomization.yaml new file mode 100644 index 000000000..37f79b215 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: metal3 +resources: +- upstream/default + +patchesStrategicMerge: +- operator_nodeselector_patch.yaml +- operator_tolerations_patch.yaml +- label_baremetalhosts_crd_patch.yaml +- label_firmwareschemas_crd_patch.yaml +- label_hostfirmwaresettings_crd_patch.yaml diff --git a/manifests/function/baremetal-operator/v0.5.0/label_baremetalhosts_crd_patch.yaml b/manifests/function/baremetal-operator/v0.5.0/label_baremetalhosts_crd_patch.yaml new file mode 100644 index 000000000..bd11bcad0 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/label_baremetalhosts_crd_patch.yaml @@ -0,0 +1,9 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + clusterctl.cluster.x-k8s.io: "" + cluster.x-k8s.io/provider: "metal3" + name: baremetalhosts.metal3.io diff --git a/manifests/function/baremetal-operator/v0.5.0/label_firmwareschemas_crd_patch.yaml b/manifests/function/baremetal-operator/v0.5.0/label_firmwareschemas_crd_patch.yaml new file mode 100644 index 000000000..80b9b21f1 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/label_firmwareschemas_crd_patch.yaml @@ -0,0 +1,9 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + clusterctl.cluster.x-k8s.io: "" + cluster.x-k8s.io/provider: "metal3" + name: firmwareschemas.metal3.io diff --git a/manifests/function/baremetal-operator/v0.5.0/label_hostfirmwaresettings_crd_patch.yaml b/manifests/function/baremetal-operator/v0.5.0/label_hostfirmwaresettings_crd_patch.yaml new file mode 100644 index 000000000..fe8358ee6 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/label_hostfirmwaresettings_crd_patch.yaml @@ -0,0 +1,9 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + clusterctl.cluster.x-k8s.io: "" + cluster.x-k8s.io/provider: "metal3" + name: hostfirmwaresettings.metal3.io diff --git a/manifests/function/baremetal-operator/v0.5.0/operator_nodeselector_patch.yaml b/manifests/function/baremetal-operator/v0.5.0/operator_nodeselector_patch.yaml new file mode 100644 index 000000000..f16d5b9c4 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/operator_nodeselector_patch.yaml @@ -0,0 +1,10 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + nodeSelector: + kubernetes.io/os: linux diff --git a/manifests/function/baremetal-operator/v0.5.0/operator_tolerations_patch.yaml b/manifests/function/baremetal-operator/v0.5.0/operator_tolerations_patch.yaml new file mode 100644 index 000000000..e044dad42 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/operator_tolerations_patch.yaml @@ -0,0 +1,14 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + tolerations: + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + - key: node-role.kubernetes.io/master + effect: NoSchedule diff --git a/manifests/function/baremetal-operator/v0.5.0/replacements/ironic-env-vars.yaml b/manifests/function/baremetal-operator/v0.5.0/replacements/ironic-env-vars.yaml new file mode 100644 index 000000000..d231dd73b --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/replacements/ironic-env-vars.yaml @@ -0,0 +1,65 @@ +# These rules inject env vars into the baremetal-operator function. +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: baremetal-operator-env-vars-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: localhost/replacement-transformer +replacements: +# Replace the proxy vars +- source: + objref: + name: env-vars-catalogue + fieldref: env.HTTP_PROXY + target: + objref: + kind: ConfigMap + name: baremetal-operator-ironic + fieldrefs: ["data.HTTP_PROXY"] +- source: + objref: + name: env-vars-catalogue + fieldref: env.HTTPS_PROXY + target: + objref: + kind: ConfigMap + name: baremetal-operator-ironic + fieldrefs: ["data.HTTPS_PROXY"] +- source: + objref: + name: env-vars-catalogue + fieldref: env.http_proxy + target: + objref: + kind: ConfigMap + name: baremetal-operator-ironic + fieldrefs: ["data.http_proxy"] +- source: + objref: + name: env-vars-catalogue + fieldref: env.https_proxy + target: + objref: + kind: ConfigMap + name: baremetal-operator-ironic + fieldrefs: ["data.https_proxy"] +- source: + objref: + name: env-vars-catalogue + fieldref: env.NO_PROXY + target: + objref: + kind: ConfigMap + name: baremetal-operator-ironic + fieldrefs: ["data.NO_PROXY"] +- source: + objref: + name: env-vars-catalogue + fieldref: env.no_proxy + target: + objref: + kind: ConfigMap + name: baremetal-operator-ironic + fieldrefs: ["data.no_proxy"] diff --git a/manifests/function/baremetal-operator/v0.5.0/replacements/kustomization.yaml b/manifests/function/baremetal-operator/v0.5.0/replacements/kustomization.yaml new file mode 100644 index 000000000..967c37e4f --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/replacements/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - versions.yaml + - ironic-env-vars.yaml + - networking.yaml diff --git a/manifests/function/baremetal-operator/v0.5.0/replacements/networking.yaml b/manifests/function/baremetal-operator/v0.5.0/replacements/networking.yaml new file mode 100644 index 000000000..50fae7079 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/replacements/networking.yaml @@ -0,0 +1,112 @@ +# These rules inject networking info into the baremetal-operator function. +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: baremetal-operator-networking-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: localhost/replacement-transformer +replacements: +# Replace the pod & service networks +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.provisioningInterface + target: + objref: + kind: ConfigMap + name: baremetal-operator-ironic + fieldrefs: ["data.PROVISIONING_INTERFACE"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.provisioningIp + target: + objref: + kind: ConfigMap + name: baremetal-operator-ironic + fieldrefs: ["data.PROVISIONING_IP"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.httpPort + target: + objref: + kind: ConfigMap + name: baremetal-operator-ironic + fieldrefs: ["data.HTTP_PORT"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.provisioningIp + target: + objref: + kind: ConfigMap + name: baremetal-operator-ironic + fieldrefs: ["data.DEPLOY_KERNEL_URL%PROVISIONING_IP%"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.httpPort + target: + objref: + kind: ConfigMap + name: baremetal-operator-ironic + fieldrefs: ["data.DEPLOY_KERNEL_URL%HTTP_PORT%"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.provisioningIp + target: + objref: + kind: ConfigMap + name: baremetal-operator-ironic + fieldrefs: ["data.DEPLOY_RAMDISK_URL%PROVISIONING_IP%"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.httpPort + target: + objref: + kind: ConfigMap + name: baremetal-operator-ironic + fieldrefs: ["data.DEPLOY_RAMDISK_URL%HTTP_PORT%"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.provisioningIp + target: + objref: + kind: ConfigMap + name: baremetal-operator-ironic + fieldrefs: ["data.IRONIC_ENDPOINT%PROVISIONING_IP%"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.provisioningIp + target: + objref: + kind: ConfigMap + name: baremetal-operator-ironic + fieldrefs: ["data.IRONIC_INSPECTOR_ENDPOINT%PROVISIONING_IP%"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.ironicFastTrack + target: + objref: + kind: ConfigMap + name: baremetal-operator-ironic + fieldrefs: ["data.IRONIC_FAST_TRACK"] + diff --git a/manifests/function/baremetal-operator/v0.5.0/replacements/versions.yaml b/manifests/function/baremetal-operator/v0.5.0/replacements/versions.yaml new file mode 100644 index 000000000..7a0a18243 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/replacements/versions.yaml @@ -0,0 +1,30 @@ +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: baremetal-operator-versions-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: localhost/replacement-transformer +replacements: +# Container versions for the ironic Deployment +- source: + objref: + kind: VersionsCatalogue + name: versions-airshipctl + fieldref: "{.spec.images.baremetal_operator.metal3_baremetal_operator.baremetal_operator.image}" + target: + objref: + kind: Deployment + name: baremetal-operator-controller-manager + fieldrefs: ["{.spec.template.spec.containers[?(.name == 'manager')].image}"] +- source: + objref: + kind: VersionsCatalogue + name: versions-airshipctl + fieldref: "{.spec.images.baremetal_operator.metal3_baremetal_operator.kube_rbac_proxy.image}" + target: + objref: + kind: Deployment + name: baremetal-operator-controller-manager + fieldrefs: ["{.spec.template.spec.containers[?(.name == 'kube-rbac-proxy')].image}"] diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/basic-auth/default/credentials_patch.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/basic-auth/default/credentials_patch.yaml new file mode 100644 index 000000000..c3a600f7e --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/basic-auth/default/credentials_patch.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + volumeMounts: + - name: ironic-credentials + mountPath: "/opt/metal3/auth/ironic" + readOnly: true + - name: ironic-inspector-credentials + mountPath: "/opt/metal3/auth/ironic-inspector" + readOnly: true + volumes: + - name: ironic-credentials + secret: + secretName: ironic-credentials + - name: ironic-inspector-credentials + secret: + secretName: ironic-inspector-credentials diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/basic-auth/default/kustomization.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/basic-auth/default/kustomization.yaml new file mode 100644 index 000000000..c444c0ab8 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/basic-auth/default/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: baremetal-operator-system +resources: +- ../../default +- ../../namespace + +secretGenerator: + - name: ironic-credentials + files: + - username=ironic-username + - password=ironic-password + - name: ironic-inspector-credentials + files: + - username=ironic-inspector-username + - password=ironic-inspector-password + +patchesStrategicMerge: +- credentials_patch.yaml \ No newline at end of file diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/basic-auth/tls/credentials_patch.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/basic-auth/tls/credentials_patch.yaml new file mode 100644 index 000000000..c3a600f7e --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/basic-auth/tls/credentials_patch.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + volumeMounts: + - name: ironic-credentials + mountPath: "/opt/metal3/auth/ironic" + readOnly: true + - name: ironic-inspector-credentials + mountPath: "/opt/metal3/auth/ironic-inspector" + readOnly: true + volumes: + - name: ironic-credentials + secret: + secretName: ironic-credentials + - name: ironic-inspector-credentials + secret: + secretName: ironic-inspector-credentials diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/basic-auth/tls/kustomization.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/basic-auth/tls/kustomization.yaml new file mode 100644 index 000000000..8110f3a35 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/basic-auth/tls/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: baremetal-operator-system +resources: +- ../../tls + +secretGenerator: + - name: ironic-credentials + files: + - username=ironic-username + - password=ironic-password + - name: ironic-inspector-credentials + files: + - username=ironic-inspector-username + - password=ironic-inspector-password + +patchesStrategicMerge: +- credentials_patch.yaml \ No newline at end of file diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/certmanager/certificate.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/certmanager/certificate.yaml new file mode 100644 index 000000000..7bc66bd29 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/certmanager/certificate.yaml @@ -0,0 +1,26 @@ +# The following manifests contain a self-signed issuer CR and a certificate CR. +# More document can be found at https://docs.cert-manager.io +# WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for +# breaking changes +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-issuer + namespace: system +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml + namespace: system +spec: + # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize + dnsNames: + - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc + - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local + issuerRef: + kind: Issuer + name: selfsigned-issuer + secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/certmanager/kustomization.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/certmanager/kustomization.yaml new file mode 100644 index 000000000..bebea5a59 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/certmanager/kustomization.yaml @@ -0,0 +1,5 @@ +resources: +- certificate.yaml + +configurations: +- kustomizeconfig.yaml diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/certmanager/kustomizeconfig.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/certmanager/kustomizeconfig.yaml new file mode 100644 index 000000000..e631f7773 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/certmanager/kustomizeconfig.yaml @@ -0,0 +1,16 @@ +# This configuration is for teaching kustomize how to update name ref and var substitution +nameReference: +- kind: Issuer + group: cert-manager.io + fieldSpecs: + - kind: Certificate + group: cert-manager.io + path: spec/issuerRef/name + +varReference: +- kind: Certificate + group: cert-manager.io + path: spec/commonName +- kind: Certificate + group: cert-manager.io + path: spec/dnsNames diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/crd/bases/metal3.io_baremetalhosts.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/bases/metal3.io_baremetalhosts.yaml new file mode 100644 index 000000000..a6b66f4c1 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/bases/metal3.io_baremetalhosts.yaml @@ -0,0 +1,1086 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: baremetalhosts.metal3.io +spec: + group: metal3.io + names: + kind: BareMetalHost + listKind: BareMetalHostList + plural: baremetalhosts + shortNames: + - bmh + - bmhost + singular: baremetalhost + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Operational status + jsonPath: .status.operationalStatus + name: Status + priority: 1 + type: string + - description: Provisioning status + jsonPath: .status.provisioning.state + name: State + type: string + - description: Consumer using this host + jsonPath: .spec.consumerRef.name + name: Consumer + type: string + - description: Address of management controller + jsonPath: .spec.bmc.address + name: BMC + priority: 1 + type: string + - description: The type of hardware detected + jsonPath: .status.hardwareProfile + name: Hardware_Profile + priority: 1 + type: string + - description: Whether the host is online or not + jsonPath: .spec.online + name: Online + type: string + - description: Type of the most recent error + jsonPath: .status.errorType + name: Error + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: BareMetalHost is the Schema for the baremetalhosts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BareMetalHostSpec defines the desired state of BareMetalHost + properties: + automatedCleaningMode: + default: metadata + description: When set to disabled, automated cleaning will be avoided + during provisioning and deprovisioning. + enum: + - metadata + - disabled + type: string + bmc: + description: How do we connect to the BMC? + properties: + address: + description: Address holds the URL for accessing the controller + on the network. + type: string + credentialsName: + description: The name of the secret containing the BMC credentials + (requires keys "username" and "password"). + type: string + disableCertificateVerification: + description: DisableCertificateVerification disables verification + of server certificates when using HTTPS to connect to the BMC. + This is required when the server certificate is self-signed, + but is insecure because it allows a man-in-the-middle to intercept + the connection. + type: boolean + required: + - address + - credentialsName + type: object + bootMACAddress: + description: Which MAC address will PXE boot? This is optional for + some types, but required for libvirt VMs driven by vbmc. + pattern: '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}' + type: string + bootMode: + description: Select the method of initializing the hardware during + boot. Defaults to UEFI. + enum: + - UEFI + - UEFISecureBoot + - legacy + type: string + consumerRef: + description: ConsumerRef can be used to store information about something + that is using a host. When it is not empty, the host is considered + "in use". + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + customDeploy: + description: A custom deploy procedure. + properties: + method: + description: Custom deploy method name. This name is specific + to the deploy ramdisk used. If you don't have a custom deploy + ramdisk, you shouldn't use CustomDeploy. + type: string + required: + - method + type: object + description: + description: Description is a human-entered text used to help identify + the host + type: string + externallyProvisioned: + description: ExternallyProvisioned means something else is managing + the image running on the host and the operator should only manage + the power status and hardware inventory inspection. If the Image + field is filled in, this field is ignored. + type: boolean + firmware: + description: BIOS configuration for bare metal server + properties: + simultaneousMultithreadingEnabled: + description: 'Allows a single physical processor core to appear + as several logical processors. This supports following options: + true, false.' + enum: + - true + - false + type: boolean + sriovEnabled: + description: 'SR-IOV support enables a hypervisor to create virtual + instances of a PCI-express device, potentially increasing performance. + This supports following options: true, false.' + enum: + - true + - false + type: boolean + virtualizationEnabled: + description: 'Supports the virtualization of platform hardware. + This supports following options: true, false.' + enum: + - true + - false + type: boolean + type: object + hardwareProfile: + description: What is the name of the hardware profile for this host? + It should only be necessary to set this when inspection cannot automatically + determine the profile. + type: string + image: + description: Image holds the details of the image to be provisioned. + properties: + checksum: + description: Checksum is the checksum for the image. + type: string + checksumType: + description: ChecksumType is the checksum algorithm for the image. + e.g md5, sha256, sha512 + enum: + - md5 + - sha256 + - sha512 + type: string + format: + description: DiskFormat contains the format of the image (raw, + qcow2, ...). Needs to be set to raw for raw images streaming. + Note live-iso means an iso referenced by the url will be live-booted + and not deployed to disk, and in this case the checksum options + are not required and if specified will be ignored. + enum: + - raw + - qcow2 + - vdi + - vmdk + - live-iso + type: string + url: + description: URL is a location of an image to deploy. + type: string + required: + - url + type: object + metaData: + description: MetaData holds the reference to the Secret containing + host metadata (e.g. meta_data.json which is passed to Config Drive). + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + networkData: + description: NetworkData holds the reference to the Secret containing + network configuration (e.g content of network_data.json which is + passed to Config Drive). + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + online: + description: Should the server be online? + type: boolean + raid: + description: RAID configuration for bare metal server + properties: + hardwareRAIDVolumes: + description: The list of logical disks for hardware RAID, if rootDeviceHints + isn't used, first volume is root volume. You can set the value + of this field to `[]` to clear all the hardware RAID configurations. + items: + description: HardwareRAIDVolume defines the desired configuration + of volume in hardware RAID + properties: + level: + description: 'RAID level for the logical disk. The following + levels are supported: 0;1;2;5;6;1+0;5+0;6+0.' + enum: + - "0" + - "1" + - "2" + - "5" + - "6" + - 1+0 + - 5+0 + - 6+0 + type: string + name: + description: Name of the volume. Should be unique within + the Node. If not specified, volume name will be auto-generated. + maxLength: 64 + type: string + numberOfPhysicalDisks: + description: Integer, number of physical disks to use for + the logical disk. Defaults to minimum number of disks + required for the particular RAID level. + minimum: 1 + type: integer + rotational: + description: Select disks with only rotational or solid-state + storage + type: boolean + sizeGibibytes: + description: Size (Integer) of the logical disk to be created + in GiB. If unspecified or set be 0, the maximum capacity + of disk will be used for logical disk. + minimum: 0 + type: integer + required: + - level + type: object + type: array + softwareRAIDVolumes: + description: The list of logical disks for software RAID, if rootDeviceHints + isn't used, first volume is root volume. If HardwareRAIDVolumes + is set this item will be invalid. The number of created Software + RAID devices must be 1 or 2. If there is only one Software RAID + device, it has to be a RAID-1. If there are two, the first one + has to be a RAID-1, while the RAID level for the second one + can be 0, 1, or 1+0. As the first RAID device will be the deployment + device, enforcing a RAID-1 reduces the risk of ending up with + a non-booting node in case of a disk failure. Software RAID + will always be deleted. + items: + description: SoftwareRAIDVolume defines the desired configuration + of volume in software RAID + properties: + level: + description: 'RAID level for the logical disk. The following + levels are supported: 0;1;1+0.' + enum: + - "0" + - "1" + - 1+0 + type: string + physicalDisks: + description: A list of device hints, the number of items + should be greater than or equal to 2. + items: + description: RootDeviceHints holds the hints for specifying + the storage location for the root filesystem for the + image. + properties: + deviceName: + description: A Linux device name like "/dev/vda". + The hint must match the actual value exactly. + type: string + hctl: + description: A SCSI bus address like 0:0:0:0. The + hint must match the actual value exactly. + type: string + minSizeGigabytes: + description: The minimum size of the device in Gigabytes. + minimum: 0 + type: integer + model: + description: A vendor-specific device identifier. + The hint can be a substring of the actual value. + type: string + rotational: + description: True if the device should use spinning + media, false otherwise. + type: boolean + serialNumber: + description: Device serial number. The hint must match + the actual value exactly. + type: string + vendor: + description: The name of the vendor or manufacturer + of the device. The hint can be a substring of the + actual value. + type: string + wwn: + description: Unique storage identifier. The hint must + match the actual value exactly. + type: string + wwnVendorExtension: + description: Unique vendor storage identifier. The + hint must match the actual value exactly. + type: string + wwnWithExtension: + description: Unique storage identifier with the vendor + extension appended. The hint must match the actual + value exactly. + type: string + type: object + minItems: 2 + type: array + sizeGibibytes: + description: Size (Integer) of the logical disk to be created + in GiB. If unspecified or set be 0, the maximum capacity + of disk will be used for logical disk. + minimum: 0 + type: integer + required: + - level + type: object + maxItems: 2 + type: array + type: object + rootDeviceHints: + description: Provide guidance about how to choose the device for the + image being provisioned. + properties: + deviceName: + description: A Linux device name like "/dev/vda". The hint must + match the actual value exactly. + type: string + hctl: + description: A SCSI bus address like 0:0:0:0. The hint must match + the actual value exactly. + type: string + minSizeGigabytes: + description: The minimum size of the device in Gigabytes. + minimum: 0 + type: integer + model: + description: A vendor-specific device identifier. The hint can + be a substring of the actual value. + type: string + rotational: + description: True if the device should use spinning media, false + otherwise. + type: boolean + serialNumber: + description: Device serial number. The hint must match the actual + value exactly. + type: string + vendor: + description: The name of the vendor or manufacturer of the device. + The hint can be a substring of the actual value. + type: string + wwn: + description: Unique storage identifier. The hint must match the + actual value exactly. + type: string + wwnVendorExtension: + description: Unique vendor storage identifier. The hint must match + the actual value exactly. + type: string + wwnWithExtension: + description: Unique storage identifier with the vendor extension + appended. The hint must match the actual value exactly. + type: string + type: object + taints: + description: Taints is the full, authoritative list of taints to apply + to the corresponding Machine. This list will overwrite any modifications + made to the Machine on an ongoing basis. + items: + description: The node this Taint is attached to has the "effect" + on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods that + do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which the taint + was added. It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint key. + type: string + required: + - effect + - key + type: object + type: array + userData: + description: UserData holds the reference to the Secret containing + the user data to be passed to the host before it boots. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + required: + - online + type: object + status: + description: BareMetalHostStatus defines the observed state of BareMetalHost + properties: + errorCount: + default: 0 + description: ErrorCount records how many times the host has encoutered + an error since the last successful operation + type: integer + errorMessage: + description: the last error message reported by the provisioning subsystem + type: string + errorType: + description: ErrorType indicates the type of failure encountered when + the OperationalStatus is OperationalStatusError + enum: + - provisioned registration error + - registration error + - inspection error + - preparation error + - provisioning error + - power management error + type: string + goodCredentials: + description: the last credentials we were able to validate as working + properties: + credentials: + description: SecretReference represents a Secret Reference. It + has enough information to retrieve secret in any namespace + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which the + secret name must be unique. + type: string + type: object + credentialsVersion: + type: string + type: object + hardware: + description: The hardware discovered to exist on the host. + properties: + cpu: + description: CPU describes one processor on the host. + properties: + arch: + type: string + clockMegahertz: + description: ClockSpeed is a clock speed in MHz + format: double + type: number + count: + type: integer + flags: + items: + type: string + type: array + model: + type: string + type: object + firmware: + description: Firmware describes the firmware on the host. + properties: + bios: + description: The BIOS for this firmware + properties: + date: + description: The release/build date for this BIOS + type: string + vendor: + description: The vendor name for this BIOS + type: string + version: + description: The version of the BIOS + type: string + type: object + type: object + hostname: + type: string + nics: + items: + description: NIC describes one network interface on the host. + properties: + ip: + description: The IP address of the interface. This will + be an IPv4 or IPv6 address if one is present. If both + IPv4 and IPv6 addresses are present in a dual-stack environment, + two nics will be output, one with each IP. + type: string + mac: + description: The device MAC address + pattern: '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}' + type: string + model: + description: The vendor and product IDs of the NIC, e.g. + "0x8086 0x1572" + type: string + name: + description: The name of the network interface, e.g. "en0" + type: string + pxe: + description: Whether the NIC is PXE Bootable + type: boolean + speedGbps: + description: The speed of the device in Gigabits per second + type: integer + vlanId: + description: The untagged VLAN ID + format: int32 + maximum: 4094 + minimum: 0 + type: integer + vlans: + description: The VLANs available + items: + description: VLAN represents the name and ID of a VLAN + properties: + id: + description: VLANID is a 12-bit 802.1Q VLAN identifier + format: int32 + maximum: 4094 + minimum: 0 + type: integer + name: + type: string + type: object + type: array + type: object + type: array + ramMebibytes: + type: integer + storage: + items: + description: Storage describes one storage device (disk, SSD, + etc.) on the host. + properties: + hctl: + description: The SCSI location of the device + type: string + model: + description: Hardware model + type: string + name: + description: The Linux device name of the disk, e.g. "/dev/sda". + Note that this may not be stable across reboots. + type: string + rotational: + description: Whether this disk represents rotational storage. + This field is not recommended for usage, please prefer + using 'Type' field instead, this field will be deprecated + eventually. + type: boolean + serialNumber: + description: The serial number of the device + type: string + sizeBytes: + description: The size of the disk in Bytes + format: int64 + type: integer + type: + description: 'Device type, one of: HDD, SSD, NVME.' + enum: + - HDD + - SSD + - NVME + type: string + vendor: + description: The name of the vendor of the device + type: string + wwn: + description: The WWN of the device + type: string + wwnVendorExtension: + description: The WWN Vendor extension of the device + type: string + wwnWithExtension: + description: The WWN with the extension + type: string + type: object + type: array + systemVendor: + description: HardwareSystemVendor stores details about the whole + hardware system. + properties: + manufacturer: + type: string + productName: + type: string + serialNumber: + type: string + type: object + type: object + hardwareProfile: + description: The name of the profile matching the hardware details. + type: string + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + operationHistory: + description: OperationHistory holds information about operations performed + on this host. + properties: + deprovision: + description: OperationMetric contains metadata about an operation + (inspection, provisioning, etc.) used for tracking metrics. + properties: + end: + format: date-time + nullable: true + type: string + start: + format: date-time + nullable: true + type: string + type: object + inspect: + description: OperationMetric contains metadata about an operation + (inspection, provisioning, etc.) used for tracking metrics. + properties: + end: + format: date-time + nullable: true + type: string + start: + format: date-time + nullable: true + type: string + type: object + provision: + description: OperationMetric contains metadata about an operation + (inspection, provisioning, etc.) used for tracking metrics. + properties: + end: + format: date-time + nullable: true + type: string + start: + format: date-time + nullable: true + type: string + type: object + register: + description: OperationMetric contains metadata about an operation + (inspection, provisioning, etc.) used for tracking metrics. + properties: + end: + format: date-time + nullable: true + type: string + start: + format: date-time + nullable: true + type: string + type: object + type: object + operationalStatus: + description: OperationalStatus holds the status of the host + enum: + - "" + - OK + - discovered + - error + - delayed + - detached + type: string + poweredOn: + description: indicator for whether or not the host is powered on + type: boolean + provisioning: + description: Information tracked by the provisioner. + properties: + ID: + description: The machine's UUID from the underlying provisioning + tool + type: string + bootMode: + description: BootMode indicates the boot mode used to provision + the node + enum: + - UEFI + - UEFISecureBoot + - legacy + type: string + customDeploy: + description: Custom deploy procedure applied to the host. + properties: + method: + description: Custom deploy method name. This name is specific + to the deploy ramdisk used. If you don't have a custom deploy + ramdisk, you shouldn't use CustomDeploy. + type: string + required: + - method + type: object + firmware: + description: The Bios set by the user + properties: + simultaneousMultithreadingEnabled: + description: 'Allows a single physical processor core to appear + as several logical processors. This supports following options: + true, false.' + enum: + - true + - false + type: boolean + sriovEnabled: + description: 'SR-IOV support enables a hypervisor to create + virtual instances of a PCI-express device, potentially increasing + performance. This supports following options: true, false.' + enum: + - true + - false + type: boolean + virtualizationEnabled: + description: 'Supports the virtualization of platform hardware. + This supports following options: true, false.' + enum: + - true + - false + type: boolean + type: object + image: + description: Image holds the details of the last image successfully + provisioned to the host. + properties: + checksum: + description: Checksum is the checksum for the image. + type: string + checksumType: + description: ChecksumType is the checksum algorithm for the + image. e.g md5, sha256, sha512 + enum: + - md5 + - sha256 + - sha512 + type: string + format: + description: DiskFormat contains the format of the image (raw, + qcow2, ...). Needs to be set to raw for raw images streaming. + Note live-iso means an iso referenced by the url will be + live-booted and not deployed to disk, and in this case the + checksum options are not required and if specified will + be ignored. + enum: + - raw + - qcow2 + - vdi + - vmdk + - live-iso + type: string + url: + description: URL is a location of an image to deploy. + type: string + required: + - url + type: object + raid: + description: The Raid set by the user + properties: + hardwareRAIDVolumes: + description: The list of logical disks for hardware RAID, + if rootDeviceHints isn't used, first volume is root volume. + You can set the value of this field to `[]` to clear all + the hardware RAID configurations. + items: + description: HardwareRAIDVolume defines the desired configuration + of volume in hardware RAID + properties: + level: + description: 'RAID level for the logical disk. The following + levels are supported: 0;1;2;5;6;1+0;5+0;6+0.' + enum: + - "0" + - "1" + - "2" + - "5" + - "6" + - 1+0 + - 5+0 + - 6+0 + type: string + name: + description: Name of the volume. Should be unique within + the Node. If not specified, volume name will be auto-generated. + maxLength: 64 + type: string + numberOfPhysicalDisks: + description: Integer, number of physical disks to use + for the logical disk. Defaults to minimum number of + disks required for the particular RAID level. + minimum: 1 + type: integer + rotational: + description: Select disks with only rotational or solid-state + storage + type: boolean + sizeGibibytes: + description: Size (Integer) of the logical disk to be + created in GiB. If unspecified or set be 0, the maximum + capacity of disk will be used for logical disk. + minimum: 0 + type: integer + required: + - level + type: object + type: array + softwareRAIDVolumes: + description: The list of logical disks for software RAID, + if rootDeviceHints isn't used, first volume is root volume. + If HardwareRAIDVolumes is set this item will be invalid. + The number of created Software RAID devices must be 1 or + 2. If there is only one Software RAID device, it has to + be a RAID-1. If there are two, the first one has to be a + RAID-1, while the RAID level for the second one can be 0, + 1, or 1+0. As the first RAID device will be the deployment + device, enforcing a RAID-1 reduces the risk of ending up + with a non-booting node in case of a disk failure. Software + RAID will always be deleted. + items: + description: SoftwareRAIDVolume defines the desired configuration + of volume in software RAID + properties: + level: + description: 'RAID level for the logical disk. The following + levels are supported: 0;1;1+0.' + enum: + - "0" + - "1" + - 1+0 + type: string + physicalDisks: + description: A list of device hints, the number of items + should be greater than or equal to 2. + items: + description: RootDeviceHints holds the hints for specifying + the storage location for the root filesystem for + the image. + properties: + deviceName: + description: A Linux device name like "/dev/vda". + The hint must match the actual value exactly. + type: string + hctl: + description: A SCSI bus address like 0:0:0:0. + The hint must match the actual value exactly. + type: string + minSizeGigabytes: + description: The minimum size of the device in + Gigabytes. + minimum: 0 + type: integer + model: + description: A vendor-specific device identifier. + The hint can be a substring of the actual value. + type: string + rotational: + description: True if the device should use spinning + media, false otherwise. + type: boolean + serialNumber: + description: Device serial number. The hint must + match the actual value exactly. + type: string + vendor: + description: The name of the vendor or manufacturer + of the device. The hint can be a substring of + the actual value. + type: string + wwn: + description: Unique storage identifier. The hint + must match the actual value exactly. + type: string + wwnVendorExtension: + description: Unique vendor storage identifier. + The hint must match the actual value exactly. + type: string + wwnWithExtension: + description: Unique storage identifier with the + vendor extension appended. The hint must match + the actual value exactly. + type: string + type: object + minItems: 2 + type: array + sizeGibibytes: + description: Size (Integer) of the logical disk to be + created in GiB. If unspecified or set be 0, the maximum + capacity of disk will be used for logical disk. + minimum: 0 + type: integer + required: + - level + type: object + maxItems: 2 + type: array + type: object + rootDeviceHints: + description: The RootDevicehints set by the user + properties: + deviceName: + description: A Linux device name like "/dev/vda". The hint + must match the actual value exactly. + type: string + hctl: + description: A SCSI bus address like 0:0:0:0. The hint must + match the actual value exactly. + type: string + minSizeGigabytes: + description: The minimum size of the device in Gigabytes. + minimum: 0 + type: integer + model: + description: A vendor-specific device identifier. The hint + can be a substring of the actual value. + type: string + rotational: + description: True if the device should use spinning media, + false otherwise. + type: boolean + serialNumber: + description: Device serial number. The hint must match the + actual value exactly. + type: string + vendor: + description: The name of the vendor or manufacturer of the + device. The hint can be a substring of the actual value. + type: string + wwn: + description: Unique storage identifier. The hint must match + the actual value exactly. + type: string + wwnVendorExtension: + description: Unique vendor storage identifier. The hint must + match the actual value exactly. + type: string + wwnWithExtension: + description: Unique storage identifier with the vendor extension + appended. The hint must match the actual value exactly. + type: string + type: object + state: + description: An indiciator for what the provisioner is doing with + the host. + type: string + required: + - ID + - state + type: object + triedCredentials: + description: the last credentials we sent to the provisioning backend + properties: + credentials: + description: SecretReference represents a Secret Reference. It + has enough information to retrieve secret in any namespace + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which the + secret name must be unique. + type: string + type: object + credentialsVersion: + type: string + type: object + required: + - errorCount + - errorMessage + - hardwareProfile + - operationalStatus + - poweredOn + - provisioning + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/crd/bases/metal3.io_firmwareschemas.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/bases/metal3.io_firmwareschemas.yaml new file mode 100644 index 000000000..2b25ca2b8 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/bases/metal3.io_firmwareschemas.yaml @@ -0,0 +1,100 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: firmwareschemas.metal3.io +spec: + group: metal3.io + names: + kind: FirmwareSchema + listKind: FirmwareSchemaList + plural: firmwareschemas + singular: firmwareschema + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FirmwareSchema is the Schema for the firmwareschemas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FirmwareSchemaSpec defines the desired state of FirmwareSchema + properties: + hardwareModel: + description: The hardware model associated with this schema + type: string + hardwareVendor: + description: The hardware vendor associated with this schema + type: string + schema: + additionalProperties: + description: Additional data describing the firmware setting + properties: + allowable_values: + description: The allowable value for an Enumeration type setting. + items: + type: string + type: array + attribute_type: + description: The type of setting. + enum: + - Enumeration + - String + - Integer + - Boolean + - Password + type: string + lower_bound: + description: The lowest value for an Integer type setting. + type: integer + max_length: + description: Maximum length for a String type setting. + type: integer + min_length: + description: Minimum length for a String type setting. + type: integer + read_only: + description: Whether or not this setting is read only. + type: boolean + reset_required: + description: Whether or not a reset is required after changing + this setting. + type: boolean + unique: + description: Whether or not this setting's value is unique to + this node, e.g. a serial number. + type: boolean + upper_bound: + description: The highest value for an Integer type setting. + type: integer + type: object + description: Map of firmware name to schema + type: object + required: + - schema + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/crd/bases/metal3.io_hostfirmwaresettings.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/bases/metal3.io_hostfirmwaresettings.yaml new file mode 100644 index 000000000..b738802e5 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/bases/metal3.io_hostfirmwaresettings.yaml @@ -0,0 +1,93 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: hostfirmwaresettings.metal3.io +spec: + group: metal3.io + names: + kind: HostFirmwareSettings + listKind: HostFirmwareSettingsList + plural: hostfirmwaresettings + singular: hostfirmwaresettings + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: HostFirmwareSettings is the Schema for the hostfirmwaresettings + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HostFirmwareSettingsSpec defines the desired state of HostFirmwareSettings + properties: + settings: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + description: Settings are the desired firmware settings stored as + name/value pairs. This will be populated with the actual firmware + settings and only contain the settings that can be modified (i.e. + not ReadOnly), to facilitate making changes. + type: object + required: + - settings + type: object + status: + description: HostFirmwareSettingsStatus defines the observed state of + HostFirmwareSettings + properties: + schema: + description: FirmwareSchema is a reference to the Schema used to describe + each FirmwareSetting. By default, this will be a Schema in the same + Namespace as the settings but it can be overwritten in the Spec + properties: + name: + description: '`name` is the reference to the schema.' + type: string + namespace: + description: '`namespace` is the namespace of the where the schema + is stored.' + type: string + required: + - name + - namespace + type: object + settings: + additionalProperties: + type: string + description: Settings are the actual firmware settings stored as name/value + pairs + type: object + required: + - settings + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/crd/kustomization.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/kustomization.yaml new file mode 100644 index 000000000..29db00a2b --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/kustomization.yaml @@ -0,0 +1,27 @@ +# This kustomization.yaml is not intended to be run by itself, +# since it depends on service name and namespace that are out of this kustomize package. +# It should be run by config/default +resources: +- bases/metal3.io_baremetalhosts.yaml +- bases/metal3.io_hostfirmwaresettings.yaml +- bases/metal3.io_firmwareschemas.yaml +# +kubebuilder:scaffold:crdkustomizeresource + +patchesStrategicMerge: +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. +# patches here are for enabling the conversion webhook for each CRD +#- patches/webhook_in_baremetalhosts.yaml +#- patches/webhook_in_hostfirmwaresettings.yaml +#- patches/webhook_in_firmwareschemas.yaml +# +kubebuilder:scaffold:crdkustomizewebhookpatch + +# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. +# patches here are for enabling the CA injection for each CRD +#- patches/cainjection_in_baremetalhosts.yaml +#- patches/cainjection_in_hostfirmwaresettings.yaml +#- patches/cainjection_in_firmwareschemas.yaml +# +kubebuilder:scaffold:crdkustomizecainjectionpatch + +# the following config is for teaching kustomize how to do kustomization for CRDs. +configurations: +- kustomizeconfig.yaml diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/crd/kustomizeconfig.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/kustomizeconfig.yaml new file mode 100644 index 000000000..6f83d9a94 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/kustomizeconfig.yaml @@ -0,0 +1,17 @@ +# This file is for teaching kustomize how to substitute name and namespace reference in CRD +nameReference: +- kind: Service + version: v1 + fieldSpecs: + - kind: CustomResourceDefinition + group: apiextensions.k8s.io + path: spec/conversion/webhookClientConfig/service/name + +namespace: +- kind: CustomResourceDefinition + group: apiextensions.k8s.io + path: spec/conversion/webhookClientConfig/service/namespace + create: false + +varReference: +- path: metadata/annotations diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/crd/patches/cainjection_in_baremetalhosts.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/patches/cainjection_in_baremetalhosts.yaml new file mode 100644 index 000000000..6c3666e7e --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/patches/cainjection_in_baremetalhosts.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: baremetalhosts.metal3.io diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/crd/patches/cainjection_in_firmwareschemas.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/patches/cainjection_in_firmwareschemas.yaml new file mode 100644 index 000000000..b32d147bf --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/patches/cainjection_in_firmwareschemas.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: firmwareschemas.metal3.io diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/crd/patches/cainjection_in_hostfirmwaresettings.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/patches/cainjection_in_hostfirmwaresettings.yaml new file mode 100644 index 000000000..2ab9f428a --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/patches/cainjection_in_hostfirmwaresettings.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: hostfirmwaresettings.metal3.io diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/crd/patches/webhook_in_baremetalhosts.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/patches/webhook_in_baremetalhosts.yaml new file mode 100644 index 000000000..d99d8f138 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/patches/webhook_in_baremetalhosts.yaml @@ -0,0 +1,17 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: baremetalhosts.metal3.io +spec: + conversion: + strategy: Webhook + webhookClientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/crd/patches/webhook_in_firmwareschemas.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/patches/webhook_in_firmwareschemas.yaml new file mode 100644 index 000000000..2744739c3 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/patches/webhook_in_firmwareschemas.yaml @@ -0,0 +1,17 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: firmwareschemas.metal3.io +spec: + conversion: + strategy: Webhook + webhookClientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/crd/patches/webhook_in_hostfirmwaresettings.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/patches/webhook_in_hostfirmwaresettings.yaml new file mode 100644 index 000000000..738708488 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/crd/patches/webhook_in_hostfirmwaresettings.yaml @@ -0,0 +1,17 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: hostfirmwaresettings.metal3.io +spec: + conversion: + strategy: Webhook + webhookClientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/default/ironic.env b/manifests/function/baremetal-operator/v0.5.0/upstream/default/ironic.env new file mode 100644 index 000000000..ff5ac9021 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/default/ironic.env @@ -0,0 +1,22 @@ +# Overrideable via the `replacements` entrypoint and networking catalogue +HTTP_PROXY="" +HTTPS_PROXY="" +http_proxy="" +https_proxy="" +NO_PROXY="" +no_proxy="" + +# Overrideable via the `replacements` entrypoint and networking catalogue +PROVISIONING_INTERFACE=pxe +PROVISIONING_IP=192.168.10.100 +HTTP_PORT=80 +DHCP_RANGE=10.23.24.200,10.23.24.250 + +# Additional Baremetal Operator values overridable via the `replacements` entrypoint +# and networking catalogue +DEPLOY_KERNEL_URL=http://PROVISIONING_IP:HTTP_PORT/images/ipa-ubuntu-master.kernel +DEPLOY_RAMDISK_URL=http://PROVISIONING_IP:HTTP_PORT/images/ipa-ubuntu-master.initramfs +IRONIC_ENDPOINT=http://PROVISIONING_IP:6385/v1/ +IRONIC_INSPECTOR_ENDPOINT=http://PROVISIONING_IP:5050/v1/ +# CACHEURL=http://172.22.0.1/images +IRONIC_FAST_TRACK=true diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/default/kustomization.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/default/kustomization.yaml new file mode 100644 index 000000000..4ff0bbd88 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/default/kustomization.yaml @@ -0,0 +1,66 @@ +# Adds namespace to all resources. +namespace: baremetal-operator-system + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +namePrefix: baremetal-operator- + +# Labels to add to all resources and selectors. +#commonLabels: +# someName: someValue + +bases: +- ../crd +- ../rbac +- ../manager +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# crd/kustomization.yaml +- ../webhook +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. +- ../certmanager +# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. +#- ../prometheus + +patchesStrategicMerge: + # Protect the /metrics endpoint by putting it behind auth. + # If you want your controller-manager to expose the /metrics + # endpoint w/o any authn/z, please comment the following line. +- manager_auth_proxy_patch.yaml + +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# crd/kustomization.yaml +- manager_webhook_patch.yaml + +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. +# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. +# 'CERTMANAGER' needs to be enabled to use ca injection +- webhookcainjection_patch.yaml + +# the following config is for teaching kustomize how to do var substitution +vars: +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. +- name: SERVICE_NAMESPACE # namespace of the service + objref: + kind: Service + version: v1 + name: webhook-service + fieldref: + fieldpath: metadata.namespace +- name: SERVICE_NAME + objref: + kind: Service + version: v1 + name: webhook-service + +# Add ironic configmap-generator +generatorOptions: + disableNameSuffixHash: true + +configMapGenerator: +- behavior: create + envs: + - ironic.env + name: ironic diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/default/manager_auth_proxy_patch.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/default/manager_auth_proxy_patch.yaml new file mode 100644 index 000000000..9ace727e7 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/default/manager_auth_proxy_patch.yaml @@ -0,0 +1,25 @@ +# This patch inject a sidecar container which is a HTTP proxy for the +# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: kube-rbac-proxy + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8085/" + - "--logtostderr=true" + - "--v=10" + ports: + - containerPort: 8443 + name: https + - name: manager + args: + - "--metrics-addr=127.0.0.1:8085" + - "--enable-leader-election" diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/default/manager_webhook_patch.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/default/manager_webhook_patch.yaml new file mode 100644 index 000000000..738de350b --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/default/manager_webhook_patch.yaml @@ -0,0 +1,23 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/default/webhookcainjection_patch.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/default/webhookcainjection_patch.yaml new file mode 100644 index 000000000..0f5e1a927 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/default/webhookcainjection_patch.yaml @@ -0,0 +1,15 @@ +# This patch add annotation to admission webhook config and +# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. +#apiVersion: admissionregistration.k8s.io/v1 +#kind: MutatingWebhookConfiguration +#metadata: +#name: mutating-webhook-configuration +#annotations: +#cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) +#--- +#apiVersion: admissionregistration.k8s.io/v1 +#kind: ValidatingWebhookConfiguration +#metadata: +#name: validating-webhook-configuration +#annotations: +#cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/manager/kustomization.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/manager/kustomization.yaml new file mode 100644 index 000000000..5c5f0b84c --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/manager/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- manager.yaml diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/manager/manager.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/manager/manager.yaml new file mode 100644 index 000000000..b7f9601f1 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/manager/manager.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system + labels: + control-plane: controller-manager +spec: + selector: + matchLabels: + control-plane: controller-manager + replicas: 1 + template: + metadata: + labels: + control-plane: controller-manager + spec: + containers: + - command: + - /baremetal-operator + args: + - --enable-leader-election + image: quay.io/metal3-io/baremetal-operator + imagePullPolicy: Always + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: ironic + name: manager + livenessProbe: + httpGet: + path: /healthz + port: 9440 + initialDelaySeconds: 3 + periodSeconds: 3 + terminationGracePeriodSeconds: 10 diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/namespace/kustomization.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/namespace/kustomization.yaml new file mode 100644 index 000000000..e9d8c4886 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/namespace/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- namespace.yaml \ No newline at end of file diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/namespace/namespace.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/namespace/namespace.yaml new file mode 100644 index 000000000..50a4d0feb --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/namespace/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + name: baremetal-operator-system \ No newline at end of file diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/prometheus/kustomization.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/prometheus/kustomization.yaml new file mode 100644 index 000000000..ed137168a --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/prometheus/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- monitor.yaml diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/prometheus/monitor.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/prometheus/monitor.yaml new file mode 100644 index 000000000..9b8047b76 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/prometheus/monitor.yaml @@ -0,0 +1,16 @@ + +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - path: /metrics + port: https + selector: + matchLabels: + control-plane: controller-manager diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/auth_proxy_client_clusterrole.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/auth_proxy_client_clusterrole.yaml new file mode 100644 index 000000000..7d62534c5 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/auth_proxy_client_clusterrole.yaml @@ -0,0 +1,7 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: metrics-reader +rules: +- nonResourceURLs: ["/metrics"] + verbs: ["get"] diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/auth_proxy_role.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/auth_proxy_role.yaml new file mode 100644 index 000000000..618f5e417 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/auth_proxy_role.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: proxy-role +rules: +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: + - subjectaccessreviews + verbs: ["create"] diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/auth_proxy_role_binding.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/auth_proxy_role_binding.yaml new file mode 100644 index 000000000..48ed1e4b8 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/auth_proxy_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: proxy-role +subjects: +- kind: ServiceAccount + name: default + namespace: system diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/auth_proxy_service.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/auth_proxy_service.yaml new file mode 100644 index 000000000..6cf656be1 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/auth_proxy_service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-service + namespace: system +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/baremetalhost_editor_role.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/baremetalhost_editor_role.yaml new file mode 100644 index 000000000..3595a72cc --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/baremetalhost_editor_role.yaml @@ -0,0 +1,24 @@ +# permissions for end users to edit baremetalhosts. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: baremetalhost-editor-role +rules: +- apiGroups: + - metal3.io + resources: + - baremetalhosts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - metal3.io + resources: + - baremetalhosts/status + verbs: + - get diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/baremetalhost_viewer_role.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/baremetalhost_viewer_role.yaml new file mode 100644 index 000000000..7efc6416f --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/baremetalhost_viewer_role.yaml @@ -0,0 +1,20 @@ +# permissions for end users to view baremetalhosts. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: baremetalhost-viewer-role +rules: +- apiGroups: + - metal3.io + resources: + - baremetalhosts + verbs: + - get + - list + - watch +- apiGroups: + - metal3.io + resources: + - baremetalhosts/status + verbs: + - get diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/firmwareschema_editor_role.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/firmwareschema_editor_role.yaml new file mode 100644 index 000000000..be313f636 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/firmwareschema_editor_role.yaml @@ -0,0 +1,24 @@ +# permissions for end users to edit firmwareschemas. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: firmwareschema-editor-role +rules: +- apiGroups: + - metal3.io + resources: + - firmwareschemas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - metal3.io + resources: + - firmwareschemas/status + verbs: + - get diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/firmwareschema_viewer_role.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/firmwareschema_viewer_role.yaml new file mode 100644 index 000000000..90691038f --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/firmwareschema_viewer_role.yaml @@ -0,0 +1,20 @@ +# permissions for end users to view firmwareschemas. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: firmwareschema-viewer-role +rules: +- apiGroups: + - metal3.io + resources: + - firmwareschemas + verbs: + - get + - list + - watch +- apiGroups: + - metal3.io + resources: + - firmwareschemas/status + verbs: + - get diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/hostfirmwaresettings_editor_role.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/hostfirmwaresettings_editor_role.yaml new file mode 100644 index 000000000..64b1d5da8 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/hostfirmwaresettings_editor_role.yaml @@ -0,0 +1,24 @@ +# permissions for end users to edit hostfirmwaresettings. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: hostfirmwaresettings-editor-role +rules: +- apiGroups: + - metal3.io + resources: + - hostfirmwaresettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - metal3.io + resources: + - hostfirmwaresettings/status + verbs: + - get diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/hostfirmwaresettings_viewer_role.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/hostfirmwaresettings_viewer_role.yaml new file mode 100644 index 000000000..5235eb6b0 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/hostfirmwaresettings_viewer_role.yaml @@ -0,0 +1,20 @@ +# permissions for end users to view hostfirmwaresettings. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: hostfirmwaresettings-viewer-role +rules: +- apiGroups: + - metal3.io + resources: + - hostfirmwaresettings + verbs: + - get + - list + - watch +- apiGroups: + - metal3.io + resources: + - hostfirmwaresettings/status + verbs: + - get diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/kustomization.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/kustomization.yaml new file mode 100644 index 000000000..66c28338f --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/kustomization.yaml @@ -0,0 +1,12 @@ +resources: +- role.yaml +- role_binding.yaml +- leader_election_role.yaml +- leader_election_role_binding.yaml +# Comment the following 4 lines if you want to disable +# the auth proxy (https://github.com/brancz/kube-rbac-proxy) +# which protects your /metrics endpoint. +- auth_proxy_service.yaml +- auth_proxy_role.yaml +- auth_proxy_role_binding.yaml +- auth_proxy_client_clusterrole.yaml diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/leader_election_role.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/leader_election_role.yaml new file mode 100644 index 000000000..0ce1f3d7e --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/leader_election_role.yaml @@ -0,0 +1,44 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/leader_election_role_binding.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/leader_election_role_binding.yaml new file mode 100644 index 000000000..eed16906f --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/leader_election_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: default + namespace: system diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/role.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/role.yaml new file mode 100644 index 000000000..a98be9ed3 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/role.yaml @@ -0,0 +1,48 @@ + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - update + - watch +- apiGroups: + - metal3.io + resources: + - baremetalhosts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - metal3.io + resources: + - baremetalhosts/status + verbs: + - get + - patch + - update diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/role_binding.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/role_binding.yaml new file mode 100644 index 000000000..8f2658702 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/rbac/role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: default + namespace: system diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/render/capm3.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/render/capm3.yaml new file mode 100644 index 000000000..4aa1df562 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/render/capm3.yaml @@ -0,0 +1,1522 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: baremetalhosts.metal3.io +spec: + group: metal3.io + names: + kind: BareMetalHost + listKind: BareMetalHostList + plural: baremetalhosts + shortNames: + - bmh + - bmhost + singular: baremetalhost + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Operational status + jsonPath: .status.operationalStatus + name: Status + priority: 1 + type: string + - description: Provisioning status + jsonPath: .status.provisioning.state + name: State + type: string + - description: Consumer using this host + jsonPath: .spec.consumerRef.name + name: Consumer + type: string + - description: Address of management controller + jsonPath: .spec.bmc.address + name: BMC + priority: 1 + type: string + - description: The type of hardware detected + jsonPath: .status.hardwareProfile + name: Hardware_Profile + priority: 1 + type: string + - description: Whether the host is online or not + jsonPath: .spec.online + name: Online + type: string + - description: Type of the most recent error + jsonPath: .status.errorType + name: Error + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: BareMetalHost is the Schema for the baremetalhosts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BareMetalHostSpec defines the desired state of BareMetalHost + properties: + automatedCleaningMode: + default: metadata + description: When set to disabled, automated cleaning will be avoided + during provisioning and deprovisioning. + enum: + - metadata + - disabled + type: string + bmc: + description: How do we connect to the BMC? + properties: + address: + description: Address holds the URL for accessing the controller + on the network. + type: string + credentialsName: + description: The name of the secret containing the BMC credentials + (requires keys "username" and "password"). + type: string + disableCertificateVerification: + description: DisableCertificateVerification disables verification + of server certificates when using HTTPS to connect to the BMC. + This is required when the server certificate is self-signed, + but is insecure because it allows a man-in-the-middle to intercept + the connection. + type: boolean + required: + - address + - credentialsName + type: object + bootMACAddress: + description: Which MAC address will PXE boot? This is optional for + some types, but required for libvirt VMs driven by vbmc. + pattern: '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}' + type: string + bootMode: + description: Select the method of initializing the hardware during + boot. Defaults to UEFI. + enum: + - UEFI + - UEFISecureBoot + - legacy + type: string + consumerRef: + description: ConsumerRef can be used to store information about something + that is using a host. When it is not empty, the host is considered + "in use". + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + customDeploy: + description: A custom deploy procedure. + properties: + method: + description: Custom deploy method name. This name is specific + to the deploy ramdisk used. If you don't have a custom deploy + ramdisk, you shouldn't use CustomDeploy. + type: string + required: + - method + type: object + description: + description: Description is a human-entered text used to help identify + the host + type: string + externallyProvisioned: + description: ExternallyProvisioned means something else is managing + the image running on the host and the operator should only manage + the power status and hardware inventory inspection. If the Image + field is filled in, this field is ignored. + type: boolean + firmware: + description: BIOS configuration for bare metal server + properties: + simultaneousMultithreadingEnabled: + description: 'Allows a single physical processor core to appear + as several logical processors. This supports following options: + true, false.' + enum: + - true + - false + type: boolean + sriovEnabled: + description: 'SR-IOV support enables a hypervisor to create virtual + instances of a PCI-express device, potentially increasing performance. + This supports following options: true, false.' + enum: + - true + - false + type: boolean + virtualizationEnabled: + description: 'Supports the virtualization of platform hardware. + This supports following options: true, false.' + enum: + - true + - false + type: boolean + type: object + hardwareProfile: + description: What is the name of the hardware profile for this host? + It should only be necessary to set this when inspection cannot automatically + determine the profile. + type: string + image: + description: Image holds the details of the image to be provisioned. + properties: + checksum: + description: Checksum is the checksum for the image. + type: string + checksumType: + description: ChecksumType is the checksum algorithm for the image. + e.g md5, sha256, sha512 + enum: + - md5 + - sha256 + - sha512 + type: string + format: + description: DiskFormat contains the format of the image (raw, + qcow2, ...). Needs to be set to raw for raw images streaming. + Note live-iso means an iso referenced by the url will be live-booted + and not deployed to disk, and in this case the checksum options + are not required and if specified will be ignored. + enum: + - raw + - qcow2 + - vdi + - vmdk + - live-iso + type: string + url: + description: URL is a location of an image to deploy. + type: string + required: + - url + type: object + metaData: + description: MetaData holds the reference to the Secret containing + host metadata (e.g. meta_data.json which is passed to Config Drive). + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + networkData: + description: NetworkData holds the reference to the Secret containing + network configuration (e.g content of network_data.json which is + passed to Config Drive). + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + online: + description: Should the server be online? + type: boolean + raid: + description: RAID configuration for bare metal server + properties: + hardwareRAIDVolumes: + description: The list of logical disks for hardware RAID, if rootDeviceHints + isn't used, first volume is root volume. You can set the value + of this field to `[]` to clear all the hardware RAID configurations. + items: + description: HardwareRAIDVolume defines the desired configuration + of volume in hardware RAID + properties: + level: + description: 'RAID level for the logical disk. The following + levels are supported: 0;1;2;5;6;1+0;5+0;6+0.' + enum: + - "0" + - "1" + - "2" + - "5" + - "6" + - 1+0 + - 5+0 + - 6+0 + type: string + name: + description: Name of the volume. Should be unique within + the Node. If not specified, volume name will be auto-generated. + maxLength: 64 + type: string + numberOfPhysicalDisks: + description: Integer, number of physical disks to use for + the logical disk. Defaults to minimum number of disks + required for the particular RAID level. + minimum: 1 + type: integer + rotational: + description: Select disks with only rotational or solid-state + storage + type: boolean + sizeGibibytes: + description: Size (Integer) of the logical disk to be created + in GiB. If unspecified or set be 0, the maximum capacity + of disk will be used for logical disk. + minimum: 0 + type: integer + required: + - level + type: object + type: array + softwareRAIDVolumes: + description: The list of logical disks for software RAID, if rootDeviceHints + isn't used, first volume is root volume. If HardwareRAIDVolumes + is set this item will be invalid. The number of created Software + RAID devices must be 1 or 2. If there is only one Software RAID + device, it has to be a RAID-1. If there are two, the first one + has to be a RAID-1, while the RAID level for the second one + can be 0, 1, or 1+0. As the first RAID device will be the deployment + device, enforcing a RAID-1 reduces the risk of ending up with + a non-booting node in case of a disk failure. Software RAID + will always be deleted. + items: + description: SoftwareRAIDVolume defines the desired configuration + of volume in software RAID + properties: + level: + description: 'RAID level for the logical disk. The following + levels are supported: 0;1;1+0.' + enum: + - "0" + - "1" + - 1+0 + type: string + physicalDisks: + description: A list of device hints, the number of items + should be greater than or equal to 2. + items: + description: RootDeviceHints holds the hints for specifying + the storage location for the root filesystem for the + image. + properties: + deviceName: + description: A Linux device name like "/dev/vda". + The hint must match the actual value exactly. + type: string + hctl: + description: A SCSI bus address like 0:0:0:0. The + hint must match the actual value exactly. + type: string + minSizeGigabytes: + description: The minimum size of the device in Gigabytes. + minimum: 0 + type: integer + model: + description: A vendor-specific device identifier. + The hint can be a substring of the actual value. + type: string + rotational: + description: True if the device should use spinning + media, false otherwise. + type: boolean + serialNumber: + description: Device serial number. The hint must match + the actual value exactly. + type: string + vendor: + description: The name of the vendor or manufacturer + of the device. The hint can be a substring of the + actual value. + type: string + wwn: + description: Unique storage identifier. The hint must + match the actual value exactly. + type: string + wwnVendorExtension: + description: Unique vendor storage identifier. The + hint must match the actual value exactly. + type: string + wwnWithExtension: + description: Unique storage identifier with the vendor + extension appended. The hint must match the actual + value exactly. + type: string + type: object + minItems: 2 + type: array + sizeGibibytes: + description: Size (Integer) of the logical disk to be created + in GiB. If unspecified or set be 0, the maximum capacity + of disk will be used for logical disk. + minimum: 0 + type: integer + required: + - level + type: object + maxItems: 2 + type: array + type: object + rootDeviceHints: + description: Provide guidance about how to choose the device for the + image being provisioned. + properties: + deviceName: + description: A Linux device name like "/dev/vda". The hint must + match the actual value exactly. + type: string + hctl: + description: A SCSI bus address like 0:0:0:0. The hint must match + the actual value exactly. + type: string + minSizeGigabytes: + description: The minimum size of the device in Gigabytes. + minimum: 0 + type: integer + model: + description: A vendor-specific device identifier. The hint can + be a substring of the actual value. + type: string + rotational: + description: True if the device should use spinning media, false + otherwise. + type: boolean + serialNumber: + description: Device serial number. The hint must match the actual + value exactly. + type: string + vendor: + description: The name of the vendor or manufacturer of the device. + The hint can be a substring of the actual value. + type: string + wwn: + description: Unique storage identifier. The hint must match the + actual value exactly. + type: string + wwnVendorExtension: + description: Unique vendor storage identifier. The hint must match + the actual value exactly. + type: string + wwnWithExtension: + description: Unique storage identifier with the vendor extension + appended. The hint must match the actual value exactly. + type: string + type: object + taints: + description: Taints is the full, authoritative list of taints to apply + to the corresponding Machine. This list will overwrite any modifications + made to the Machine on an ongoing basis. + items: + description: The node this Taint is attached to has the "effect" + on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods that + do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which the taint + was added. It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint key. + type: string + required: + - effect + - key + type: object + type: array + userData: + description: UserData holds the reference to the Secret containing + the user data to be passed to the host before it boots. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + required: + - online + type: object + status: + description: BareMetalHostStatus defines the observed state of BareMetalHost + properties: + errorCount: + default: 0 + description: ErrorCount records how many times the host has encoutered + an error since the last successful operation + type: integer + errorMessage: + description: the last error message reported by the provisioning subsystem + type: string + errorType: + description: ErrorType indicates the type of failure encountered when + the OperationalStatus is OperationalStatusError + enum: + - provisioned registration error + - registration error + - inspection error + - preparation error + - provisioning error + - power management error + type: string + goodCredentials: + description: the last credentials we were able to validate as working + properties: + credentials: + description: SecretReference represents a Secret Reference. It + has enough information to retrieve secret in any namespace + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which the + secret name must be unique. + type: string + type: object + credentialsVersion: + type: string + type: object + hardware: + description: The hardware discovered to exist on the host. + properties: + cpu: + description: CPU describes one processor on the host. + properties: + arch: + type: string + clockMegahertz: + description: ClockSpeed is a clock speed in MHz + format: double + type: number + count: + type: integer + flags: + items: + type: string + type: array + model: + type: string + type: object + firmware: + description: Firmware describes the firmware on the host. + properties: + bios: + description: The BIOS for this firmware + properties: + date: + description: The release/build date for this BIOS + type: string + vendor: + description: The vendor name for this BIOS + type: string + version: + description: The version of the BIOS + type: string + type: object + type: object + hostname: + type: string + nics: + items: + description: NIC describes one network interface on the host. + properties: + ip: + description: The IP address of the interface. This will + be an IPv4 or IPv6 address if one is present. If both + IPv4 and IPv6 addresses are present in a dual-stack environment, + two nics will be output, one with each IP. + type: string + mac: + description: The device MAC address + pattern: '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}' + type: string + model: + description: The vendor and product IDs of the NIC, e.g. + "0x8086 0x1572" + type: string + name: + description: The name of the network interface, e.g. "en0" + type: string + pxe: + description: Whether the NIC is PXE Bootable + type: boolean + speedGbps: + description: The speed of the device in Gigabits per second + type: integer + vlanId: + description: The untagged VLAN ID + format: int32 + maximum: 4094 + minimum: 0 + type: integer + vlans: + description: The VLANs available + items: + description: VLAN represents the name and ID of a VLAN + properties: + id: + description: VLANID is a 12-bit 802.1Q VLAN identifier + format: int32 + maximum: 4094 + minimum: 0 + type: integer + name: + type: string + type: object + type: array + type: object + type: array + ramMebibytes: + type: integer + storage: + items: + description: Storage describes one storage device (disk, SSD, + etc.) on the host. + properties: + hctl: + description: The SCSI location of the device + type: string + model: + description: Hardware model + type: string + name: + description: The Linux device name of the disk, e.g. "/dev/sda". + Note that this may not be stable across reboots. + type: string + rotational: + description: Whether this disk represents rotational storage. + This field is not recommended for usage, please prefer + using 'Type' field instead, this field will be deprecated + eventually. + type: boolean + serialNumber: + description: The serial number of the device + type: string + sizeBytes: + description: The size of the disk in Bytes + format: int64 + type: integer + type: + description: 'Device type, one of: HDD, SSD, NVME.' + enum: + - HDD + - SSD + - NVME + type: string + vendor: + description: The name of the vendor of the device + type: string + wwn: + description: The WWN of the device + type: string + wwnVendorExtension: + description: The WWN Vendor extension of the device + type: string + wwnWithExtension: + description: The WWN with the extension + type: string + type: object + type: array + systemVendor: + description: HardwareSystemVendor stores details about the whole + hardware system. + properties: + manufacturer: + type: string + productName: + type: string + serialNumber: + type: string + type: object + type: object + hardwareProfile: + description: The name of the profile matching the hardware details. + type: string + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + operationHistory: + description: OperationHistory holds information about operations performed + on this host. + properties: + deprovision: + description: OperationMetric contains metadata about an operation + (inspection, provisioning, etc.) used for tracking metrics. + properties: + end: + format: date-time + nullable: true + type: string + start: + format: date-time + nullable: true + type: string + type: object + inspect: + description: OperationMetric contains metadata about an operation + (inspection, provisioning, etc.) used for tracking metrics. + properties: + end: + format: date-time + nullable: true + type: string + start: + format: date-time + nullable: true + type: string + type: object + provision: + description: OperationMetric contains metadata about an operation + (inspection, provisioning, etc.) used for tracking metrics. + properties: + end: + format: date-time + nullable: true + type: string + start: + format: date-time + nullable: true + type: string + type: object + register: + description: OperationMetric contains metadata about an operation + (inspection, provisioning, etc.) used for tracking metrics. + properties: + end: + format: date-time + nullable: true + type: string + start: + format: date-time + nullable: true + type: string + type: object + type: object + operationalStatus: + description: OperationalStatus holds the status of the host + enum: + - "" + - OK + - discovered + - error + - delayed + - detached + type: string + poweredOn: + description: indicator for whether or not the host is powered on + type: boolean + provisioning: + description: Information tracked by the provisioner. + properties: + ID: + description: The machine's UUID from the underlying provisioning + tool + type: string + bootMode: + description: BootMode indicates the boot mode used to provision + the node + enum: + - UEFI + - UEFISecureBoot + - legacy + type: string + customDeploy: + description: Custom deploy procedure applied to the host. + properties: + method: + description: Custom deploy method name. This name is specific + to the deploy ramdisk used. If you don't have a custom deploy + ramdisk, you shouldn't use CustomDeploy. + type: string + required: + - method + type: object + firmware: + description: The Bios set by the user + properties: + simultaneousMultithreadingEnabled: + description: 'Allows a single physical processor core to appear + as several logical processors. This supports following options: + true, false.' + enum: + - true + - false + type: boolean + sriovEnabled: + description: 'SR-IOV support enables a hypervisor to create + virtual instances of a PCI-express device, potentially increasing + performance. This supports following options: true, false.' + enum: + - true + - false + type: boolean + virtualizationEnabled: + description: 'Supports the virtualization of platform hardware. + This supports following options: true, false.' + enum: + - true + - false + type: boolean + type: object + image: + description: Image holds the details of the last image successfully + provisioned to the host. + properties: + checksum: + description: Checksum is the checksum for the image. + type: string + checksumType: + description: ChecksumType is the checksum algorithm for the + image. e.g md5, sha256, sha512 + enum: + - md5 + - sha256 + - sha512 + type: string + format: + description: DiskFormat contains the format of the image (raw, + qcow2, ...). Needs to be set to raw for raw images streaming. + Note live-iso means an iso referenced by the url will be + live-booted and not deployed to disk, and in this case the + checksum options are not required and if specified will + be ignored. + enum: + - raw + - qcow2 + - vdi + - vmdk + - live-iso + type: string + url: + description: URL is a location of an image to deploy. + type: string + required: + - url + type: object + raid: + description: The Raid set by the user + properties: + hardwareRAIDVolumes: + description: The list of logical disks for hardware RAID, + if rootDeviceHints isn't used, first volume is root volume. + You can set the value of this field to `[]` to clear all + the hardware RAID configurations. + items: + description: HardwareRAIDVolume defines the desired configuration + of volume in hardware RAID + properties: + level: + description: 'RAID level for the logical disk. The following + levels are supported: 0;1;2;5;6;1+0;5+0;6+0.' + enum: + - "0" + - "1" + - "2" + - "5" + - "6" + - 1+0 + - 5+0 + - 6+0 + type: string + name: + description: Name of the volume. Should be unique within + the Node. If not specified, volume name will be auto-generated. + maxLength: 64 + type: string + numberOfPhysicalDisks: + description: Integer, number of physical disks to use + for the logical disk. Defaults to minimum number of + disks required for the particular RAID level. + minimum: 1 + type: integer + rotational: + description: Select disks with only rotational or solid-state + storage + type: boolean + sizeGibibytes: + description: Size (Integer) of the logical disk to be + created in GiB. If unspecified or set be 0, the maximum + capacity of disk will be used for logical disk. + minimum: 0 + type: integer + required: + - level + type: object + type: array + softwareRAIDVolumes: + description: The list of logical disks for software RAID, + if rootDeviceHints isn't used, first volume is root volume. + If HardwareRAIDVolumes is set this item will be invalid. + The number of created Software RAID devices must be 1 or + 2. If there is only one Software RAID device, it has to + be a RAID-1. If there are two, the first one has to be a + RAID-1, while the RAID level for the second one can be 0, + 1, or 1+0. As the first RAID device will be the deployment + device, enforcing a RAID-1 reduces the risk of ending up + with a non-booting node in case of a disk failure. Software + RAID will always be deleted. + items: + description: SoftwareRAIDVolume defines the desired configuration + of volume in software RAID + properties: + level: + description: 'RAID level for the logical disk. The following + levels are supported: 0;1;1+0.' + enum: + - "0" + - "1" + - 1+0 + type: string + physicalDisks: + description: A list of device hints, the number of items + should be greater than or equal to 2. + items: + description: RootDeviceHints holds the hints for specifying + the storage location for the root filesystem for + the image. + properties: + deviceName: + description: A Linux device name like "/dev/vda". + The hint must match the actual value exactly. + type: string + hctl: + description: A SCSI bus address like 0:0:0:0. + The hint must match the actual value exactly. + type: string + minSizeGigabytes: + description: The minimum size of the device in + Gigabytes. + minimum: 0 + type: integer + model: + description: A vendor-specific device identifier. + The hint can be a substring of the actual value. + type: string + rotational: + description: True if the device should use spinning + media, false otherwise. + type: boolean + serialNumber: + description: Device serial number. The hint must + match the actual value exactly. + type: string + vendor: + description: The name of the vendor or manufacturer + of the device. The hint can be a substring of + the actual value. + type: string + wwn: + description: Unique storage identifier. The hint + must match the actual value exactly. + type: string + wwnVendorExtension: + description: Unique vendor storage identifier. + The hint must match the actual value exactly. + type: string + wwnWithExtension: + description: Unique storage identifier with the + vendor extension appended. The hint must match + the actual value exactly. + type: string + type: object + minItems: 2 + type: array + sizeGibibytes: + description: Size (Integer) of the logical disk to be + created in GiB. If unspecified or set be 0, the maximum + capacity of disk will be used for logical disk. + minimum: 0 + type: integer + required: + - level + type: object + maxItems: 2 + type: array + type: object + rootDeviceHints: + description: The RootDevicehints set by the user + properties: + deviceName: + description: A Linux device name like "/dev/vda". The hint + must match the actual value exactly. + type: string + hctl: + description: A SCSI bus address like 0:0:0:0. The hint must + match the actual value exactly. + type: string + minSizeGigabytes: + description: The minimum size of the device in Gigabytes. + minimum: 0 + type: integer + model: + description: A vendor-specific device identifier. The hint + can be a substring of the actual value. + type: string + rotational: + description: True if the device should use spinning media, + false otherwise. + type: boolean + serialNumber: + description: Device serial number. The hint must match the + actual value exactly. + type: string + vendor: + description: The name of the vendor or manufacturer of the + device. The hint can be a substring of the actual value. + type: string + wwn: + description: Unique storage identifier. The hint must match + the actual value exactly. + type: string + wwnVendorExtension: + description: Unique vendor storage identifier. The hint must + match the actual value exactly. + type: string + wwnWithExtension: + description: Unique storage identifier with the vendor extension + appended. The hint must match the actual value exactly. + type: string + type: object + state: + description: An indiciator for what the provisioner is doing with + the host. + type: string + required: + - ID + - state + type: object + triedCredentials: + description: the last credentials we sent to the provisioning backend + properties: + credentials: + description: SecretReference represents a Secret Reference. It + has enough information to retrieve secret in any namespace + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which the + secret name must be unique. + type: string + type: object + credentialsVersion: + type: string + type: object + required: + - errorCount + - errorMessage + - hardwareProfile + - operationalStatus + - poweredOn + - provisioning + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: firmwareschemas.metal3.io +spec: + group: metal3.io + names: + kind: FirmwareSchema + listKind: FirmwareSchemaList + plural: firmwareschemas + singular: firmwareschema + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FirmwareSchema is the Schema for the firmwareschemas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FirmwareSchemaSpec defines the desired state of FirmwareSchema + properties: + hardwareModel: + description: The hardware model associated with this schema + type: string + hardwareVendor: + description: The hardware vendor associated with this schema + type: string + schema: + additionalProperties: + description: Additional data describing the firmware setting + properties: + allowable_values: + description: The allowable value for an Enumeration type setting. + items: + type: string + type: array + attribute_type: + description: The type of setting. + enum: + - Enumeration + - String + - Integer + - Boolean + - Password + type: string + lower_bound: + description: The lowest value for an Integer type setting. + type: integer + max_length: + description: Maximum length for a String type setting. + type: integer + min_length: + description: Minimum length for a String type setting. + type: integer + read_only: + description: Whether or not this setting is read only. + type: boolean + reset_required: + description: Whether or not a reset is required after changing + this setting. + type: boolean + unique: + description: Whether or not this setting's value is unique to + this node, e.g. a serial number. + type: boolean + upper_bound: + description: The highest value for an Integer type setting. + type: integer + type: object + description: Map of firmware name to schema + type: object + required: + - schema + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: hostfirmwaresettings.metal3.io +spec: + group: metal3.io + names: + kind: HostFirmwareSettings + listKind: HostFirmwareSettingsList + plural: hostfirmwaresettings + singular: hostfirmwaresettings + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: HostFirmwareSettings is the Schema for the hostfirmwaresettings + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HostFirmwareSettingsSpec defines the desired state of HostFirmwareSettings + properties: + settings: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + description: Settings are the desired firmware settings stored as + name/value pairs. This will be populated with the actual firmware + settings and only contain the settings that can be modified (i.e. + not ReadOnly), to facilitate making changes. + type: object + required: + - settings + type: object + status: + description: HostFirmwareSettingsStatus defines the observed state of + HostFirmwareSettings + properties: + schema: + description: FirmwareSchema is a reference to the Schema used to describe + each FirmwareSetting. By default, this will be a Schema in the same + Namespace as the settings but it can be overwritten in the Spec + properties: + name: + description: '`name` is the reference to the schema.' + type: string + namespace: + description: '`namespace` is the namespace of the where the schema + is stored.' + type: string + required: + - name + - namespace + type: object + settings: + additionalProperties: + type: string + description: Settings are the actual firmware settings stored as name/value + pairs + type: object + required: + - settings + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: baremetal-operator-leader-election-role + namespace: baremetal-operator-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: baremetal-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - update + - watch +- apiGroups: + - metal3.io + resources: + - baremetalhosts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - metal3.io + resources: + - baremetalhosts/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: baremetal-operator-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: baremetal-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: baremetal-operator-leader-election-rolebinding + namespace: baremetal-operator-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: baremetal-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: default + namespace: baremetal-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: baremetal-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: baremetal-operator-manager-role +subjects: +- kind: ServiceAccount + name: default + namespace: baremetal-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: baremetal-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: baremetal-operator-proxy-role +subjects: +- kind: ServiceAccount + name: default + namespace: baremetal-operator-system +--- +apiVersion: v1 +data: + CACHEURL: http://172.22.0.1/images + DEPLOY_KERNEL_URL: http://172.22.0.2:6180/images/ironic-python-agent.kernel + DEPLOY_RAMDISK_URL: http://172.22.0.2:6180/images/ironic-python-agent.initramfs + DHCP_RANGE: 172.22.0.10,172.22.0.100 + HTTP_PORT: "6180" + IRONIC_ENDPOINT: http://172.22.0.2:6385/v1/ + IRONIC_FAST_TRACK: "true" + IRONIC_INSPECTOR_ENDPOINT: http://172.22.0.2:5050/v1/ + PROVISIONING_INTERFACE: eth2 +kind: ConfigMap +metadata: + name: baremetal-operator-ironic + namespace: baremetal-operator-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: baremetal-operator-controller-manager-metrics-service + namespace: baremetal-operator-system +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + name: baremetal-operator-controller-manager + namespace: baremetal-operator-system +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8085/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + - args: + - --metrics-addr=127.0.0.1:8085 + - --enable-leader-election + command: + - /baremetal-operator + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: baremetal-operator-ironic + image: quay.io/metal3-io/baremetal-operator + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 9440 + initialDelaySeconds: 3 + periodSeconds: 3 + name: manager + terminationGracePeriodSeconds: 10 diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/samples/metal3.io_v1alpha1_baremetalhost.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/samples/metal3.io_v1alpha1_baremetalhost.yaml new file mode 100644 index 000000000..0b3f58c6a --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/samples/metal3.io_v1alpha1_baremetalhost.yaml @@ -0,0 +1,7 @@ +apiVersion: metal3.io/v1alpha1 +kind: BareMetalHost +metadata: + name: baremetalhost-sample +spec: + # Add fields here + foo: bar diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/samples/metal3.io_v1alpha1_firmwareschema.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/samples/metal3.io_v1alpha1_firmwareschema.yaml new file mode 100644 index 000000000..f57772847 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/samples/metal3.io_v1alpha1_firmwareschema.yaml @@ -0,0 +1,34 @@ +apiVersion: metal3.io/v1alpha1 +kind: FirmwareSchema +metadata: + name: firmwareschema-sample +spec: +status: + referenceCount: 2 + hardwareVendor: "VendorA" + hardwareModel: "ModelT" + schema: + - "ProcVirtualization": + attribute_type: "Enumeration" + allowable_values: + - "Enabled" + - "Disabled" + read_only: false + - "ProcCPUCores": + attribute_type: "Integer" + lower_bound: 1 + read_only: true + upper_bound: 100 + - "SRIOV": + allowable_values: + - "Enabled" + - "Disabled" + - "SystemModelName": + attribute_type: "String" + max_length: 40 + min_length: 0 + read_only: true + - "SerialNumber": + attribute_type: "String" + max_length: 16 + min_length: 0 diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/samples/metal3.io_v1alpha1_hostfirmwaresettings.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/samples/metal3.io_v1alpha1_hostfirmwaresettings.yaml new file mode 100644 index 000000000..268335bf5 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/samples/metal3.io_v1alpha1_hostfirmwaresettings.yaml @@ -0,0 +1,17 @@ +apiVersion: metal3.io/v1alpha1 +kind: HostFirmwareSettings +metadata: + name: hostfirmwaresettings-sample +spec: + settings: + - "ProcVirtualization": "Enabled" + - "SRIOV": "Enabled" + - "NetworkBootRetryCount": "20" +status: + settings: + - "ProcVirtualization": "Enabled" + - "ProcCPUCores": "100" + - "SRIOV": "Enabled" + - "SystemModelName": "QYZ12345" + - "SerialNumber": "22654891" + - "NetworkBootRetryCount": "10" diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/tls/kustomization.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/tls/kustomization.yaml new file mode 100644 index 000000000..cdafae35f --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/tls/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: baremetal-operator-system +resources: +- ../default +- ../namespace + +patchesStrategicMerge: +- tls_ca_patch.yaml diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/tls/tls_ca_patch.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/tls/tls_ca_patch.yaml new file mode 100644 index 000000000..b28d9d430 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/tls/tls_ca_patch.yaml @@ -0,0 +1,18 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + volumeMounts: + - name: cacert + mountPath: "/opt/metal3/certs/ca" + readOnly: true + volumes: + - name: cacert + secret: + secretName: ironic-cacert \ No newline at end of file diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/webhook/kustomization.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/webhook/kustomization.yaml new file mode 100644 index 000000000..696fcc77c --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/webhook/kustomization.yaml @@ -0,0 +1,5 @@ +resources: +- service_patch.yaml + +configurations: +- kustomizeconfig.yaml diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/webhook/kustomizeconfig.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/webhook/kustomizeconfig.yaml new file mode 100644 index 000000000..25e21e3c9 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/webhook/kustomizeconfig.yaml @@ -0,0 +1,25 @@ +# the following config is for teaching kustomize where to look at when substituting vars. +# It requires kustomize v2.1.0 or newer to work properly. +nameReference: +- kind: Service + version: v1 + fieldSpecs: + - kind: MutatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/name + - kind: ValidatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/name + +namespace: +- kind: MutatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/namespace + create: true +- kind: ValidatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/namespace + create: true + +varReference: +- path: metadata/annotations diff --git a/manifests/function/baremetal-operator/v0.5.0/upstream/webhook/service_patch.yaml b/manifests/function/baremetal-operator/v0.5.0/upstream/webhook/service_patch.yaml new file mode 100644 index 000000000..31e0f8295 --- /dev/null +++ b/manifests/function/baremetal-operator/v0.5.0/upstream/webhook/service_patch.yaml @@ -0,0 +1,12 @@ + +apiVersion: v1 +kind: Service +metadata: + name: webhook-service + namespace: system +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + control-plane: controller-manager diff --git a/manifests/function/capm3/v0.5.0/certmanager/certificate.yaml b/manifests/function/capm3/v0.5.0/certmanager/certificate.yaml new file mode 100644 index 000000000..abf6713a7 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/certmanager/certificate.yaml @@ -0,0 +1,24 @@ +# The following manifests contain a self-signed issuer CR and a certificate CR. +# More document can be found at https://docs.cert-manager.io +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-issuer + namespace: system +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml + namespace: system +spec: + # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize + dnsNames: + - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc + - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local + issuerRef: + kind: Issuer + name: selfsigned-issuer + secretName: $(SERVICE_NAME)-cert # this secret will not be prefixed, since it's not managed by kustomize diff --git a/manifests/function/capm3/v0.5.0/certmanager/kustomization.yaml b/manifests/function/capm3/v0.5.0/certmanager/kustomization.yaml new file mode 100644 index 000000000..e0182475f --- /dev/null +++ b/manifests/function/capm3/v0.5.0/certmanager/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- certificate.yaml + +configurations: +- kustomizeconfig.yaml diff --git a/manifests/function/capm3/v0.5.0/certmanager/kustomizeconfig.yaml b/manifests/function/capm3/v0.5.0/certmanager/kustomizeconfig.yaml new file mode 100644 index 000000000..28a895a40 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/certmanager/kustomizeconfig.yaml @@ -0,0 +1,19 @@ +# This configuration is for teaching kustomize how to update name ref and var substitution +nameReference: +- kind: Issuer + group: cert-manager.io + fieldSpecs: + - kind: Certificate + group: cert-manager.io + path: spec/issuerRef/name + +varReference: +- kind: Certificate + group: cert-manager.io + path: spec/commonName +- kind: Certificate + group: cert-manager.io + path: spec/dnsNames +- kind: Certificate + group: cert-manager.io + path: spec/secretName diff --git a/manifests/function/capm3/v0.5.0/crd/bases/infrastructure.cluster.x-k8s.io_metal3clusters.yaml b/manifests/function/capm3/v0.5.0/crd/bases/infrastructure.cluster.x-k8s.io_metal3clusters.yaml new file mode 100644 index 000000000..809f7938c --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/bases/infrastructure.cluster.x-k8s.io_metal3clusters.yaml @@ -0,0 +1,204 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: metal3clusters.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3Cluster + listKind: Metal3ClusterList + plural: metal3clusters + shortNames: + - m3c + - m3cluster + - m3clusters + - metal3c + - metal3cluster + singular: metal3cluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: metal3Cluster is Ready + jsonPath: .status.ready + name: Ready + type: string + - description: Most recent error + jsonPath: .status.failureReason + name: Error + type: string + - description: Cluster to which this BMCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Control plane endpoint + jsonPath: .spec.controlPlaneEndpoint + name: Endpoint + type: string + name: v1alpha4 + schema: + openAPIV3Schema: + description: Metal3Cluster is the Schema for the metal3clusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3ClusterSpec defines the desired state of Metal3Cluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server is serving. + type: string + port: + description: Port is the port on which the API server is serving. + type: integer + required: + - host + - port + type: object + noCloudProvider: + type: boolean + required: + - controlPlaneEndpoint + type: object + status: + description: Metal3ClusterStatus defines the observed state of Metal3Cluster. + properties: + failureMessage: + description: FailureMessage indicates that there is a fatal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a fatal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + ready: + description: Ready denotes that the Metal3 cluster (infrastructure) + is ready. In Baremetal case, it does not mean anything for now as + no infrastructure steps need to be performed. Required by Cluster + API. Set to True by the metal3Cluster controller after creation. + type: boolean + required: + - ready + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: metal3Cluster is Ready + jsonPath: .status.ready + name: Ready + type: string + - description: Most recent error + jsonPath: .status.failureReason + name: Error + type: string + - description: Cluster to which this BMCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Control plane endpoint + jsonPath: .spec.controlPlaneEndpoint + name: Endpoint + type: string + name: v1alpha5 + schema: + openAPIV3Schema: + description: Metal3Cluster is the Schema for the metal3clusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3ClusterSpec defines the desired state of Metal3Cluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server is serving. + type: string + port: + description: Port is the port on which the API server is serving. + type: integer + required: + - host + - port + type: object + noCloudProvider: + type: boolean + required: + - controlPlaneEndpoint + type: object + status: + description: Metal3ClusterStatus defines the observed state of Metal3Cluster. + properties: + failureMessage: + description: FailureMessage indicates that there is a fatal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a fatal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + ready: + description: Ready denotes that the Metal3 cluster (infrastructure) + is ready. In Baremetal case, it does not mean anything for now as + no infrastructure steps need to be performed. Required by Cluster + API. Set to True by the metal3Cluster controller after creation. + type: boolean + required: + - ready + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/capm3/v0.5.0/crd/bases/infrastructure.cluster.x-k8s.io_metal3dataclaims.yaml b/manifests/function/capm3/v0.5.0/crd/bases/infrastructure.cluster.x-k8s.io_metal3dataclaims.yaml new file mode 100644 index 000000000..56a6bbe74 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/bases/infrastructure.cluster.x-k8s.io_metal3dataclaims.yaml @@ -0,0 +1,248 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: metal3dataclaims.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3DataClaim + listKind: Metal3DataClaimList + plural: metal3dataclaims + shortNames: + - m3dc + - m3dataclaim + - m3dataclaims + - metal3dc + - metal3dataclaim + singular: metal3dataclaim + scope: Namespaced + versions: + - name: v1alpha4 + schema: + openAPIV3Schema: + description: Metal3DataClaim is the Schema for the metal3datas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3DataClaimSpec defines the desired state of Metal3DataClaim. + properties: + template: + description: Template is the Metal3DataTemplate this was generated + for. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + required: + - template + type: object + status: + description: Metal3DataClaimStatus defines the observed state of Metal3DataClaim. + properties: + errorMessage: + description: ErrorMessage contains the error message + type: string + renderedData: + description: RenderedData references the Metal3Data when ready + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1alpha5 + schema: + openAPIV3Schema: + description: Metal3DataClaim is the Schema for the metal3datas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3DataClaimSpec defines the desired state of Metal3DataClaim. + properties: + template: + description: Template is the Metal3DataTemplate this was generated + for. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + required: + - template + type: object + status: + description: Metal3DataClaimStatus defines the observed state of Metal3DataClaim. + properties: + errorMessage: + description: ErrorMessage contains the error message + type: string + renderedData: + description: RenderedData references the Metal3Data when ready + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/capm3/v0.5.0/crd/bases/infrastructure.cluster.x-k8s.io_metal3datas.yaml b/manifests/function/capm3/v0.5.0/crd/bases/infrastructure.cluster.x-k8s.io_metal3datas.yaml new file mode 100644 index 000000000..6ed164ad7 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/bases/infrastructure.cluster.x-k8s.io_metal3datas.yaml @@ -0,0 +1,326 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: metal3datas.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3Data + listKind: Metal3DataList + plural: metal3datas + shortNames: + - m3d + - m3data + - m3datas + - metal3d + - metal3data + singular: metal3data + scope: Namespaced + versions: + - name: v1alpha4 + schema: + openAPIV3Schema: + description: Metal3Data is the Schema for the metal3datas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3DataSpec defines the desired state of Metal3Data. + properties: + claim: + description: DataClaim points to the Metal3DataClaim the Metal3Data + was created for. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + index: + description: Index stores the index value of this instance in the + Metal3DataTemplate. + type: integer + metaData: + description: MetaData points to the rendered MetaData secret. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + networkData: + description: NetworkData points to the rendered NetworkData secret. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + template: + description: DataTemplate is the Metal3DataTemplate this was generated + from. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + templateReference: + description: TemplateReference refers to the Template the Metal3MachineTemplate + refers to. It can be matched against the key or it may also point + to the name of the template Metal3Data refers to + type: string + required: + - claim + - template + type: object + status: + description: Metal3DataStatus defines the observed state of Metal3Data. + properties: + errorMessage: + description: ErrorMessage contains the error message + type: string + ready: + description: Ready is a flag set to True if the secrets were rendered + properly + type: boolean + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1alpha5 + schema: + openAPIV3Schema: + description: Metal3Data is the Schema for the metal3datas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3DataSpec defines the desired state of Metal3Data. + properties: + claim: + description: DataClaim points to the Metal3DataClaim the Metal3Data + was created for. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + index: + description: Index stores the index value of this instance in the + Metal3DataTemplate. + type: integer + metaData: + description: MetaData points to the rendered MetaData secret. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + networkData: + description: NetworkData points to the rendered NetworkData secret. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + template: + description: DataTemplate is the Metal3DataTemplate this was generated + from. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + templateReference: + description: TemplateReference refers to the Template the Metal3MachineTemplate + refers to. It can be matched against the key or it may also point + to the name of the template Metal3Data refers to + type: string + required: + - claim + - template + type: object + status: + description: Metal3DataStatus defines the observed state of Metal3Data. + properties: + errorMessage: + description: ErrorMessage contains the error message + type: string + ready: + description: Ready is a flag set to True if the secrets were rendered + properly + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/capm3/v0.5.0/crd/bases/infrastructure.cluster.x-k8s.io_metal3datatemplates.yaml b/manifests/function/capm3/v0.5.0/crd/bases/infrastructure.cluster.x-k8s.io_metal3datatemplates.yaml new file mode 100644 index 000000000..7787dd9c1 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/bases/infrastructure.cluster.x-k8s.io_metal3datatemplates.yaml @@ -0,0 +1,1684 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: metal3datatemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3DataTemplate + listKind: Metal3DataTemplateList + plural: metal3datatemplates + shortNames: + - m3dt + - m3datatemplate + - m3datatemplates + - metal3dt + - metal3datatemplate + singular: metal3datatemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this template belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + name: v1alpha4 + schema: + openAPIV3Schema: + description: Metal3DataTemplate is the Schema for the metal3datatemplates + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3DataTemplateSpec defines the desired state of Metal3DataTemplate. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + metaData: + description: MetaData contains the information needed to generate + the metadata secret + properties: + dnsServersFromIPPool: + description: DNSServersFromPool is the list of metadata items + to be rendered as dns servers. + items: + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + name: + description: Name is the name of the IPPool used to fetch + the value to set in the metadata map for cloud-init + type: string + required: + - key + - name + type: object + type: array + fromAnnotations: + description: FromAnnotations is the list of metadata items to + be fetched from object Annotations + items: + description: MetaDataFromAnnotation contains the information + to fetch an annotation content, if the label does not exist, + it is rendered as empty string + properties: + annotation: + description: Annotation is the key of the Annotation to + fetch + type: string + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + object: + description: Object is the type of the object from which + we retrieve the name + enum: + - machine + - metal3machine + - baremetalhost + type: string + required: + - annotation + - key + - object + type: object + type: array + fromHostInterfaces: + description: FromHostInterfaces is the list of metadata items + to be rendered as MAC addresses of the host interfaces. + items: + description: MetaDataHostInterface contains the information + to render the object name + properties: + interface: + description: Interface is the name of the interface in the + BareMetalHost Status Hardware Details list of interfaces + from which to fetch the MAC address. + type: string + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + required: + - interface + - key + type: object + type: array + fromLabels: + description: FromLabels is the list of metadata items to be fetched + from object labels + items: + description: MetaDataFromLabel contains the information to fetch + a label content, if the label does not exist, it is rendered + as empty string + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + label: + description: Label is the key of the label to fetch + type: string + object: + description: Object is the type of the object from which + we retrieve the name + enum: + - machine + - metal3machine + - baremetalhost + type: string + required: + - key + - label + - object + type: object + type: array + gatewaysFromIPPool: + description: GatewaysFromPool is the list of metadata items to + be rendered as gateway addresses. + items: + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + name: + description: Name is the name of the IPPool used to fetch + the value to set in the metadata map for cloud-init + type: string + required: + - key + - name + type: object + type: array + indexes: + description: Indexes is the list of metadata items to be rendered + from the index of the Metal3Data + items: + description: MetaDataIndex contains the information to render + the index + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + offset: + description: Offset is the offset to apply to the index + when rendering it + type: integer + prefix: + description: Prefix is the prefix string + type: string + step: + default: 1 + description: Step is the multiplier of the index + type: integer + suffix: + description: Suffix is the suffix string + type: string + required: + - key + type: object + type: array + ipAddressesFromIPPool: + description: IPAddressesFromPool is the list of metadata items + to be rendered as ip addresses. + items: + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + name: + description: Name is the name of the IPPool used to fetch + the value to set in the metadata map for cloud-init + type: string + required: + - key + - name + type: object + type: array + namespaces: + description: Namespaces is the list of metadata items to be rendered + from the namespace + items: + description: MetaDataNamespace contains the information to render + the namespace + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + required: + - key + type: object + type: array + objectNames: + description: ObjectNames is the list of metadata items to be rendered + from the name of objects. + items: + description: MetaDataObjectName contains the information to + render the object name + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + object: + description: Object is the type of the object from which + we retrieve the name + enum: + - machine + - metal3machine + - baremetalhost + type: string + required: + - key + - object + type: object + type: array + prefixesFromIPPool: + description: PrefixesFromPool is the list of metadata items to + be rendered as network prefixes. + items: + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + name: + description: Name is the name of the IPPool used to fetch + the value to set in the metadata map for cloud-init + type: string + required: + - key + - name + type: object + type: array + strings: + description: Strings is the list of metadata items to be rendered + from strings + items: + description: MetaDataString contains the information to render + the string + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + value: + description: Value is the string to render. + type: string + required: + - key + - value + type: object + type: array + type: object + networkData: + description: NetworkData contains the information needed to generate + the networkdata secret + properties: + links: + description: Links is a structure containing lists of different + types objects + properties: + bonds: + description: Bonds contains a list of Bond links + items: + description: NetworkDataLinkBond represents a bond link + object + properties: + bondLinks: + description: BondLinks is the list of links that are + part of the bond. + items: + type: string + type: array + bondMode: + description: BondMode is the mode of bond used. It can + be one of balance-rr, active-backup, balance-xor, + broadcast, balance-tlb, balance-alb, 802.1ad + enum: + - balance-rr + - active-backup + - balance-xor + - broadcast + - balance-tlb + - balance-alb + - 802.1ad + type: string + id: + description: Id is the ID of the interface (used for + naming) + type: string + macAddress: + description: MACAddress is the MAC address of the interface, + containing the object used to render it. + properties: + fromHostInterface: + description: FromHostInterface contains the name + of the interface in the BareMetalHost Introspection + details from which to fetch the MAC address + type: string + string: + description: String contains the MAC address given + as a string + type: string + type: object + mtu: + default: 1500 + description: MTU is the MTU of the interface + maximum: 9000 + type: integer + required: + - bondLinks + - bondMode + - id + - macAddress + type: object + type: array + ethernets: + description: Ethernets contains a list of Ethernet links + items: + description: NetworkDataLinkEthernet represents an ethernet + link object + properties: + id: + description: Id is the ID of the interface (used for + naming) + type: string + macAddress: + description: MACAddress is the MAC address of the interface, + containing the object used to render it. + properties: + fromHostInterface: + description: FromHostInterface contains the name + of the interface in the BareMetalHost Introspection + details from which to fetch the MAC address + type: string + string: + description: String contains the MAC address given + as a string + type: string + type: object + mtu: + default: 1500 + description: MTU is the MTU of the interface + maximum: 9000 + type: integer + type: + description: 'Type is the type of the ethernet link. + It can be one of: bridge, dvs, hw_veb, hyperv, ovs, + tap, vhostuser, vif, phy' + enum: + - bridge + - dvs + - hw_veb + - hyperv + - ovs + - tap + - vhostuser + - vif + - phy + type: string + required: + - id + - macAddress + - type + type: object + type: array + vlans: + description: Vlans contains a list of Vlan links + items: + description: NetworkDataLinkVlan represents a vlan link + object + properties: + id: + description: Id is the ID of the interface (used for + naming) + type: string + macAddress: + description: MACAddress is the MAC address of the interface, + containing the object used to render it. + properties: + fromHostInterface: + description: FromHostInterface contains the name + of the interface in the BareMetalHost Introspection + details from which to fetch the MAC address + type: string + string: + description: String contains the MAC address given + as a string + type: string + type: object + mtu: + default: 1500 + description: MTU is the MTU of the interface + maximum: 9000 + type: integer + vlanID: + description: VlanID is the Vlan ID + maximum: 4096 + type: integer + vlanLink: + description: VlanLink is the name of the link on which + the vlan should be added + type: string + required: + - id + - macAddress + - vlanID + - vlanLink + type: object + type: array + type: object + networks: + description: Networks is a structure containing lists of different + types objects + properties: + ipv4: + description: IPv4 contains a list of IPv4 static allocations + items: + description: NetworkDataIPv4 represents an ipv4 static network + object + properties: + id: + description: ID is the network ID (name) + type: string + ipAddressFromIPPool: + description: IPAddressFromIPPool contains the name of + the IPPool to use to get an ip address + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv4 routes + items: + description: NetworkDataRoutev4 represents an ipv4 + route object + properties: + gateway: + description: Gateway is the IPv4 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + type: object + network: + description: Network is the IPv4 network address + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 32) + maximum: 32 + type: integer + services: + description: Services is a list of IPv4 services + properties: + dns: + description: DNS is a list of IPv4 DNS services + items: + description: IPAddressv4 is used for validation + of an IPv6 address + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - ipAddressFromIPPool + - link + type: object + type: array + ipv4DHCP: + description: IPv4 contains a list of IPv4 DHCP allocations + items: + description: NetworkDataIPv4DHCP represents an ipv4 DHCP + network object + properties: + id: + description: ID is the network ID (name) + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv4 routes + items: + description: NetworkDataRoutev4 represents an ipv4 + route object + properties: + gateway: + description: Gateway is the IPv4 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + type: object + network: + description: Network is the IPv4 network address + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 32) + maximum: 32 + type: integer + services: + description: Services is a list of IPv4 services + properties: + dns: + description: DNS is a list of IPv4 DNS services + items: + description: IPAddressv4 is used for validation + of an IPv6 address + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - link + type: object + type: array + ipv6: + description: IPv4 contains a list of IPv6 static allocations + items: + description: NetworkDataIPv6 represents an ipv6 static network + object + properties: + id: + description: ID is the network ID (name) + type: string + ipAddressFromIPPool: + description: IPAddressFromIPPool contains the name of + the IPPool to use to get an ip address + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv6 routes + items: + description: NetworkDataRoutev6 represents an ipv6 + route object + properties: + gateway: + description: Gateway is the IPv6 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: object + network: + description: Network is the IPv6 network address + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 128) + maximum: 128 + type: integer + services: + description: Services is a list of IPv6 services + properties: + dns: + description: DNS is a list of IPv6 DNS services + items: + description: IPAddressv6 is used for validation + of an IPv6 address + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - ipAddressFromIPPool + - link + type: object + type: array + ipv6DHCP: + description: IPv4 contains a list of IPv6 DHCP allocations + items: + description: NetworkDataIPv6DHCP represents an ipv6 DHCP + network object + properties: + id: + description: ID is the network ID (name) + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv6 routes + items: + description: NetworkDataRoutev6 represents an ipv6 + route object + properties: + gateway: + description: Gateway is the IPv6 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: object + network: + description: Network is the IPv6 network address + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 128) + maximum: 128 + type: integer + services: + description: Services is a list of IPv6 services + properties: + dns: + description: DNS is a list of IPv6 DNS services + items: + description: IPAddressv6 is used for validation + of an IPv6 address + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - link + type: object + type: array + ipv6SLAAC: + description: IPv4 contains a list of IPv6 SLAAC allocations + items: + description: NetworkDataIPv6DHCP represents an ipv6 DHCP + network object + properties: + id: + description: ID is the network ID (name) + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv6 routes + items: + description: NetworkDataRoutev6 represents an ipv6 + route object + properties: + gateway: + description: Gateway is the IPv6 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: object + network: + description: Network is the IPv6 network address + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 128) + maximum: 128 + type: integer + services: + description: Services is a list of IPv6 services + properties: + dns: + description: DNS is a list of IPv6 DNS services + items: + description: IPAddressv6 is used for validation + of an IPv6 address + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - link + type: object + type: array + type: object + services: + description: Services is a structure containing lists of different + types objects + properties: + dns: + description: DNS is a list of DNS services + items: + description: IPAddress is used for validation of an IP address + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of the IPPool from + which to get the DNS servers + type: string + type: object + type: object + templateReference: + description: TemplateReference refers to the Template the Metal3MachineTemplate + refers to. It can be matched against the key or it may also point + to the name of the template Metal3Data refers to + type: string + required: + - clusterName + type: object + status: + description: Metal3DataTemplateStatus defines the observed state of Metal3DataTemplate. + properties: + indexes: + additionalProperties: + type: integer + description: Indexes contains the map of Metal3Machine and index used + type: object + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Cluster to which this template belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + name: v1alpha5 + schema: + openAPIV3Schema: + description: Metal3DataTemplate is the Schema for the metal3datatemplates + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3DataTemplateSpec defines the desired state of Metal3DataTemplate. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + metaData: + description: MetaData contains the information needed to generate + the metadata secret + properties: + dnsServersFromIPPool: + description: DNSServersFromPool is the list of metadata items + to be rendered as dns servers. + items: + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + name: + description: Name is the name of the IPPool used to fetch + the value to set in the metadata map for cloud-init + type: string + required: + - key + - name + type: object + type: array + fromAnnotations: + description: FromAnnotations is the list of metadata items to + be fetched from object Annotations + items: + description: MetaDataFromAnnotation contains the information + to fetch an annotation content, if the label does not exist, + it is rendered as empty string + properties: + annotation: + description: Annotation is the key of the Annotation to + fetch + type: string + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + object: + description: Object is the type of the object from which + we retrieve the name + enum: + - machine + - metal3machine + - baremetalhost + type: string + required: + - annotation + - key + - object + type: object + type: array + fromHostInterfaces: + description: FromHostInterfaces is the list of metadata items + to be rendered as MAC addresses of the host interfaces. + items: + description: MetaDataHostInterface contains the information + to render the object name + properties: + interface: + description: Interface is the name of the interface in the + BareMetalHost Status Hardware Details list of interfaces + from which to fetch the MAC address. + type: string + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + required: + - interface + - key + type: object + type: array + fromLabels: + description: FromLabels is the list of metadata items to be fetched + from object labels + items: + description: MetaDataFromLabel contains the information to fetch + a label content, if the label does not exist, it is rendered + as empty string + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + label: + description: Label is the key of the label to fetch + type: string + object: + description: Object is the type of the object from which + we retrieve the name + enum: + - machine + - metal3machine + - baremetalhost + type: string + required: + - key + - label + - object + type: object + type: array + gatewaysFromIPPool: + description: GatewaysFromPool is the list of metadata items to + be rendered as gateway addresses. + items: + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + name: + description: Name is the name of the IPPool used to fetch + the value to set in the metadata map for cloud-init + type: string + required: + - key + - name + type: object + type: array + indexes: + description: Indexes is the list of metadata items to be rendered + from the index of the Metal3Data + items: + description: MetaDataIndex contains the information to render + the index + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + offset: + description: Offset is the offset to apply to the index + when rendering it + type: integer + prefix: + description: Prefix is the prefix string + type: string + step: + default: 1 + description: Step is the multiplier of the index + type: integer + suffix: + description: Suffix is the suffix string + type: string + required: + - key + type: object + type: array + ipAddressesFromIPPool: + description: IPAddressesFromPool is the list of metadata items + to be rendered as ip addresses. + items: + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + name: + description: Name is the name of the IPPool used to fetch + the value to set in the metadata map for cloud-init + type: string + required: + - key + - name + type: object + type: array + namespaces: + description: Namespaces is the list of metadata items to be rendered + from the namespace + items: + description: MetaDataNamespace contains the information to render + the namespace + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + required: + - key + type: object + type: array + objectNames: + description: ObjectNames is the list of metadata items to be rendered + from the name of objects. + items: + description: MetaDataObjectName contains the information to + render the object name + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + object: + description: Object is the type of the object from which + we retrieve the name + enum: + - machine + - metal3machine + - baremetalhost + type: string + required: + - key + - object + type: object + type: array + prefixesFromIPPool: + description: PrefixesFromPool is the list of metadata items to + be rendered as network prefixes. + items: + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + name: + description: Name is the name of the IPPool used to fetch + the value to set in the metadata map for cloud-init + type: string + required: + - key + - name + type: object + type: array + strings: + description: Strings is the list of metadata items to be rendered + from strings + items: + description: MetaDataString contains the information to render + the string + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + value: + description: Value is the string to render. + type: string + required: + - key + - value + type: object + type: array + type: object + networkData: + description: NetworkData contains the information needed to generate + the networkdata secret + properties: + links: + description: Links is a structure containing lists of different + types objects + properties: + bonds: + description: Bonds contains a list of Bond links + items: + description: NetworkDataLinkBond represents a bond link + object + properties: + bondLinks: + description: BondLinks is the list of links that are + part of the bond. + items: + type: string + type: array + bondMode: + description: BondMode is the mode of bond used. It can + be one of balance-rr, active-backup, balance-xor, + broadcast, balance-tlb, balance-alb, 802.1ad + enum: + - balance-rr + - active-backup + - balance-xor + - broadcast + - balance-tlb + - balance-alb + - 802.1ad + type: string + id: + description: Id is the ID of the interface (used for + naming) + type: string + macAddress: + description: MACAddress is the MAC address of the interface, + containing the object used to render it. + properties: + fromHostInterface: + description: FromHostInterface contains the name + of the interface in the BareMetalHost Introspection + details from which to fetch the MAC address + type: string + string: + description: String contains the MAC address given + as a string + type: string + type: object + mtu: + default: 1500 + description: MTU is the MTU of the interface + maximum: 9000 + type: integer + required: + - bondLinks + - bondMode + - id + - macAddress + type: object + type: array + ethernets: + description: Ethernets contains a list of Ethernet links + items: + description: NetworkDataLinkEthernet represents an ethernet + link object + properties: + id: + description: Id is the ID of the interface (used for + naming) + type: string + macAddress: + description: MACAddress is the MAC address of the interface, + containing the object used to render it. + properties: + fromHostInterface: + description: FromHostInterface contains the name + of the interface in the BareMetalHost Introspection + details from which to fetch the MAC address + type: string + string: + description: String contains the MAC address given + as a string + type: string + type: object + mtu: + default: 1500 + description: MTU is the MTU of the interface + maximum: 9000 + type: integer + type: + description: 'Type is the type of the ethernet link. + It can be one of: bridge, dvs, hw_veb, hyperv, ovs, + tap, vhostuser, vif, phy' + enum: + - bridge + - dvs + - hw_veb + - hyperv + - ovs + - tap + - vhostuser + - vif + - phy + type: string + required: + - id + - macAddress + - type + type: object + type: array + vlans: + description: Vlans contains a list of Vlan links + items: + description: NetworkDataLinkVlan represents a vlan link + object + properties: + id: + description: Id is the ID of the interface (used for + naming) + type: string + macAddress: + description: MACAddress is the MAC address of the interface, + containing the object used to render it. + properties: + fromHostInterface: + description: FromHostInterface contains the name + of the interface in the BareMetalHost Introspection + details from which to fetch the MAC address + type: string + string: + description: String contains the MAC address given + as a string + type: string + type: object + mtu: + default: 1500 + description: MTU is the MTU of the interface + maximum: 9000 + type: integer + vlanID: + description: VlanID is the Vlan ID + maximum: 4096 + type: integer + vlanLink: + description: VlanLink is the name of the link on which + the vlan should be added + type: string + required: + - id + - macAddress + - vlanID + - vlanLink + type: object + type: array + type: object + networks: + description: Networks is a structure containing lists of different + types objects + properties: + ipv4: + description: IPv4 contains a list of IPv4 static allocations + items: + description: NetworkDataIPv4 represents an ipv4 static network + object + properties: + id: + description: ID is the network ID (name) + type: string + ipAddressFromIPPool: + description: IPAddressFromIPPool contains the name of + the IPPool to use to get an ip address + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv4 routes + items: + description: NetworkDataRoutev4 represents an ipv4 + route object + properties: + gateway: + description: Gateway is the IPv4 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + type: object + network: + description: Network is the IPv4 network address + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 32) + maximum: 32 + type: integer + services: + description: Services is a list of IPv4 services + properties: + dns: + description: DNS is a list of IPv4 DNS services + items: + description: IPAddressv4 is used for validation + of an IPv6 address + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - ipAddressFromIPPool + - link + type: object + type: array + ipv4DHCP: + description: IPv4 contains a list of IPv4 DHCP allocations + items: + description: NetworkDataIPv4DHCP represents an ipv4 DHCP + network object + properties: + id: + description: ID is the network ID (name) + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv4 routes + items: + description: NetworkDataRoutev4 represents an ipv4 + route object + properties: + gateway: + description: Gateway is the IPv4 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + type: object + network: + description: Network is the IPv4 network address + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 32) + maximum: 32 + type: integer + services: + description: Services is a list of IPv4 services + properties: + dns: + description: DNS is a list of IPv4 DNS services + items: + description: IPAddressv4 is used for validation + of an IPv6 address + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - link + type: object + type: array + ipv6: + description: IPv4 contains a list of IPv6 static allocations + items: + description: NetworkDataIPv6 represents an ipv6 static network + object + properties: + id: + description: ID is the network ID (name) + type: string + ipAddressFromIPPool: + description: IPAddressFromIPPool contains the name of + the IPPool to use to get an ip address + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv6 routes + items: + description: NetworkDataRoutev6 represents an ipv6 + route object + properties: + gateway: + description: Gateway is the IPv6 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: object + network: + description: Network is the IPv6 network address + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 128) + maximum: 128 + type: integer + services: + description: Services is a list of IPv6 services + properties: + dns: + description: DNS is a list of IPv6 DNS services + items: + description: IPAddressv6 is used for validation + of an IPv6 address + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - ipAddressFromIPPool + - link + type: object + type: array + ipv6DHCP: + description: IPv4 contains a list of IPv6 DHCP allocations + items: + description: NetworkDataIPv6DHCP represents an ipv6 DHCP + network object + properties: + id: + description: ID is the network ID (name) + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv6 routes + items: + description: NetworkDataRoutev6 represents an ipv6 + route object + properties: + gateway: + description: Gateway is the IPv6 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: object + network: + description: Network is the IPv6 network address + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 128) + maximum: 128 + type: integer + services: + description: Services is a list of IPv6 services + properties: + dns: + description: DNS is a list of IPv6 DNS services + items: + description: IPAddressv6 is used for validation + of an IPv6 address + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - link + type: object + type: array + ipv6SLAAC: + description: IPv4 contains a list of IPv6 SLAAC allocations + items: + description: NetworkDataIPv6DHCP represents an ipv6 DHCP + network object + properties: + id: + description: ID is the network ID (name) + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv6 routes + items: + description: NetworkDataRoutev6 represents an ipv6 + route object + properties: + gateway: + description: Gateway is the IPv6 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: object + network: + description: Network is the IPv6 network address + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 128) + maximum: 128 + type: integer + services: + description: Services is a list of IPv6 services + properties: + dns: + description: DNS is a list of IPv6 DNS services + items: + description: IPAddressv6 is used for validation + of an IPv6 address + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - link + type: object + type: array + type: object + services: + description: Services is a structure containing lists of different + types objects + properties: + dns: + description: DNS is a list of DNS services + items: + description: IPAddress is used for validation of an IP address + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of the IPPool from + which to get the DNS servers + type: string + type: object + type: object + templateReference: + description: TemplateReference refers to the Template the Metal3MachineTemplate + refers to. It can be matched against the key or it may also point + to the name of the template Metal3Data refers to + type: string + required: + - clusterName + type: object + status: + description: Metal3DataTemplateStatus defines the observed state of Metal3DataTemplate. + properties: + indexes: + additionalProperties: + type: integer + description: Indexes contains the map of Metal3Machine and index used + type: object + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/capm3/v0.5.0/crd/bases/infrastructure.cluster.x-k8s.io_metal3machines.yaml b/manifests/function/capm3/v0.5.0/crd/bases/infrastructure.cluster.x-k8s.io_metal3machines.yaml new file mode 100644 index 000000000..794235cdf --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/bases/infrastructure.cluster.x-k8s.io_metal3machines.yaml @@ -0,0 +1,723 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: metal3machines.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3Machine + listKind: Metal3MachineList + plural: metal3machines + shortNames: + - m3m + - m3machine + - m3machines + - metal3m + - metal3machine + singular: metal3machine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: metal3machine is Ready + jsonPath: .status.ready + name: Ready + type: string + - description: Cluster to which this M3Machine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: metal3machine current phase + jsonPath: .status.phase + name: Phase + type: string + name: v1alpha4 + schema: + openAPIV3Schema: + description: Metal3Machine is the Schema for the metal3machines API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3MachineSpec defines the desired state of Metal3Machine + properties: + automatedCleaningMode: + default: metadata + description: When set to disabled, automated cleaning of host disks + will be skipped during provisioning and deprovisioning. + enum: + - metadata + - disabled + type: string + dataTemplate: + description: MetadataTemplate is a reference to a Metal3DataTemplate + object containing a template of metadata to be rendered. Metadata + keys defined in the metadataTemplate take precedence over keys defined + in metadata field. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + hostSelector: + description: HostSelector specifies matching criteria for labels on + BareMetalHosts. This is used to limit the set of BareMetalHost objects + considered for claiming for a metal3machine. + properties: + matchExpressions: + description: Label match expressions that must be true on a chosen + BareMetalHost + items: + properties: + key: + type: string + operator: + description: Operator represents a key/field's relationship + to value(s). See labels.Requirement and fields.Requirement + for more details. + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: Key/value pairs of labels that must exist on a chosen + BareMetalHost + type: object + type: object + image: + description: Image is the image to be provisioned. + properties: + checksum: + description: Checksum is a md5sum value or a URL to retrieve one. + Not required for live-iso. + type: string + checksumType: + description: ChecksumType is the checksum algorithm for the image. + e.g md5, sha256, sha512 + enum: + - md5 + - sha256 + - sha512 + type: string + format: + description: DiskFormat contains the image disk format. + enum: + - raw + - qcow2 + - vdi + - vmdk + - live-iso + type: string + url: + description: URL is a location of an image to deploy. + type: string + required: + - url + type: object + metaData: + description: MetaData is an object storing the reference to the secret + containing the Metadata given by the user. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + networkData: + description: NetworkData is an object storing the reference to the + secret containing the network data given by the user. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + providerID: + description: ProviderID will be the Metal3 machine in ProviderID format + (metal3://) + type: string + userData: + description: UserData references the Secret that holds user data needed + by the bare metal operator. The Namespace is optional; it will default + to the metal3machine's namespace if not specified. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + required: + - image + type: object + status: + description: Metal3MachineStatus defines the observed state of Metal3Machine + properties: + addresses: + description: Addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the metal3machine and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the metal3machine's spec or the configuration of the + controller, and that manual intervention is required. Examples of + terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the controller, or the responsible + controller itself being critically misconfigured. \n Any transient + errors that occur during the reconciliation of metal3machines can + be added as events to the metal3machine object and/or logged in + the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the metal3machine and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the metal3machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of metal3machines can be added as + events to the metal3machine object and/or logged in the controller's + output." + type: string + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + metaData: + description: MetaData is an object storing the reference to the secret + containing the Metadata used to deploy the BareMetalHost. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + networkData: + description: NetworkData is an object storing the reference to the + secret containing the network data used to deploy the BareMetalHost. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + phase: + description: Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + ready: + description: 'Ready is the state of the metal3. TODO : Document the + variable : mhrivnak: " it would be good to document what this means, + how to interpret it, under what circumstances the value changes, + etc."' + type: boolean + renderedData: + description: RenderedData is a reference to a rendered Metal3Data + object containing the references to metaData and networkData secrets. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + userData: + description: UserData references the Secret that holds user data needed + by the bare metal operator. The Namespace is optional; it will default + to the metal3machine's namespace if not specified. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: metal3machine is Ready + jsonPath: .status.ready + name: Ready + type: string + - description: Cluster to which this M3Machine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: metal3machine current phase + jsonPath: .status.phase + name: Phase + type: string + name: v1alpha5 + schema: + openAPIV3Schema: + description: Metal3Machine is the Schema for the metal3machines API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3MachineSpec defines the desired state of Metal3Machine + properties: + automatedCleaningMode: + default: metadata + description: When set to disabled, automated cleaning of host disks + will be skipped during provisioning and deprovisioning. + enum: + - metadata + - disabled + type: string + dataTemplate: + description: MetadataTemplate is a reference to a Metal3DataTemplate + object containing a template of metadata to be rendered. Metadata + keys defined in the metadataTemplate take precedence over keys defined + in metadata field. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + hostSelector: + description: HostSelector specifies matching criteria for labels on + BareMetalHosts. This is used to limit the set of BareMetalHost objects + considered for claiming for a metal3machine. + properties: + matchExpressions: + description: Label match expressions that must be true on a chosen + BareMetalHost + items: + properties: + key: + type: string + operator: + description: Operator represents a key/field's relationship + to value(s). See labels.Requirement and fields.Requirement + for more details. + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: Key/value pairs of labels that must exist on a chosen + BareMetalHost + type: object + type: object + image: + description: Image is the image to be provisioned. + properties: + checksum: + description: Checksum is a md5sum value or a URL to retrieve one. + type: string + checksumType: + description: ChecksumType is the checksum algorithm for the image. + e.g md5, sha256, sha512 + enum: + - md5 + - sha256 + - sha512 + type: string + format: + description: DiskFormat contains the image disk format + enum: + - raw + - qcow2 + - vdi + - vmdk + type: string + url: + description: URL is a location of an image to deploy. + type: string + required: + - checksum + - url + type: object + metaData: + description: MetaData is an object storing the reference to the secret + containing the Metadata given by the user. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + networkData: + description: NetworkData is an object storing the reference to the + secret containing the network data given by the user. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + providerID: + description: ProviderID will be the Metal3 machine in ProviderID format + (metal3://) + type: string + userData: + description: UserData references the Secret that holds user data needed + by the bare metal operator. The Namespace is optional; it will default + to the metal3machine's namespace if not specified. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + required: + - image + type: object + status: + description: Metal3MachineStatus defines the observed state of Metal3Machine + properties: + addresses: + description: Addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP + or InternalIP. + type: string + required: + - address + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the metal3machine and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the metal3machine's spec or the configuration of the + controller, and that manual intervention is required. Examples of + terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the controller, or the responsible + controller itself being critically misconfigured. \n Any transient + errors that occur during the reconciliation of metal3machines can + be added as events to the metal3machine object and/or logged in + the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the metal3machine and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the metal3machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of metal3machines can be added as + events to the metal3machine object and/or logged in the controller's + output." + type: string + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + metaData: + description: MetaData is an object storing the reference to the secret + containing the Metadata used to deploy the BareMetalHost. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + networkData: + description: NetworkData is an object storing the reference to the + secret containing the network data used to deploy the BareMetalHost. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + phase: + description: Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + ready: + description: 'Ready is the state of the metal3. TODO : Document the + variable : mhrivnak: " it would be good to document what this means, + how to interpret it, under what circumstances the value changes, + etc."' + type: boolean + renderedData: + description: RenderedData is a reference to a rendered Metal3Data + object containing the references to metaData and networkData secrets. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + userData: + description: UserData references the Secret that holds user data needed + by the bare metal operator. The Namespace is optional; it will default + to the metal3machine's namespace if not specified. + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/capm3/v0.5.0/crd/bases/infrastructure.cluster.x-k8s.io_metal3machinetemplates.yaml b/manifests/function/capm3/v0.5.0/crd/bases/infrastructure.cluster.x-k8s.io_metal3machinetemplates.yaml new file mode 100644 index 000000000..4aad61265 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/bases/infrastructure.cluster.x-k8s.io_metal3machinetemplates.yaml @@ -0,0 +1,438 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: metal3machinetemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3MachineTemplate + listKind: Metal3MachineTemplateList + plural: metal3machinetemplates + shortNames: + - m3mt + - m3machinetemplate + - m3machinetemplates + - metal3mt + - metal3machinetemplate + singular: metal3machinetemplate + scope: Namespaced + versions: + - name: v1alpha4 + schema: + openAPIV3Schema: + description: Metal3MachineTemplate is the Schema for the metal3machinetemplates + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3MachineTemplateSpec defines the desired state of Metal3MachineTemplate + properties: + nodeReuse: + default: false + description: When set to True, CAPM3 Machine controller will pick + the same pool of BMHs' that were released during the upgrade operation. + type: boolean + template: + description: Metal3MachineTemplateResource describes the data needed + to create a Metal3Machine from a template + properties: + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + automatedCleaningMode: + default: metadata + description: When set to disabled, automated cleaning of host + disks will be skipped during provisioning and deprovisioning. + enum: + - metadata + - disabled + type: string + dataTemplate: + description: MetadataTemplate is a reference to a Metal3DataTemplate + object containing a template of metadata to be rendered. + Metadata keys defined in the metadataTemplate take precedence + over keys defined in metadata field. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + hostSelector: + description: HostSelector specifies matching criteria for + labels on BareMetalHosts. This is used to limit the set + of BareMetalHost objects considered for claiming for a metal3machine. + properties: + matchExpressions: + description: Label match expressions that must be true + on a chosen BareMetalHost + items: + properties: + key: + type: string + operator: + description: Operator represents a key/field's relationship + to value(s). See labels.Requirement and fields.Requirement + for more details. + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: Key/value pairs of labels that must exist + on a chosen BareMetalHost + type: object + type: object + image: + description: Image is the image to be provisioned. + properties: + checksum: + description: Checksum is a md5sum value or a URL to retrieve + one. Not required for live-iso. + type: string + checksumType: + description: ChecksumType is the checksum algorithm for + the image. e.g md5, sha256, sha512 + enum: + - md5 + - sha256 + - sha512 + type: string + format: + description: DiskFormat contains the image disk format. + enum: + - raw + - qcow2 + - vdi + - vmdk + - live-iso + type: string + url: + description: URL is a location of an image to deploy. + type: string + required: + - url + type: object + metaData: + description: MetaData is an object storing the reference to + the secret containing the Metadata given by the user. + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which + the secret name must be unique. + type: string + type: object + networkData: + description: NetworkData is an object storing the reference + to the secret containing the network data given by the user. + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which + the secret name must be unique. + type: string + type: object + providerID: + description: ProviderID will be the Metal3 machine in ProviderID + format (metal3://) + type: string + userData: + description: UserData references the Secret that holds user + data needed by the bare metal operator. The Namespace is + optional; it will default to the metal3machine's namespace + if not specified. + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which + the secret name must be unique. + type: string + type: object + required: + - image + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: false + - name: v1alpha5 + schema: + openAPIV3Schema: + description: Metal3MachineTemplate is the Schema for the metal3machinetemplates + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3MachineTemplateSpec defines the desired state of Metal3MachineTemplate + properties: + nodeReuse: + default: false + description: When set to True, CAPM3 Machine controller will pick + the same pool of BMHs' that were released during the upgrade operation. + type: boolean + template: + description: Metal3MachineTemplateResource describes the data needed + to create a Metal3Machine from a template + properties: + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + automatedCleaningMode: + default: metadata + description: When set to disabled, automated cleaning of host + disks will be skipped during provisioning and deprovisioning. + enum: + - metadata + - disabled + type: string + dataTemplate: + description: MetadataTemplate is a reference to a Metal3DataTemplate + object containing a template of metadata to be rendered. + Metadata keys defined in the metadataTemplate take precedence + over keys defined in metadata field. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + hostSelector: + description: HostSelector specifies matching criteria for + labels on BareMetalHosts. This is used to limit the set + of BareMetalHost objects considered for claiming for a metal3machine. + properties: + matchExpressions: + description: Label match expressions that must be true + on a chosen BareMetalHost + items: + properties: + key: + type: string + operator: + description: Operator represents a key/field's relationship + to value(s). See labels.Requirement and fields.Requirement + for more details. + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: Key/value pairs of labels that must exist + on a chosen BareMetalHost + type: object + type: object + image: + description: Image is the image to be provisioned. + properties: + checksum: + description: Checksum is a md5sum value or a URL to retrieve + one. + type: string + checksumType: + description: ChecksumType is the checksum algorithm for + the image. e.g md5, sha256, sha512 + enum: + - md5 + - sha256 + - sha512 + type: string + format: + description: DiskFormat contains the image disk format + enum: + - raw + - qcow2 + - vdi + - vmdk + type: string + url: + description: URL is a location of an image to deploy. + type: string + required: + - checksum + - url + type: object + metaData: + description: MetaData is an object storing the reference to + the secret containing the Metadata given by the user. + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which + the secret name must be unique. + type: string + type: object + networkData: + description: NetworkData is an object storing the reference + to the secret containing the network data given by the user. + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which + the secret name must be unique. + type: string + type: object + providerID: + description: ProviderID will be the Metal3 machine in ProviderID + format (metal3://) + type: string + userData: + description: UserData references the Secret that holds user + data needed by the bare metal operator. The Namespace is + optional; it will default to the metal3machine's namespace + if not specified. + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which + the secret name must be unique. + type: string + type: object + required: + - image + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/capm3/v0.5.0/crd/kustomization.yaml b/manifests/function/capm3/v0.5.0/crd/kustomization.yaml new file mode 100644 index 000000000..72a987bfd --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/kustomization.yaml @@ -0,0 +1,43 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +# This kustomization.yaml is not intended to be run by itself, +# since it depends on service name and namespace that are out of this kustomize package. +# It should be run by config/default + +commonLabels: + cluster.x-k8s.io/v1alpha3: v1alpha4 + cluster.x-k8s.io/v1alpha4: v1alpha5 + +resources: +- bases/infrastructure.cluster.x-k8s.io_metal3clusters.yaml +- bases/infrastructure.cluster.x-k8s.io_metal3machines.yaml +- bases/infrastructure.cluster.x-k8s.io_metal3machinetemplates.yaml +- bases/infrastructure.cluster.x-k8s.io_metal3datatemplates.yaml +- bases/infrastructure.cluster.x-k8s.io_metal3datas.yaml +- bases/infrastructure.cluster.x-k8s.io_metal3dataclaims.yaml +# +kubebuilder:scaffold:crdkustomizeresource + +patchesStrategicMerge: +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. +# patches here are for enabling the conversion webhook for each CRD +- patches/webhook_in_metal3machines.yaml +- patches/webhook_in_metal3clusters.yaml +- patches/webhook_in_metal3machinetemplates.yaml +- patches/webhook_in_metal3datatemplates.yaml +- patches/webhook_in_metal3datas.yaml +- patches/webhook_in_metal3dataclaims.yaml +# +kubebuilder:scaffold:crdkustomizewebhookpatch + +# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. +# patches here are for enabling the CA injection for each CRD +- patches/cainjection_in_metal3machines.yaml +- patches/cainjection_in_metal3clusters.yaml +- patches/cainjection_in_metal3machinetemplates.yaml +- patches/cainjection_in_metal3datatemplates.yaml +- patches/cainjection_in_metal3datas.yaml +- patches/cainjection_in_metal3dataclaims.yaml +# +kubebuilder:scaffold:crdkustomizecainjectionpatch + +# the following config is for teaching kustomize how to do kustomization for CRDs. +configurations: +- kustomizeconfig.yaml diff --git a/manifests/function/capm3/v0.5.0/crd/kustomizeconfig.yaml b/manifests/function/capm3/v0.5.0/crd/kustomizeconfig.yaml new file mode 100644 index 000000000..8e2d8d6b1 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/kustomizeconfig.yaml @@ -0,0 +1,17 @@ +# This file is for teaching kustomize how to substitute name and namespace reference in CRD +nameReference: +- kind: Service + version: v1 + fieldSpecs: + - kind: CustomResourceDefinition + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/name + +namespace: +- kind: CustomResourceDefinition + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/namespace + create: false + +varReference: +- path: metadata/annotations diff --git a/manifests/function/capm3/v0.5.0/crd/patches/cainjection_in_metal3clusters.yaml b/manifests/function/capm3/v0.5.0/crd/patches/cainjection_in_metal3clusters.yaml new file mode 100644 index 000000000..f6d17861b --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/patches/cainjection_in_metal3clusters.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: metal3clusters.infrastructure.cluster.x-k8s.io diff --git a/manifests/function/capm3/v0.5.0/crd/patches/cainjection_in_metal3dataclaims.yaml b/manifests/function/capm3/v0.5.0/crd/patches/cainjection_in_metal3dataclaims.yaml new file mode 100644 index 000000000..7faf0132a --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/patches/cainjection_in_metal3dataclaims.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: metal3dataclaims.infrastructure.cluster.x-k8s.io diff --git a/manifests/function/capm3/v0.5.0/crd/patches/cainjection_in_metal3datas.yaml b/manifests/function/capm3/v0.5.0/crd/patches/cainjection_in_metal3datas.yaml new file mode 100644 index 000000000..3dc0ef85d --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/patches/cainjection_in_metal3datas.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: metal3datas.infrastructure.cluster.x-k8s.io diff --git a/manifests/function/capm3/v0.5.0/crd/patches/cainjection_in_metal3datatemplates.yaml b/manifests/function/capm3/v0.5.0/crd/patches/cainjection_in_metal3datatemplates.yaml new file mode 100644 index 000000000..025377e9e --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/patches/cainjection_in_metal3datatemplates.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: metal3datatemplates.infrastructure.cluster.x-k8s.io diff --git a/manifests/function/capm3/v0.5.0/crd/patches/cainjection_in_metal3machines.yaml b/manifests/function/capm3/v0.5.0/crd/patches/cainjection_in_metal3machines.yaml new file mode 100644 index 000000000..5e0641cee --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/patches/cainjection_in_metal3machines.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: metal3machines.infrastructure.cluster.x-k8s.io diff --git a/manifests/function/capm3/v0.5.0/crd/patches/cainjection_in_metal3machinetemplates.yaml b/manifests/function/capm3/v0.5.0/crd/patches/cainjection_in_metal3machinetemplates.yaml new file mode 100644 index 000000000..b4ebc7ebf --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/patches/cainjection_in_metal3machinetemplates.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: metal3machinetemplates.infrastructure.cluster.x-k8s.io diff --git a/manifests/function/capm3/v0.5.0/crd/patches/webhook_in_metal3clusters.yaml b/manifests/function/capm3/v0.5.0/crd/patches/webhook_in_metal3clusters.yaml new file mode 100644 index 000000000..da9789ddd --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/patches/webhook_in_metal3clusters.yaml @@ -0,0 +1,19 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: metal3clusters.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/manifests/function/capm3/v0.5.0/crd/patches/webhook_in_metal3dataclaims.yaml b/manifests/function/capm3/v0.5.0/crd/patches/webhook_in_metal3dataclaims.yaml new file mode 100644 index 000000000..ac2e73e3b --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/patches/webhook_in_metal3dataclaims.yaml @@ -0,0 +1,19 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: metal3dataclaims.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/manifests/function/capm3/v0.5.0/crd/patches/webhook_in_metal3datas.yaml b/manifests/function/capm3/v0.5.0/crd/patches/webhook_in_metal3datas.yaml new file mode 100644 index 000000000..5ecf4e893 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/patches/webhook_in_metal3datas.yaml @@ -0,0 +1,19 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: metal3datas.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/manifests/function/capm3/v0.5.0/crd/patches/webhook_in_metal3datatemplates.yaml b/manifests/function/capm3/v0.5.0/crd/patches/webhook_in_metal3datatemplates.yaml new file mode 100644 index 000000000..eb65c21d8 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/patches/webhook_in_metal3datatemplates.yaml @@ -0,0 +1,19 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: metal3datatemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/manifests/function/capm3/v0.5.0/crd/patches/webhook_in_metal3machines.yaml b/manifests/function/capm3/v0.5.0/crd/patches/webhook_in_metal3machines.yaml new file mode 100644 index 000000000..7097af267 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/patches/webhook_in_metal3machines.yaml @@ -0,0 +1,19 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: metal3machines.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/manifests/function/capm3/v0.5.0/crd/patches/webhook_in_metal3machinetemplates.yaml b/manifests/function/capm3/v0.5.0/crd/patches/webhook_in_metal3machinetemplates.yaml new file mode 100644 index 000000000..100c91050 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/crd/patches/webhook_in_metal3machinetemplates.yaml @@ -0,0 +1,19 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: metal3machinetemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/manifests/function/capm3/v0.5.0/data/kustomization.yaml b/manifests/function/capm3/v0.5.0/data/kustomization.yaml new file mode 100644 index 000000000..65d5b6a21 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/data/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - metadata.yaml diff --git a/manifests/function/capm3/v0.5.0/data/metadata.yaml b/manifests/function/capm3/v0.5.0/data/metadata.yaml new file mode 100644 index 000000000..1046135c7 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/data/metadata.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 +kind: Metadata +metadata: + name: repository-metadata + labels: + airshipit.org/deploy-k8s: "false" +releaseSeries: +- major: 0 + minor: 5 + contract: v1alpha4 diff --git a/manifests/function/capm3/v0.5.0/default/capm3/kustomization.yaml b/manifests/function/capm3/v0.5.0/default/capm3/kustomization.yaml new file mode 100644 index 000000000..fe8d58192 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/default/capm3/kustomization.yaml @@ -0,0 +1,49 @@ +# Adds namespace to all resources. +namespace: capm3-system + +resources: + - namespace.yaml + +bases: + - ../../crd + - ../../rbac + - ../../manager + - ../../webhook + - ../../certmanager + +patchesStrategicMerge: + - manager_image_patch.yaml + - manager_pull_policy_patch.yaml + - manager_webhook_patch.yaml + - webhookcainjection_patch.yaml + +vars: +- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR + objref: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldref: + fieldpath: metadata.namespace +- name: CERTIFICATE_NAME + objref: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml +- name: SERVICE_NAMESPACE # namespace of the service + objref: + kind: Service + version: v1 + name: webhook-service + fieldref: + fieldpath: metadata.namespace +- name: SERVICE_NAME + objref: + kind: Service + version: v1 + name: webhook-service + +configurations: + - kustomizeconfig.yaml diff --git a/manifests/function/capm3/v0.5.0/default/capm3/kustomizeconfig.yaml b/manifests/function/capm3/v0.5.0/default/capm3/kustomizeconfig.yaml new file mode 100644 index 000000000..3f37e7176 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/default/capm3/kustomizeconfig.yaml @@ -0,0 +1,4 @@ +# This configuration is for teaching kustomize how to update name ref and var substitution +varReference: +- kind: Deployment + path: spec/template/spec/volumes/secret/secretName \ No newline at end of file diff --git a/manifests/function/capm3/v0.5.0/default/capm3/manager_image_patch.yaml b/manifests/function/capm3/v0.5.0/default/capm3/manager_image_patch.yaml new file mode 100644 index 000000000..70fa68da6 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/default/capm3/manager_image_patch.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + # Change the value of image field below to your controller image URL + - image: quay.io/metal3-io/cluster-api-provider-metal3:master + name: manager diff --git a/manifests/function/capm3/v0.5.0/default/capm3/manager_pull_policy_patch.yaml b/manifests/function/capm3/v0.5.0/default/capm3/manager_pull_policy_patch.yaml new file mode 100644 index 000000000..cd7ae12c0 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/default/capm3/manager_pull_policy_patch.yaml @@ -0,0 +1,11 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + imagePullPolicy: IfNotPresent diff --git a/manifests/function/capm3/v0.5.0/default/capm3/manager_webhook_patch.yaml b/manifests/function/capm3/v0.5.0/default/capm3/manager_webhook_patch.yaml new file mode 100644 index 000000000..b387eb0ea --- /dev/null +++ b/manifests/function/capm3/v0.5.0/default/capm3/manager_webhook_patch.yaml @@ -0,0 +1,23 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: $(SERVICE_NAME)-cert diff --git a/manifests/function/capm3/v0.5.0/default/capm3/namespace.yaml b/manifests/function/capm3/v0.5.0/default/capm3/namespace.yaml new file mode 100644 index 000000000..ebc8f42ec --- /dev/null +++ b/manifests/function/capm3/v0.5.0/default/capm3/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: capm3-system diff --git a/manifests/function/capm3/v0.5.0/default/capm3/webhookcainjection_patch.yaml b/manifests/function/capm3/v0.5.0/default/capm3/webhookcainjection_patch.yaml new file mode 100644 index 000000000..02ab515d4 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/default/capm3/webhookcainjection_patch.yaml @@ -0,0 +1,15 @@ +# This patch add annotation to admission webhook config and +# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: mutating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/manifests/function/capm3/v0.5.0/default/kustomization.yaml b/manifests/function/capm3/v0.5.0/default/kustomization.yaml new file mode 100644 index 000000000..5e9a8644d --- /dev/null +++ b/manifests/function/capm3/v0.5.0/default/kustomization.yaml @@ -0,0 +1,8 @@ +namePrefix: capm3- + +commonLabels: + cluster.x-k8s.io/provider: "infrastructure-metal3" + +bases: +- capm3 +- ../ipam \ No newline at end of file diff --git a/manifests/function/capm3/v0.5.0/ipam/image_patch.yaml b/manifests/function/capm3/v0.5.0/ipam/image_patch.yaml new file mode 100644 index 000000000..cb3db545b --- /dev/null +++ b/manifests/function/capm3/v0.5.0/ipam/image_patch.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ipam-controller-manager + namespace: capm3-system +spec: + template: + spec: + containers: + # Change the value of image field below to your controller image URL + - image: quay.io/metal3-io/ip-address-manager:v0.1.0 + name: manager \ No newline at end of file diff --git a/manifests/function/capm3/v0.5.0/ipam/kustomization.yaml b/manifests/function/capm3/v0.5.0/ipam/kustomization.yaml new file mode 100644 index 000000000..55d902c16 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/ipam/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +# When updating the release, update also the image tag in image_patch.yaml +resources: +- https://github.com/metal3-io/ip-address-manager/releases/download/v0.1.0/ipam-components.yaml + +patchesStrategicMerge: + - image_patch.yaml + - pull_policy_patch.yaml \ No newline at end of file diff --git a/manifests/function/capm3/v0.5.0/ipam/pull_policy_patch.yaml b/manifests/function/capm3/v0.5.0/ipam/pull_policy_patch.yaml new file mode 100644 index 000000000..5fff9a2f4 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/ipam/pull_policy_patch.yaml @@ -0,0 +1,11 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ipam-controller-manager + namespace: capm3-system +spec: + template: + spec: + containers: + - name: manager + imagePullPolicy: IfNotPresent \ No newline at end of file diff --git a/manifests/function/capm3/v0.5.0/kustomization.yaml b/manifests/function/capm3/v0.5.0/kustomization.yaml new file mode 100644 index 000000000..76863c6e2 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/kustomization.yaml @@ -0,0 +1,3 @@ +bases: + - default + - data diff --git a/manifests/function/capm3/v0.5.0/manager/kustomization.yaml b/manifests/function/capm3/v0.5.0/manager/kustomization.yaml new file mode 100644 index 000000000..ea3e17190 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/manager/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - manager.yaml + +generatorOptions: + disableNameSuffixHash: true diff --git a/manifests/function/capm3/v0.5.0/manager/manager.yaml b/manifests/function/capm3/v0.5.0/manager/manager.yaml new file mode 100644 index 000000000..89487a966 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/manager/manager.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" +spec: + selector: + matchLabels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + template: + metadata: + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + spec: + containers: + - command: + - /manager + args: + - "--webhook-port=9443" + image: controller:latest + imagePullPolicy: IfNotPresent + name: manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + ports: + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + livenessProbe: + httpGet: + path: /healthz + port: healthz + terminationGracePeriodSeconds: 10 + serviceAccountName: manager + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master diff --git a/manifests/function/capm3/v0.5.0/manager/manager_prometheus_metrics_patch.yaml b/manifests/function/capm3/v0.5.0/manager/manager_prometheus_metrics_patch.yaml new file mode 100644 index 000000000..0b96c6813 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/manager/manager_prometheus_metrics_patch.yaml @@ -0,0 +1,19 @@ +# This patch enables Prometheus scraping for the manager pod. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + metadata: + annotations: + prometheus.io/scrape: 'true' + spec: + containers: + # Expose the prometheus metrics on default port + - name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP diff --git a/manifests/function/capm3/v0.5.0/rbac/kustomization.yaml b/manifests/function/capm3/v0.5.0/rbac/kustomization.yaml new file mode 100644 index 000000000..3f4ef813a --- /dev/null +++ b/manifests/function/capm3/v0.5.0/rbac/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- role.yaml +- role_binding.yaml +- service_account.yaml +- leader_election_role_binding.yaml +- leader_election_role.yaml diff --git a/manifests/function/capm3/v0.5.0/rbac/leader_election_role.yaml b/manifests/function/capm3/v0.5.0/rbac/leader_election_role.yaml new file mode 100644 index 000000000..47209c08b --- /dev/null +++ b/manifests/function/capm3/v0.5.0/rbac/leader_election_role.yaml @@ -0,0 +1,44 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - "coordination.k8s.io" + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete \ No newline at end of file diff --git a/manifests/function/capm3/v0.5.0/rbac/leader_election_role_binding.yaml b/manifests/function/capm3/v0.5.0/rbac/leader_election_role_binding.yaml new file mode 100644 index 000000000..d5e004467 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/rbac/leader_election_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: manager + namespace: system diff --git a/manifests/function/capm3/v0.5.0/rbac/role.yaml b/manifests/function/capm3/v0.5.0/rbac/role.yaml new file mode 100644 index 000000000..f07cac5d5 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/rbac/role.yaml @@ -0,0 +1,260 @@ + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: manager-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters/status + verbs: + - get +- apiGroups: + - cluster.x-k8s.io + resources: + - kubeadmcontrolplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinedeployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machinesets + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3clusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3clusters/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3dataclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3dataclaims/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3datas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3datas/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3datatemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3datatemplates/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3machines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3machines/status + verbs: + - get + - patch + - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3machinetemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ipam.metal3.io + resources: + - ipaddresses + verbs: + - get + - list + - watch +- apiGroups: + - ipam.metal3.io + resources: + - ipaddresses/status + verbs: + - get +- apiGroups: + - ipam.metal3.io + resources: + - ipclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ipam.metal3.io + resources: + - ipclaims/status + verbs: + - get + - watch +- apiGroups: + - metal3.io + resources: + - baremetalhosts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - metal3.io + resources: + - baremetalhosts/status + verbs: + - get + - patch + - update diff --git a/manifests/function/capm3/v0.5.0/rbac/role_binding.yaml b/manifests/function/capm3/v0.5.0/rbac/role_binding.yaml new file mode 100644 index 000000000..5a95f66d6 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/rbac/role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: manager + namespace: system diff --git a/manifests/function/capm3/v0.5.0/rbac/service_account.yaml b/manifests/function/capm3/v0.5.0/rbac/service_account.yaml new file mode 100644 index 000000000..c41800524 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/rbac/service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: manager + namespace: system \ No newline at end of file diff --git a/manifests/function/capm3/v0.5.0/webhook/kustomization.yaml b/manifests/function/capm3/v0.5.0/webhook/kustomization.yaml new file mode 100644 index 000000000..fbd74f349 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/webhook/kustomization.yaml @@ -0,0 +1,6 @@ +resources: + - manifests.yaml + - service.yaml + +configurations: + - kustomizeconfig.yaml \ No newline at end of file diff --git a/manifests/function/capm3/v0.5.0/webhook/kustomizeconfig.yaml b/manifests/function/capm3/v0.5.0/webhook/kustomizeconfig.yaml new file mode 100644 index 000000000..977428498 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/webhook/kustomizeconfig.yaml @@ -0,0 +1,25 @@ +# the following config is for teaching kustomize where to look at when substituting vars. +# It requires kustomize v2.1.0 or newer to work properly. +nameReference: +- kind: Service + version: v1 + fieldSpecs: + - kind: MutatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/name + - kind: ValidatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/name + +namespace: + - kind: MutatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/namespace + create: true + - kind: ValidatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/namespace + create: true + +varReference: + - path: metadata/annotations \ No newline at end of file diff --git a/manifests/function/capm3/v0.5.0/webhook/manifests.yaml b/manifests/function/capm3/v0.5.0/webhook/manifests.yaml new file mode 100644 index 000000000..28c324d63 --- /dev/null +++ b/manifests/function/capm3/v0.5.0/webhook/manifests.yaml @@ -0,0 +1,268 @@ + +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + creationTimestamp: null + name: mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha5-metal3cluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3cluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha5 + operations: + - CREATE + - UPDATE + resources: + - metal3clusters + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha5-metal3data + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3data.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha5 + operations: + - CREATE + - UPDATE + resources: + - metal3datas + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha5-metal3dataclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3dataclaim.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha5 + operations: + - CREATE + - UPDATE + resources: + - metal3dataclaims + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha5-metal3datatemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3datatemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha5 + operations: + - CREATE + - UPDATE + resources: + - metal3datatemplates + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha5-metal3machine + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3machine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha5 + operations: + - CREATE + - UPDATE + resources: + - metal3machines + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha5-metal3machinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3machinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha5 + operations: + - CREATE + - UPDATE + resources: + - metal3machinetemplates + sideEffects: None + +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + name: validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha5-metal3cluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3cluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha5 + operations: + - CREATE + - UPDATE + resources: + - metal3clusters + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha5-metal3data + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3data.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha5 + operations: + - CREATE + - UPDATE + resources: + - metal3datas + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha5-metal3dataclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3dataclaim.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha5 + operations: + - CREATE + - UPDATE + resources: + - metal3dataclaims + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha5-metal3datatemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3datatemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha5 + operations: + - CREATE + - UPDATE + resources: + - metal3datatemplates + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha5-metal3machine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3machine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha5 + operations: + - CREATE + - UPDATE + resources: + - metal3machines + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha5-metal3machinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3machinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha5 + operations: + - CREATE + - UPDATE + resources: + - metal3machinetemplates + sideEffects: None diff --git a/manifests/function/capm3/v0.5.0/webhook/service.yaml b/manifests/function/capm3/v0.5.0/webhook/service.yaml new file mode 100644 index 000000000..9bc95014f --- /dev/null +++ b/manifests/function/capm3/v0.5.0/webhook/service.yaml @@ -0,0 +1,10 @@ + +apiVersion: v1 +kind: Service +metadata: + name: webhook-service + namespace: system +spec: + ports: + - port: 443 + targetPort: webhook-server diff --git a/manifests/function/ironic-deployment/v0.5.0/config-file/dnsmasq.conf b/manifests/function/ironic-deployment/v0.5.0/config-file/dnsmasq.conf new file mode 100644 index 000000000..7be245153 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/config-file/dnsmasq.conf @@ -0,0 +1,29 @@ +interface=$(PROVISIONING_INTERFACE) +bind-dynamic +log-dhcp +enable-tftp +tftp-root=/shared/tftpboot + +# Disable listening for DNS +port=0 + +dhcp-range=$(DHCP_RANGE) + +# Disable default router(s) and DNS over provisioning network +dhcp-option=3 +dhcp-option=6 + +# IPv4 Configuration: +dhcp-match=ipxe,175 +# Client is already running iPXE; move to next stage of chainloading +dhcp-boot=tag:ipxe,http://$(PROVISIONING_IP):80/dualboot.ipxe + +# Note: Need to test EFI booting +dhcp-match=set:efi,option:client-arch,7 +dhcp-match=set:efi,option:client-arch,9 +dhcp-match=set:efi,option:client-arch,11 +# Client is PXE booting over EFI without iPXE ROM; send EFI version of iPXE chainloader +dhcp-boot=tag:efi,tag:!ipxe,ipxe.efi + +# Client is running PXE over BIOS; send BIOS version of iPXE chainloader +dhcp-boot=/undionly.kpxe,$(PROVISIONING_IP) diff --git a/manifests/function/ironic-deployment/v0.5.0/config-file/dualboot.ipxe b/manifests/function/ironic-deployment/v0.5.0/config-file/dualboot.ipxe new file mode 100644 index 000000000..4ed14ab75 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/config-file/dualboot.ipxe @@ -0,0 +1,22 @@ +#!ipxe + +# NOTE(lucasagomes): Loop over all network devices and boot from +# the first one capable of booting. For more information see: +# https://bugs.launchpad.net/ironic/+bug/1504482 +set netid:int32 -1 +:loop +inc netid +isset ${net${netid}/mac} || chain pxelinux.cfg/${mac:hexhyp} || goto inspector +echo Attempting to boot from MAC ${net${netid}/mac:hexhyp} +chain pxelinux.cfg/${net${netid}/mac:hexhyp} || goto loop + +# If no networks configured to boot then introspect first valid one +:inspector +chain inspector.ipxe || goto loop_done + +:loop_done +echo PXE boot failed! No configuration found for any of the present NICs +echo and could not find inspector.ipxe to use as fallback. +echo Press any key to reboot... +prompt --timeout 180 +reboot diff --git a/manifests/function/ironic-deployment/v0.5.0/config-file/httpd.conf b/manifests/function/ironic-deployment/v0.5.0/config-file/httpd.conf new file mode 100644 index 000000000..abac06316 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/config-file/httpd.conf @@ -0,0 +1,58 @@ +ServerRoot "/etc/httpd" +Listen [::]:80 +Include conf.modules.d/*.conf +User apache +Group apache +ServerAdmin root@localhost + + AllowOverride none + Require all denied + +DocumentRoot "/shared/html" + + AllowOverride None + Require all granted + + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + + + DirectoryIndex index.html + + + Require all denied + +ErrorLog /dev/stderr +LogLevel warn + + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%h %l %u %t \"%r\" %>s %b" common + + # You need to enable mod_logio.c to use %I and %O + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + + CustomLog /dev/stderr combined + + + ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" + + + AllowOverride None + Options None + Require all granted + + + TypesConfig /etc/mime.types + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml + +AddDefaultCharset UTF-8 + + MIMEMagicFile conf/magic + +EnableSendfile on +IncludeOptional conf.d/*.conf diff --git a/manifests/function/ironic-deployment/v0.5.0/config-file/inspector.conf b/manifests/function/ironic-deployment/v0.5.0/config-file/inspector.conf new file mode 100644 index 000000000..0a807fb56 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/config-file/inspector.conf @@ -0,0 +1,26 @@ +[DEFAULT] +auth_strategy = noauth +debug = true +transport_url = fake:// +use_stderr = true +listen_address = :: +[database] +connection = sqlite:///shared/ironic-inspector.db +[discovery] +enroll_node_driver = ipmi +[ironic] +auth_type = none +endpoint_override = http://$(PROVISIONING_IP):6385 +[processing] +always_store_ramdisk_logs = true +node_not_found_hook = enroll +permit_active_introspection = true +power_off = false +processing_hooks = $default_processing_hooks,extra_hardware,lldp_basic +ramdisk_logs_dir = /shared/log/ironic-inspector/ramdisk +store_data = database +[pxe_filter] +driver = noop +[service_catalog] +auth_type = none +endpoint_override = http://$(PROVISIONING_IP):5050 diff --git a/manifests/function/ironic-deployment/v0.5.0/config-file/inspector.ipxe b/manifests/function/ironic-deployment/v0.5.0/config-file/inspector.ipxe new file mode 100644 index 000000000..e1ec284dc --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/config-file/inspector.ipxe @@ -0,0 +1,9 @@ +#!ipxe + +:retry_boot +echo In inspector.ipxe +imgfree +# NOTE(dtantsur): keep inspection kernel params in [mdns]params in ironic-inspector-image +kernel --timeout 60000 http://$(PROVISIONING_IP):80/images/ipa-ubuntu-master.kernel ipa-inspection-callback-url=http://$(PROVISIONING_IP):5050/v1/continue ipa-inspection-collectors=default,extra-hardware,logs systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 initrd=ipa-ubuntu-master.initramfs || goto retry_boot +initrd --timeout 60000 http://$(PROVISIONING_IP):80/images/ipa-ubuntu-master.initramfs || goto retry_boot +boot diff --git a/manifests/function/ironic-deployment/v0.5.0/config-file/ironic.conf b/manifests/function/ironic-deployment/v0.5.0/config-file/ironic.conf new file mode 100644 index 000000000..ffd3a07b2 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/config-file/ironic.conf @@ -0,0 +1,59 @@ +[DEFAULT] +auth_strategy = noauth +my_ip = $(PROVISIONING_IP) +debug = true +default_boot_interface = ipxe +default_deploy_interface = direct +default_inspect_interface = inspector +default_network_interface = noop +enabled_boot_interfaces = pxe,ipxe,fake,redfish-virtual-media +enabled_deploy_interfaces = direct,fake +enabled_hardware_types = ipmi,idrac,irmc,fake-hardware,redfish +enabled_inspect_interfaces = inspector,idrac,irmc,fake,redfish +enabled_management_interfaces = ipmitool,idrac,irmc,fake,redfish,idrac-redfish +enabled_power_interfaces = ipmitool,idrac,irmc,fake,redfish,idrac-redfish +enabled_raid_interfaces = no-raid,irmc,agent,fake +enabled_vendor_interfaces = ipmitool,no-vendor,idrac,fake +rpc_transport = json-rpc +use_stderr = true +[agent] +deploy_logs_collect = always +deploy_logs_local_path = /shared/log/ironic/deploy +[api] +host_ip = :: +api_workers = $(API_WORKERS) +[conductor] +automated_clean = $(AUTOMATED_CLEAN) +send_sensor_data = true +send_sensor_data_interval = 160 +api_url = http://$(PROVISIONING_IP):6385 +bootloader = http://$(PROVISIONING_IP):80/uefi_esp.img +[database] +connection = sqlite:///shared/ironic.db +[deploy] +default_boot_option = local +erase_devices_metadata_priority = 10 +erase_devices_priority = 0 +http_root = /shared/html/ +http_url = http://$(PROVISIONING_IP):80 +fast_track = $(FAST_TRACK) +[dhcp] +dhcp_provider = none +[inspector] +endpoint_override = http://$(PROVISIONING_IP):5050 +[oslo_messaging_notifications] +driver = prometheus_exporter +location = /shared/ironic_prometheus_exporter +transport_url = fake:// +[pxe] +images_path = /shared/html/tmp +instance_master_path = /shared/html/master_images +ipxe_enabled = true +pxe_config_template = $pybasedir/drivers/modules/ipxe_config.template +tftp_master_path = /shared/tftpboot +tftp_root = /shared/tftpboot +uefi_pxe_config_template = $pybasedir/drivers/modules/ipxe_config.template +[redfish] +use_swift = false +[service_catalog] +endpoint_override = http://$(PROVISIONING_IP):6385 diff --git a/manifests/function/ironic-deployment/v0.5.0/config-file/kustomization.yaml b/manifests/function/ironic-deployment/v0.5.0/config-file/kustomization.yaml new file mode 100644 index 000000000..212a9f0e2 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/config-file/kustomization.yaml @@ -0,0 +1,12 @@ +generatorOptions: + disableNameSuffixHash: true + +configMapGenerator: +- name: ironic-config-files + files: + - dnsmasq.conf + - dualboot.ipxe + - httpd.conf + - inspector.conf + - inspector.ipxe + - ironic.conf diff --git a/manifests/function/ironic-deployment/v0.5.0/entrypoint/dnsmasq-entrypoint b/manifests/function/ironic-deployment/v0.5.0/entrypoint/dnsmasq-entrypoint new file mode 100644 index 000000000..69b0bcff3 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/entrypoint/dnsmasq-entrypoint @@ -0,0 +1,9 @@ +#!/usr/bin/bash + +cp -f /tftpboot/undionly.kpxe /tftpboot/ipxe.efi /tftpboot/snponly.efi /shared/tftpboot +cp -f /shared/inspector.ipxe /shared/html/inspector.ipxe +cp -f /shared/dualboot.ipxe /shared/html/dualboot.ipxe +cp -f /tmp/uefi_esp.img /shared/html/uefi_esp.img + +/bin/runhealthcheck "dnsmasq" &>/dev/null & +exec /usr/sbin/dnsmasq -d -q -C /shared/dnsmasq.conf diff --git a/manifests/function/ironic-deployment/v0.5.0/entrypoint/httpd-entrypoint b/manifests/function/ironic-deployment/v0.5.0/entrypoint/httpd-entrypoint new file mode 100644 index 000000000..c12441fc2 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/entrypoint/httpd-entrypoint @@ -0,0 +1,6 @@ +#!/usr/bin/bash + +cp -f /shared/httpd.conf /etc/httpd/conf/httpd.conf + +/bin/runhealthcheck "httpd" "80" &>/dev/null & +exec /usr/sbin/httpd -DFOREGROUND diff --git a/manifests/function/ironic-deployment/v0.5.0/entrypoint/init-bootstrap b/manifests/function/ironic-deployment/v0.5.0/entrypoint/init-bootstrap new file mode 100644 index 000000000..23329849e --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/entrypoint/init-bootstrap @@ -0,0 +1,36 @@ +#!/usr/bin/env bash +set -xe + +#Configure vars for rendering +pushd /ironic-vars +rm -f /shared/sed_commands +for var_name in $( ls ) ; do + echo -n s!\$\($var_name\)! >> /shared/sed_commands + cat $var_name >> /shared/sed_commands + echo !g >> /shared/sed_commands + export $var_name=$(cat $var_name) +done +popd + +while ! ip -br addr show | grep -q "$PROVISIONING_IP/"; do + echo 'Waiting for provisioning ip' + sleep 5; +done + +mkdir -p /shared/{tftpboot,ironic_prometheus_exporter,html/{images,pxelinux.cfg},log/{dnsmasq,httpd,ironic,ironic-inspector/ramdisk,mariadb}/} + +# Remove log files from last deployment +rm -rf /shared/log/httpd/* +rm -rf /shared/log/ironic/* +rm -rf /shared/log/ironic-inspector/* + +# Rendering files to shared mount +pushd /cfg +for f in $( ls ); do + sed -f /shared/sed_commands $f > /shared/$f +done +popd + +chmod -R 0777 /shared/html + +touch /shared/init_finished diff --git a/manifests/function/ironic-deployment/v0.5.0/entrypoint/init-images b/manifests/function/ironic-deployment/v0.5.0/entrypoint/init-images new file mode 100644 index 000000000..f050ca866 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/entrypoint/init-images @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +set -xe + +#Copy files to shared mount +mkdir -p /shared/html/images/ +cp -f /ipa-ubuntu-master* /shared/html/images/ +chmod 777 -R /shared/html/images/ diff --git a/manifests/function/ironic-deployment/v0.5.0/entrypoint/inspector-entrypoint b/manifests/function/ironic-deployment/v0.5.0/entrypoint/inspector-entrypoint new file mode 100644 index 000000000..e2b2d9092 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/entrypoint/inspector-entrypoint @@ -0,0 +1,11 @@ +#!/usr/bin/bash + +. /bin/ironic-common.sh + +wait_for_interface_or_ip + +ironic-inspector-dbsync --config-file /shared/inspector.conf upgrade + +exec /usr/bin/ironic-inspector --config-file /etc/ironic-inspector/inspector-dist.conf \ + --config-file /shared/inspector.conf \ + --log-file /shared/log/ironic-inspector/ironic-inspector.log diff --git a/manifests/function/ironic-deployment/v0.5.0/entrypoint/ironic-entrypoint b/manifests/function/ironic-deployment/v0.5.0/entrypoint/ironic-entrypoint new file mode 100644 index 000000000..ce91e3839 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/entrypoint/ironic-entrypoint @@ -0,0 +1,16 @@ +#!/usr/bin/bash + +cp -f /shared/ironic.conf /etc/ironic/ironic.conf + +DB_VERSION="$(ironic-dbsync --config-file /etc/ironic/ironic.conf version)" +if [ "${DB_VERSION}" == "None" ]; +then + ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema +fi + +/usr/bin/ironic-conductor & +/usr/bin/ironic-api & + +/bin/runhealthcheck "ironic" &>/dev/null & + +sleep infinity diff --git a/manifests/function/ironic-deployment/v0.5.0/entrypoint/kustomization.yaml b/manifests/function/ironic-deployment/v0.5.0/entrypoint/kustomization.yaml new file mode 100644 index 000000000..31f0f841a --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/entrypoint/kustomization.yaml @@ -0,0 +1,12 @@ +generatorOptions: + disableNameSuffixHash: true + +configMapGenerator: +- name: ironic-entrypoints + files: + - dnsmasq-entrypoint + - httpd-entrypoint + - init-images + - init-bootstrap + - inspector-entrypoint + - ironic-entrypoint diff --git a/manifests/function/ironic-deployment/v0.5.0/ironic-pv.yaml b/manifests/function/ironic-deployment/v0.5.0/ironic-pv.yaml new file mode 100644 index 000000000..91cadbac5 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/ironic-pv.yaml @@ -0,0 +1,25 @@ +--- +kind: PersistentVolume +apiVersion: v1 +metadata: + name: ironic-pv-volume +spec: + storageClassName: default + capacity: + storage: "10Gi" + accessModes: + - ReadWriteOnce + hostPath: + path: "/opt/metal3-dev-env/ironic" +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: ironic-pv-claim +spec: + storageClassName: default + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "10Gi" diff --git a/manifests/function/ironic-deployment/v0.5.0/ironic-vars.yaml b/manifests/function/ironic-deployment/v0.5.0/ironic-vars.yaml new file mode 100644 index 000000000..b42d77e64 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/ironic-vars.yaml @@ -0,0 +1,39 @@ +--- +kind: ConfigMap +apiVersion: v1 +metadata: + labels: + name: ironic-vars +data: + # Overrideable via the `replacements` entrypoint and environment variables + HTTP_PROXY: "" + HTTPS_PROXY: "" + http_proxy: "" + https_proxy: "" + NO_PROXY: "" + no_proxy: "" + # Overrideable via the `replacements` entrypoint and networking catalogue + PROVISIONING_IP: "192.168.10.100" + # Overrideable via the `replacements` entrypoint and networking catalogue + DHCP_RANGE: "192.168.10.200,192.168.10.250" + # Overrideable via the `replacements` entrypoint and networking catalogue + PROVISIONING_INTERFACE: "pxe" + HTTP: "80" + DEPLOY_KERNEL_PATH: "/images/ipa-ubuntu-master.kernel" + DEPLOY_RAMDISK_PATH: "/images/ipa-ubuntu-master.initramfs" + FAST_TRACK: "false" + API_WORKERS: "4" + AUTOMATED_CLEAN: "true" + IRONIC_VOLUME_CAPACITY: "10Gi" + IRONIC_STORAGE_CLASS_NAME: "default" + IRONIC_HOST_PATH: "/opt/metal3-dev-env/ironic/" + + # Additional Baremetal Operator values overridable via the `replacements` entrypoint + # and networking catalogue + # IRONIC_AUTOMATED_CLEAN: "false" + # HTTP_PORT: "80" + # IRONIC_FAST_TRACK: "false" + # DEPLOY_KERNEL_URL: http://172.30.0.140:80/images/ipa-ubuntu-master.kernel + # DEPLOY_RAMDISK_URL: http://172.30.0.140:80/images/ipa-ubuntu-master.initramfs + # IRONIC_ENDPOINT: http://172.30.0.140:6385/v1/ + # IRONIC_INSPECTOR_ENDPOINT: http://172.30.0.140:5050/v1/ diff --git a/manifests/function/ironic-deployment/v0.5.0/ironic_nodeselector_patch.yaml b/manifests/function/ironic-deployment/v0.5.0/ironic_nodeselector_patch.yaml new file mode 100644 index 000000000..55bdc305b --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/ironic_nodeselector_patch.yaml @@ -0,0 +1,9 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capm3-ironic +spec: + template: + spec: + nodeSelector: + kubernetes.io/os: linux diff --git a/manifests/function/ironic-deployment/v0.5.0/ironic_qcow_image_patch.yaml b/manifests/function/ironic-deployment/v0.5.0/ironic_qcow_image_patch.yaml new file mode 100644 index 000000000..1499b0aa8 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/ironic_qcow_image_patch.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capm3-ironic +spec: + template: + spec: + initContainers: + - name: init-images + image: quay.io/airshipit/ipa-wallaby:latest + imagePullPolicy: Always + command: ['/bin/init-images'] + volumeMounts: + - name: ironic-data-volume + mountPath: "/shared" + - name: ironic-entrypoints + mountPath: /bin/init-images + subPath: init-images + - name: qcow-bundle + command: + - sh + - -c + - "cp /qcows/*.qcow2 /qcows/*.qcow2.md5sum /shared/html/images/" + image: "quay.io/sirishagopigiri/qcow-bundle:v1.19.1" + imagePullPolicy: Always + volumeMounts: + - mountPath: "/shared" + name: ironic-data-volume diff --git a/manifests/function/ironic-deployment/v0.5.0/ironic_toleration_patch.yaml b/manifests/function/ironic-deployment/v0.5.0/ironic_toleration_patch.yaml new file mode 100644 index 000000000..e8646c37f --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/ironic_toleration_patch.yaml @@ -0,0 +1,10 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capm3-ironic +spec: + template: + spec: + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule diff --git a/manifests/function/ironic-deployment/v0.5.0/ironic_volume_patch.yaml b/manifests/function/ironic-deployment/v0.5.0/ironic_volume_patch.yaml new file mode 100644 index 000000000..b2942634c --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/ironic_volume_patch.yaml @@ -0,0 +1,15 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capm3-ironic +spec: + template: + spec: + volumes: + - name: ironic-data-volume + persistentVolumeClaim: + claimName: ironic-pv-claim + - name: ironic-entrypoints + configMap: + name: ironic-entrypoints + defaultMode: 0700 diff --git a/manifests/function/ironic-deployment/v0.5.0/kustomization.yaml b/manifests/function/ironic-deployment/v0.5.0/kustomization.yaml new file mode 100644 index 000000000..aca64d950 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/kustomization.yaml @@ -0,0 +1,24 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: metal3 +resources: +- upstream/default +- config-file +- entrypoint +- ironic-pv.yaml + +patchesStrategicMerge: +- ironic_toleration_patch.yaml +- ironic_nodeselector_patch.yaml +- ironic_qcow_image_patch.yaml +- ironic_volume_patch.yaml + +patchesJSON6902: +- target: + group: apps + version: v1 + kind: Deployment + name: capm3-ironic + patch: |- + - op: remove + path: /spec/template/spec/volumes/0/emptyDir diff --git a/manifests/function/ironic-deployment/v0.5.0/replacements/ironic-env-vars.yaml b/manifests/function/ironic-deployment/v0.5.0/replacements/ironic-env-vars.yaml new file mode 100644 index 000000000..7781c0fe0 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/replacements/ironic-env-vars.yaml @@ -0,0 +1,65 @@ +# These rules inject env vars into the baremetal-operator function. +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: ironic-deployment-env-vars-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: localhost/replacement-transformer +replacements: +# Replace the proxy vars +- source: + objref: + name: env-vars-catalogue + fieldref: env.HTTP_PROXY + target: + objref: + kind: ConfigMap + name: ironic-bmo-configmap + fieldrefs: ["data.HTTP_PROXY"] +- source: + objref: + name: env-vars-catalogue + fieldref: env.HTTPS_PROXY + target: + objref: + kind: ConfigMap + name: ironic-bmo-configmap + fieldrefs: ["data.HTTPS_PROXY"] +- source: + objref: + name: env-vars-catalogue + fieldref: env.http_proxy + target: + objref: + kind: ConfigMap + name: ironic-bmo-configmap + fieldrefs: ["data.http_proxy"] +- source: + objref: + name: env-vars-catalogue + fieldref: env.https_proxy + target: + objref: + kind: ConfigMap + name: ironic-bmo-configmap + fieldrefs: ["data.https_proxy"] +- source: + objref: + name: env-vars-catalogue + fieldref: env.NO_PROXY + target: + objref: + kind: ConfigMap + name: ironic-bmo-configmap + fieldrefs: ["data.NO_PROXY"] +- source: + objref: + name: env-vars-catalogue + fieldref: env.no_proxy + target: + objref: + kind: ConfigMap + name: ironic-bmo-configmap + fieldrefs: ["data.no_proxy"] diff --git a/manifests/function/ironic-deployment/v0.5.0/replacements/kustomization.yaml b/manifests/function/ironic-deployment/v0.5.0/replacements/kustomization.yaml new file mode 100644 index 000000000..967c37e4f --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/replacements/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - versions.yaml + - ironic-env-vars.yaml + - networking.yaml diff --git a/manifests/function/ironic-deployment/v0.5.0/replacements/networking.yaml b/manifests/function/ironic-deployment/v0.5.0/replacements/networking.yaml new file mode 100644 index 000000000..9a576b971 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/replacements/networking.yaml @@ -0,0 +1,141 @@ +# These rules inject networking info into the baremetal-operator function. +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: ironic-deployment-networking-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: localhost/replacement-transformer +replacements: +# Replace the pod & service networks +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.provisioningInterface + target: + objref: + kind: ConfigMap + name: ironic-bmo-configmap + fieldrefs: ["data.PROVISIONING_INTERFACE"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.provisioningIp + target: + objref: + kind: ConfigMap + name: ironic-bmo-configmap + fieldrefs: ["data.PROVISIONING_IP"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.provisioningCidr + target: + objref: + kind: ConfigMap + name: ironic-bmo-configmap + fieldrefs: ["data.PROVISIONING_CIDR"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.dhcpRange + target: + objref: + kind: ConfigMap + name: ironic-bmo-configmap + fieldrefs: ["data.DHCP_RANGE"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.httpPort + target: + objref: + kind: ConfigMap + name: ironic-bmo-configmap + fieldrefs: ["data.HTTP_PORT"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.provisioningIp + target: + objref: + kind: ConfigMap + name: ironic-bmo-configmap + fieldrefs: ["data.DEPLOY_KERNEL_URL%PROVISIONING_IP%"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.httpPort + target: + objref: + kind: ConfigMap + name: ironic-bmo-configmap + fieldrefs: ["data.DEPLOY_KERNEL_URL%HTTP_PORT%"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.provisioningIp + target: + objref: + kind: ConfigMap + name: ironic-bmo-configmap + fieldrefs: ["data.DEPLOY_RAMDISK_URL%PROVISIONING_IP%"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.httpPort + target: + objref: + kind: ConfigMap + name: ironic-bmo-configmap + fieldrefs: ["data.DEPLOY_RAMDISK_URL%HTTP_PORT%"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.provisioningIp + target: + objref: + kind: ConfigMap + name: ironic-bmo-configmap + fieldrefs: ["data.IRONIC_ENDPOINT%PROVISIONING_IP%"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.provisioningIp + target: + objref: + kind: ConfigMap + name: ironic-bmo-configmap + fieldrefs: ["data.IRONIC_INSPECTOR_ENDPOINT%PROVISIONING_IP%"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.provisioningIp + target: + objref: + kind: ConfigMap + name: ironic-bmo-configmap + fieldrefs: ["data.CACHEURL%PROVISIONING_IP%"] +- source: + objref: + kind: NetworkCatalogue + name: networking + fieldref: spec.ironic.ironicFastTrack + target: + objref: + kind: ConfigMap + name: ironic-bmo-configmap + fieldrefs: ["data.IRONIC_FAST_TRACK"] diff --git a/manifests/function/ironic-deployment/v0.5.0/replacements/versions.yaml b/manifests/function/ironic-deployment/v0.5.0/replacements/versions.yaml new file mode 100644 index 000000000..30d98fd10 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/replacements/versions.yaml @@ -0,0 +1,110 @@ +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: ironic-deployment-versions-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: localhost/replacement-transformer +replacements: +# Container versions for the ironic Deployment +- source: + objref: + kind: VersionsCatalogue + name: versions-airshipctl + fieldref: "{.spec.images.baremetal_operator.ironic.dnsmasq.image}" + target: + objref: + kind: Deployment + name: capm3-ironic + fieldrefs: ["{.spec.template.spec.containers[?(.name == 'ironic-dnsmasq')].image}"] +- source: + objref: + kind: VersionsCatalogue + name: versions-airshipctl + fieldref: "{.spec.images.baremetal_operator.ironic.mariadb.image}" + target: + objref: + kind: Deployment + name: capm3-ironic + fieldrefs: ["{.spec.template.spec.containers[?(.name == 'mariadb')].image}"] +- source: + objref: + kind: VersionsCatalogue + name: versions-airshipctl + fieldref: "{.spec.images.baremetal_operator.ironic.httpd.image}" + target: + objref: + kind: Deployment + name: capm3-ironic + fieldrefs: ["{.spec.template.spec.containers[?(.name == 'ironic-httpd')].image}"] +- source: + objref: + kind: VersionsCatalogue + name: versions-airshipctl + fieldref: "{.spec.images.baremetal_operator.ironic.ironic_api.image}" + target: + objref: + kind: Deployment + name: capm3-ironic + fieldrefs: ["{.spec.template.spec.containers[?(.name == 'ironic-api')].image}"] +- source: + objref: + kind: VersionsCatalogue + name: versions-airshipctl + fieldref: "{.spec.images.baremetal_operator.ironic.ironic_inspector.image}" + target: + objref: + kind: Deployment + name: capm3-ironic + fieldrefs: ["{.spec.template.spec.containers[?(.name == 'ironic-inspector')].image}"] +- source: + objref: + kind: VersionsCatalogue + name: versions-airshipctl + fieldref: "{.spec.images.baremetal_operator.ironic.ironic_conductor.image}" + target: + objref: + kind: Deployment + name: capm3-ironic + fieldrefs: ["{.spec.template.spec.containers[?(.name == 'ironic-conductor')].image}"] +- source: + objref: + kind: VersionsCatalogue + name: versions-airshipctl + fieldref: "{.spec.images.baremetal_operator.ironic.ironic_endpoint_keepalived.image}" + target: + objref: + kind: Deployment + name: capm3-ironic + fieldrefs: ["{.spec.template.spec.containers[?(.name == 'ironic-endpoint-keepalived')].image}"] +- source: + objref: + kind: VersionsCatalogue + name: versions-airshipctl + fieldref: "{.spec.images.baremetal_operator.ironic.init_images.image}" + target: + objref: + kind: Deployment + name: capm3-ironic + fieldrefs: ["{.spec.template.spec.initContainers[?(.name == 'init-images')].image}"] +- source: + objref: + kind: VersionsCatalogue + name: versions-airshipctl + fieldref: "{.spec.images.baremetal_operator.ironic.ironic_inspector_log_watch.image}" + target: + objref: + kind: Deployment + name: capm3-ironic + fieldrefs: ["{.spec.template.spec.containers[?(.name == 'ironic-inspector-log-watch')].image}"] +- source: + objref: + kind: VersionsCatalogue + name: versions-airshipctl + fieldref: "{.spec.images.baremetal_operator.ironic.ironic_log_watch.image}" + target: + objref: + kind: Deployment + name: capm3-ironic + fieldrefs: ["{.spec.template.spec.containers[?(.name == 'ironic-log-watch')].image}"] diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/default/auth.yaml b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/default/auth.yaml new file mode 100644 index 000000000..f1c0ab196 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/default/auth.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capm3-ironic +spec: + template: + spec: + containers: + - name: ironic-api + volumeMounts: + - name: ironic-rpc-auth-config + mountPath: "/auth/ironic-rpc" + readOnly: true + envFrom: + - configMapRef: + name: ironic-htpasswd + - configMapRef: + name: ironic-bmo-configmap + - name: ironic-conductor + volumeMounts: + - name: ironic-inspector-auth-config + mountPath: "/auth/ironic-inspector" + readOnly: true + - name: ironic-rpc-auth-config + mountPath: "/auth/ironic-rpc" + readOnly: true + envFrom: + - configMapRef: + name: ironic-htpasswd + - configMapRef: + name: ironic-bmo-configmap + - name: ironic-inspector + volumeMounts: + - name: ironic-auth-config + mountPath: "/auth/ironic" + readOnly: true + envFrom: + - configMapRef: + name: ironic-inspector-htpasswd + - configMapRef: + name: ironic-bmo-configmap + volumes: + - name: ironic-auth-config + secret: + secretName: ironic-auth-config + - name: ironic-inspector-auth-config + secret: + secretName: ironic-inspector-auth-config + - name: ironic-rpc-auth-config + secret: + secretName: ironic-rpc-auth-config diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/default/kustomization.yaml b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/default/kustomization.yaml new file mode 100644 index 000000000..36370e8a9 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/default/kustomization.yaml @@ -0,0 +1,29 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: capm3-system +resources: +- ../../default + +configMapGenerator: +- behavior: create + envs: + - ironic-htpasswd + name: ironic-htpasswd +- behavior: create + envs: + - ironic-inspector-htpasswd + name: ironic-inspector-htpasswd + +secretGenerator: +- name: ironic-auth-config + files: + - auth-config=ironic-auth-config +- name: ironic-inspector-auth-config + files: + - auth-config=ironic-inspector-auth-config +- name: ironic-rpc-auth-config + files: + - auth-config=ironic-rpc-auth-config + +patchesStrategicMerge: +- auth.yaml diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/ironic-auth-config-tpl b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/ironic-auth-config-tpl new file mode 100644 index 000000000..f82b5ec21 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/ironic-auth-config-tpl @@ -0,0 +1,4 @@ +[ironic] +auth_type=http_basic +username=${IRONIC_USERNAME} +password=${IRONIC_PASSWORD} \ No newline at end of file diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/ironic-inspector-auth-config-tpl b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/ironic-inspector-auth-config-tpl new file mode 100644 index 000000000..78bbcbd7c --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/ironic-inspector-auth-config-tpl @@ -0,0 +1,4 @@ +[inspector] +auth_type=http_basic +username=${IRONIC_INSPECTOR_USERNAME} +password=${IRONIC_INSPECTOR_PASSWORD} \ No newline at end of file diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/ironic-rpc-auth-config-tpl b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/ironic-rpc-auth-config-tpl new file mode 100644 index 000000000..3b9522919 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/ironic-rpc-auth-config-tpl @@ -0,0 +1,6 @@ +[json_rpc] +auth_type=http_basic +username=${IRONIC_USERNAME} +password=${IRONIC_PASSWORD} +http_basic_username=${IRONIC_USERNAME} +http_basic_password=${IRONIC_PASSWORD} \ No newline at end of file diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/keepalived/auth.yaml b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/keepalived/auth.yaml new file mode 100644 index 000000000..f1c0ab196 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/keepalived/auth.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capm3-ironic +spec: + template: + spec: + containers: + - name: ironic-api + volumeMounts: + - name: ironic-rpc-auth-config + mountPath: "/auth/ironic-rpc" + readOnly: true + envFrom: + - configMapRef: + name: ironic-htpasswd + - configMapRef: + name: ironic-bmo-configmap + - name: ironic-conductor + volumeMounts: + - name: ironic-inspector-auth-config + mountPath: "/auth/ironic-inspector" + readOnly: true + - name: ironic-rpc-auth-config + mountPath: "/auth/ironic-rpc" + readOnly: true + envFrom: + - configMapRef: + name: ironic-htpasswd + - configMapRef: + name: ironic-bmo-configmap + - name: ironic-inspector + volumeMounts: + - name: ironic-auth-config + mountPath: "/auth/ironic" + readOnly: true + envFrom: + - configMapRef: + name: ironic-inspector-htpasswd + - configMapRef: + name: ironic-bmo-configmap + volumes: + - name: ironic-auth-config + secret: + secretName: ironic-auth-config + - name: ironic-inspector-auth-config + secret: + secretName: ironic-inspector-auth-config + - name: ironic-rpc-auth-config + secret: + secretName: ironic-rpc-auth-config diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/keepalived/kustomization.yaml b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/keepalived/kustomization.yaml new file mode 100644 index 000000000..b19925ab2 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/keepalived/kustomization.yaml @@ -0,0 +1,29 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: capm3-system +resources: +- ../../keepalived + +configMapGenerator: +- behavior: create + envs: + - ironic-htpasswd + name: ironic-htpasswd +- behavior: create + envs: + - ironic-inspector-htpasswd + name: ironic-inspector-htpasswd + +secretGenerator: +- name: ironic-auth-config + files: + - auth-config=ironic-auth-config +- name: ironic-inspector-auth-config + files: + - auth-config=ironic-inspector-auth-config +- name: ironic-rpc-auth-config + files: + - auth-config=ironic-rpc-auth-config + +patchesStrategicMerge: +- auth.yaml diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/tls/default/auth.yaml b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/tls/default/auth.yaml new file mode 100644 index 000000000..f1c0ab196 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/tls/default/auth.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capm3-ironic +spec: + template: + spec: + containers: + - name: ironic-api + volumeMounts: + - name: ironic-rpc-auth-config + mountPath: "/auth/ironic-rpc" + readOnly: true + envFrom: + - configMapRef: + name: ironic-htpasswd + - configMapRef: + name: ironic-bmo-configmap + - name: ironic-conductor + volumeMounts: + - name: ironic-inspector-auth-config + mountPath: "/auth/ironic-inspector" + readOnly: true + - name: ironic-rpc-auth-config + mountPath: "/auth/ironic-rpc" + readOnly: true + envFrom: + - configMapRef: + name: ironic-htpasswd + - configMapRef: + name: ironic-bmo-configmap + - name: ironic-inspector + volumeMounts: + - name: ironic-auth-config + mountPath: "/auth/ironic" + readOnly: true + envFrom: + - configMapRef: + name: ironic-inspector-htpasswd + - configMapRef: + name: ironic-bmo-configmap + volumes: + - name: ironic-auth-config + secret: + secretName: ironic-auth-config + - name: ironic-inspector-auth-config + secret: + secretName: ironic-inspector-auth-config + - name: ironic-rpc-auth-config + secret: + secretName: ironic-rpc-auth-config diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/tls/default/kustomization.yaml b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/tls/default/kustomization.yaml new file mode 100644 index 000000000..ff711f7e4 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/tls/default/kustomization.yaml @@ -0,0 +1,29 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: capm3-system +resources: +- ../../../tls/default + +configMapGenerator: +- behavior: create + envs: + - ironic-htpasswd + name: ironic-htpasswd +- behavior: create + envs: + - ironic-inspector-htpasswd + name: ironic-inspector-htpasswd + +secretGenerator: +- name: ironic-auth-config + files: + - auth-config=ironic-auth-config +- name: ironic-inspector-auth-config + files: + - auth-config=ironic-inspector-auth-config +- name: ironic-rpc-auth-config + files: + - auth-config=ironic-rpc-auth-config + +patchesStrategicMerge: +- auth.yaml diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/tls/keepalived/auth.yaml b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/tls/keepalived/auth.yaml new file mode 100644 index 000000000..f1c0ab196 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/tls/keepalived/auth.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capm3-ironic +spec: + template: + spec: + containers: + - name: ironic-api + volumeMounts: + - name: ironic-rpc-auth-config + mountPath: "/auth/ironic-rpc" + readOnly: true + envFrom: + - configMapRef: + name: ironic-htpasswd + - configMapRef: + name: ironic-bmo-configmap + - name: ironic-conductor + volumeMounts: + - name: ironic-inspector-auth-config + mountPath: "/auth/ironic-inspector" + readOnly: true + - name: ironic-rpc-auth-config + mountPath: "/auth/ironic-rpc" + readOnly: true + envFrom: + - configMapRef: + name: ironic-htpasswd + - configMapRef: + name: ironic-bmo-configmap + - name: ironic-inspector + volumeMounts: + - name: ironic-auth-config + mountPath: "/auth/ironic" + readOnly: true + envFrom: + - configMapRef: + name: ironic-inspector-htpasswd + - configMapRef: + name: ironic-bmo-configmap + volumes: + - name: ironic-auth-config + secret: + secretName: ironic-auth-config + - name: ironic-inspector-auth-config + secret: + secretName: ironic-inspector-auth-config + - name: ironic-rpc-auth-config + secret: + secretName: ironic-rpc-auth-config diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/tls/keepalived/kustomization.yaml b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/tls/keepalived/kustomization.yaml new file mode 100644 index 000000000..067514774 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/basic-auth/tls/keepalived/kustomization.yaml @@ -0,0 +1,29 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: capm3-system +resources: +- ../../../tls/keepalived + +configMapGenerator: +- behavior: create + envs: + - ironic-htpasswd + name: ironic-htpasswd +- behavior: create + envs: + - ironic-inspector-htpasswd + name: ironic-inspector-htpasswd + +secretGenerator: +- name: ironic-auth-config + files: + - auth-config=ironic-auth-config +- name: ironic-inspector-auth-config + files: + - auth-config=ironic-inspector-auth-config +- name: ironic-rpc-auth-config + files: + - auth-config=ironic-rpc-auth-config + +patchesStrategicMerge: +- auth.yaml diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/certmanager/certificate.yaml b/manifests/function/ironic-deployment/v0.5.0/upstream/certmanager/certificate.yaml new file mode 100644 index 000000000..476cd1359 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/certmanager/certificate.yaml @@ -0,0 +1,69 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-issuer + namespace: capm3-system +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: ironic-cacert + namespace: capm3-system +spec: + isCA: true + ipAddresses: + - IRONIC_HOST_IP + issuerRef: + kind: Issuer + name: selfsigned-issuer + secretName: ironic-cacert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: ca-issuer + namespace: capm3-system +spec: + ca: + secretName: ironic-cacert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: ironic-cert + namespace: capm3-system +spec: + ipAddresses: + - IRONIC_HOST_IP + issuerRef: + kind: Issuer + name: ca-issuer + secretName: ironic-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: ironic-inspector-cert + namespace: capm3-system +spec: + ipAddresses: + - IRONIC_HOST_IP + issuerRef: + kind: Issuer + name: ca-issuer + secretName: ironic-inspector-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: mariadb-cert + namespace: capm3-system +spec: + ipAddresses: + - MARIADB_HOST_IP + issuerRef: + kind: Issuer + name: ca-issuer + secretName: mariadb-cert diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/certmanager/kustomization.yaml b/manifests/function/ironic-deployment/v0.5.0/upstream/certmanager/kustomization.yaml new file mode 100644 index 000000000..2cebb8f69 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/certmanager/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- certificate.yaml diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/default/ironic_bmo_configmap.env b/manifests/function/ironic-deployment/v0.5.0/upstream/default/ironic_bmo_configmap.env new file mode 100644 index 000000000..06236dac9 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/default/ironic_bmo_configmap.env @@ -0,0 +1,21 @@ +HTTP_PROXY="" +HTTPS_PROXY="" +http_proxy="" +https_proxy="" +NO_PROXY="" +no_proxy="" + +PROVISIONING_INTERFACE=eth2 +PROVISIONING_IP=172.22.0.2 +PROVISIONING_CIDR="" +DHCP_RANGE=172.22.0.10,172.22.0.100 +HTTP_PORT=6180 +DEPLOY_KERNEL_URL=http://PROVISIONING_IP:HTTP_PORT/images/ipa-ubuntu-master.kernel +DEPLOY_RAMDISK_URL=http://PROVISIONING_IP:HTTP_PORT/images/ipa-ubuntu-master.initramfs +IRONIC_ENDPOINT=http://PROVISIONING_IP:6385/v1/ +IRONIC_INSPECTOR_ENDPOINT=http://PROVISIONING_IP:5050/v1/ +# CACHEURL=http://172.22.0.1/images +IRONIC_FAST_TRACK=true +IRONIC_KERNEL_PARAMS=console=ttyS0 +IRONIC_INSPECTOR_VLAN_INTERFACES=all +RESTART_CONTAINER_CERTIFICATE_UPDATED=false diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/default/kustomization.yaml b/manifests/function/ironic-deployment/v0.5.0/upstream/default/kustomization.yaml new file mode 100644 index 000000000..3a5c29cdd --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/default/kustomization.yaml @@ -0,0 +1,15 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: capm3-system +resources: +- ../../../../baremetal-operator/v0.5.0/upstream/namespace +- ../ironic +configMapGenerator: +- envs: + - ironic_bmo_configmap.env + name: ironic-bmo-configmap +secretGenerator: +- literals: + - password=changeme + name: mariadb-password + type: Opaque diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/ironic/ironic.yaml b/manifests/function/ironic-deployment/v0.5.0/upstream/ironic/ironic.yaml new file mode 100644 index 000000000..ad860203e --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/ironic/ironic.yaml @@ -0,0 +1,114 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capm3-ironic +spec: + replicas: 1 + strategy: + # We cannot run Ironic with more than one replica at a time. The recreate + # strategy makes sure that the old pod is gone before a new is started. + type: Recreate + selector: + matchLabels: + name: capm3-ironic + template: + metadata: + labels: + name: capm3-ironic + spec: + hostNetwork: true + containers: + - name: ironic-dnsmasq + image: quay.io/metal3-io/ironic + imagePullPolicy: Always + securityContext: + capabilities: + add: ["NET_ADMIN"] + command: + - /bin/rundnsmasq + volumeMounts: + - mountPath: /shared + name: ironic-data-volume + envFrom: + - configMapRef: + name: ironic-bmo-configmap + - name: mariadb + image: quay.io/metal3-io/ironic + imagePullPolicy: Always + command: + - /bin/runmariadb + volumeMounts: + - mountPath: /shared + name: ironic-data-volume + env: + - name: MARIADB_PASSWORD + valueFrom: + secretKeyRef: + name: mariadb-password + key: password + - name: RESTART_CONTAINER_CERTIFICATE_UPDATED + valueFrom: + configMapKeyRef: + name: ironic-bmo-configmap + key: RESTART_CONTAINER_CERTIFICATE_UPDATED + - name: ironic-api + image: quay.io/metal3-io/ironic + imagePullPolicy: Always + command: + - /bin/runironic-api + volumeMounts: + - mountPath: /shared + name: ironic-data-volume + envFrom: + - configMapRef: + name: ironic-bmo-configmap + env: + - name: MARIADB_PASSWORD + valueFrom: + secretKeyRef: + name: mariadb-password + key: password + - name: ironic-conductor + image: quay.io/metal3-io/ironic + imagePullPolicy: Always + command: + - /bin/runironic-conductor + volumeMounts: + - mountPath: /shared + name: ironic-data-volume + envFrom: + - configMapRef: + name: ironic-bmo-configmap + env: + - name: MARIADB_PASSWORD + valueFrom: + secretKeyRef: + name: mariadb-password + key: password + - name: ironic-log-watch + image: quay.io/metal3-io/ironic + imagePullPolicy: Always + command: + - /bin/runlogwatch.sh + volumeMounts: + - mountPath: /shared + name: ironic-data-volume + - name: ironic-inspector + image: quay.io/metal3-io/ironic + imagePullPolicy: Always + command: + - /bin/runironic-inspector + envFrom: + - configMapRef: + name: ironic-bmo-configmap + - name: ironic-inspector-log-watch + image: quay.io/metal3-io/ironic + imagePullPolicy: Always + command: + - /bin/runlogwatch.sh + volumeMounts: + - mountPath: /shared + name: ironic-data-volume + volumes: + - name: ironic-data-volume + emptyDir: {} diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/ironic/kustomization.yaml b/manifests/function/ironic-deployment/v0.5.0/upstream/ironic/kustomization.yaml new file mode 100644 index 000000000..01aaa615a --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/ironic/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ironic.yaml \ No newline at end of file diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/keepalived/ironic_bmo_configmap.env b/manifests/function/ironic-deployment/v0.5.0/upstream/keepalived/ironic_bmo_configmap.env new file mode 100644 index 000000000..ac4734e89 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/keepalived/ironic_bmo_configmap.env @@ -0,0 +1,18 @@ +HTTP_PROXY="" +HTTPS_PROXY="" +http_proxy="" +https_proxy="" +NO_PROXY="" +no_proxy="" + +PROVISIONING_INTERFACE=ironicendpoint +PROVISIONING_IP=172.22.0.2 +HTTP_PORT=6180 +DEPLOY_KERNEL_URL=http://PROVISIONING_IP:HTTP_PORT/images/ironic-python-agent.kernel +DEPLOY_RAMDISK_URL=http://PROVISIONING_IP:HTTP_PORT/images/ironic-python-agent.initramfs +IRONIC_ENDPOINT=http://PROVISIONING_IP:6385/v1/ +IRONIC_INSPECTOR_ENDPOINT=http://PROVISIONING_IP:5050/v1/ +# CACHEURL=http://172.22.0.1/images +IRONIC_FAST_TRACK=true +IRONIC_KERNEL_PARAMS=console=ttyS0 +RESTART_CONTAINER_CERTIFICATE_UPDATED=false diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/keepalived/keepalived_patch.yaml b/manifests/function/ironic-deployment/v0.5.0/upstream/keepalived/keepalived_patch.yaml new file mode 100644 index 000000000..23614ac97 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/keepalived/keepalived_patch.yaml @@ -0,0 +1,17 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capm3-ironic +spec: + template: + spec: + containers: + # Change the value of image field below to your controller image URL + - image: quay.io/metal3-io/keepalived + name: ironic-endpoint-keepalived + securityContext: + capabilities: + add: ["NET_ADMIN", "NET_RAW"] + envFrom: + - configMapRef: + name: ironic-bmo-configmap diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/keepalived/kustomization.yaml b/manifests/function/ironic-deployment/v0.5.0/upstream/keepalived/kustomization.yaml new file mode 100644 index 000000000..909bbf86f --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/keepalived/kustomization.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: capm3-system +resources: +- ../../../../baremetal-operator/v0.5.0/upstream/namespace +- ../ironic +configMapGenerator: +- envs: + - ironic_bmo_configmap.env + name: ironic-bmo-configmap +secretGenerator: +- literals: + - password=changeme + name: mariadb-password + type: Opaque +patchesStrategicMerge: +- keepalived_patch.yaml diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/tls/default/kustomization.yaml b/manifests/function/ironic-deployment/v0.5.0/upstream/tls/default/kustomization.yaml new file mode 100644 index 000000000..a84fe6680 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/tls/default/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: capm3-system +resources: +- ../../default +- ../../certmanager + +patchesStrategicMerge: +- tls.yaml diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/tls/default/tls.yaml b/manifests/function/ironic-deployment/v0.5.0/upstream/tls/default/tls.yaml new file mode 100644 index 000000000..718ec0548 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/tls/default/tls.yaml @@ -0,0 +1,74 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capm3-ironic +spec: + template: + spec: + containers: + - name: ironic-api + volumeMounts: + - name: cert-ironic + mountPath: "/certs/ironic" + readOnly: true + - name: cert-ironic-ca + mountPath: "/certs/ca/ironic" + readOnly: true + - name: cert-ironic-inspector-ca + mountPath: "/certs/ca/ironic-inspector" + readOnly: true + - name: cert-ironic-inspector + mountPath: "/certs/ironic-inspector" + readOnly: true + - name: cert-mariadb-ca + mountPath: "/certs/ca/mariadb" + readOnly: true + - name: ironic-conductor + volumeMounts: + - name: cert-ironic + mountPath: "/certs/ironic" + readOnly: true + - name: cert-ironic-ca + mountPath: "/certs/ca/ironic" + readOnly: true + - name: cert-ironic-inspector-ca + mountPath: "/certs/ca/ironic-inspector" + readOnly: true + - name: cert-mariadb-ca + mountPath: "/certs/ca/mariadb" + readOnly: true + - name: ironic-inspector + volumeMounts: + - name: cert-ironic-ca + mountPath: "/certs/ca/ironic" + readOnly: true + - name: cert-ironic-inspector + mountPath: "/certs/ironic-inspector" + readOnly: true + - name: mariadb + volumeMounts: + - name: cert-mariadb + mountPath: "/certs/mariadb" + readOnly: true + - name: cert-mariadb-ca + mountPath: "/certs/ca/mariadb" + readOnly: true + volumes: + - name: cert-ironic-ca + secret: + secretName: ironic-cacert + - name: cert-ironic-inspector-ca + secret: + secretName: ironic-cacert + - name: cert-ironic + secret: + secretName: ironic-cert + - name: cert-ironic-inspector + secret: + secretName: ironic-inspector-cert + - name: cert-mariadb + secret: + secretName: mariadb-cert + - name: cert-mariadb-ca + secret: + secretName: ironic-cacert diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/tls/keepalived/kustomization.yaml b/manifests/function/ironic-deployment/v0.5.0/upstream/tls/keepalived/kustomization.yaml new file mode 100644 index 000000000..0ff816186 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/tls/keepalived/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: capm3-system +resources: +- ../../keepalived +- ../../certmanager + +patchesStrategicMerge: +- tls.yaml diff --git a/manifests/function/ironic-deployment/v0.5.0/upstream/tls/keepalived/tls.yaml b/manifests/function/ironic-deployment/v0.5.0/upstream/tls/keepalived/tls.yaml new file mode 100644 index 000000000..718ec0548 --- /dev/null +++ b/manifests/function/ironic-deployment/v0.5.0/upstream/tls/keepalived/tls.yaml @@ -0,0 +1,74 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: capm3-ironic +spec: + template: + spec: + containers: + - name: ironic-api + volumeMounts: + - name: cert-ironic + mountPath: "/certs/ironic" + readOnly: true + - name: cert-ironic-ca + mountPath: "/certs/ca/ironic" + readOnly: true + - name: cert-ironic-inspector-ca + mountPath: "/certs/ca/ironic-inspector" + readOnly: true + - name: cert-ironic-inspector + mountPath: "/certs/ironic-inspector" + readOnly: true + - name: cert-mariadb-ca + mountPath: "/certs/ca/mariadb" + readOnly: true + - name: ironic-conductor + volumeMounts: + - name: cert-ironic + mountPath: "/certs/ironic" + readOnly: true + - name: cert-ironic-ca + mountPath: "/certs/ca/ironic" + readOnly: true + - name: cert-ironic-inspector-ca + mountPath: "/certs/ca/ironic-inspector" + readOnly: true + - name: cert-mariadb-ca + mountPath: "/certs/ca/mariadb" + readOnly: true + - name: ironic-inspector + volumeMounts: + - name: cert-ironic-ca + mountPath: "/certs/ca/ironic" + readOnly: true + - name: cert-ironic-inspector + mountPath: "/certs/ironic-inspector" + readOnly: true + - name: mariadb + volumeMounts: + - name: cert-mariadb + mountPath: "/certs/mariadb" + readOnly: true + - name: cert-mariadb-ca + mountPath: "/certs/ca/mariadb" + readOnly: true + volumes: + - name: cert-ironic-ca + secret: + secretName: ironic-cacert + - name: cert-ironic-inspector-ca + secret: + secretName: ironic-cacert + - name: cert-ironic + secret: + secretName: ironic-cert + - name: cert-ironic-inspector + secret: + secretName: ironic-inspector-cert + - name: cert-mariadb + secret: + secretName: mariadb-cert + - name: cert-mariadb-ca + secret: + secretName: ironic-cacert