diff --git a/rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml b/rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml deleted file mode 100644 index c0e7119..0000000 --- a/rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml +++ /dev/null @@ -1,760 +0,0 @@ -{{- if index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "enabled" }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - labels: - turtles-capi.cattle.io: etcd-restore - name: etcdmachinesnapshots.turtles-capi.cattle.io -spec: - group: turtles-capi.cattle.io - names: - kind: ETCDMachineSnapshot - listKind: ETCDMachineSnapshotList - plural: etcdmachinesnapshots - singular: etcdmachinesnapshot - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ETCDMachineSnapshot is the Schema for the ETCDMachineSnapshot - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ETCDMachineSnapshotSpec defines the desired state of EtcdMachineSnapshot - properties: - clusterName: - type: string - location: - type: string - machineName: - type: string - required: - - clusterName - type: object - x-kubernetes-validations: - - message: ETCD snapshot location can't be empty. - rule: size(self.clusterName)>0 - status: - default: {} - description: EtcdSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore - properties: - error: - type: string - phase: - description: ETCDSnapshotPhase is a string representation of the phase - of the etcd snapshot - type: string - s3Snapshots: - items: - properties: - creationTime: - description: CreationTime is the timestamp when the snapshot - was taken by etcd. - format: date-time - type: string - location: - type: string - name: - type: string - required: - - location - - name - type: object - type: array - snapshotFileName: - type: string - snapshots: - items: - properties: - creationTime: - description: CreationTime is the timestamp when the snapshot - was taken by etcd. - format: date-time - type: string - location: - type: string - machineName: - type: string - name: - type: string - required: - - location - - machineName - - name - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - labels: - turtles-capi.cattle.io: etcd-restore - name: etcdsnapshotrestores.turtles-capi.cattle.io -spec: - group: turtles-capi.cattle.io - names: - kind: ETCDSnapshotRestore - listKind: ETCDSnapshotRestoreList - plural: etcdsnapshotrestores - singular: etcdsnapshotrestore - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ETCDSnapshotRestore is the schema for the ETCDSnapshotRestore - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ETCDSnapshotRestoreSpec defines the desired state of EtcdSnapshotRestore. - properties: - clusterName: - type: string - etcdMachineSnapshotName: - type: string - required: - - clusterName - - etcdMachineSnapshotName - type: object - x-kubernetes-validations: - - message: Cluster Name can't be empty. - rule: size(self.clusterName)>0 - - message: ETCD machine snapshot name can't be empty. - rule: size(self.etcdMachineSnapshotName)>0 - status: - default: {} - description: ETCDSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore. - properties: - conditions: - description: Conditions provide observations of the operational state - of a Cluster API resource. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - phase: - default: Pending - description: ETCDSnapshotPhase is a string representation of the phase - of the etcd snapshot - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - labels: - turtles-capi.cattle.io: etcd-restore - name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io -spec: - group: turtles-capi.cattle.io - names: - kind: RKE2EtcdMachineSnapshotConfig - listKind: RKE2EtcdMachineSnapshotConfigList - plural: rke2etcdmachinesnapshotconfigs - singular: rke2etcdmachinesnapshotconfig - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: RKE2EtcdMachineSnapshotConfig is the config for the RKE2EtcdMachineSnapshotConfig - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: RKE2EtcdMachineSnapshotConfigSpec defines the desired state - of RKE2EtcdMachineSnapshotConfig - properties: - local: - properties: - dataDir: - type: string - required: - - dataDir - type: object - s3: - properties: - bucket: - type: string - endpoint: - type: string - endpointCAsecret: - type: string - folder: - type: string - insecure: - type: boolean - region: - type: string - s3CredentialSecret: - type: string - skipSSLVerify: - type: boolean - type: object - required: - - local - - s3 - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: rancher-turtles - app.kubernetes.io/instance: controller-manager-sa - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: serviceaccount - app.kubernetes.io/part-of: rancher-turtles - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-manager - namespace: {{ index .Values "rancherTurtles" "namespace" }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: rancher-turtles - app.kubernetes.io/instance: leader-election-role - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: role - app.kubernetes.io/part-of: rancher-turtles - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-leader-election-role - namespace: {{ index .Values "rancherTurtles" "namespace" }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rancher-turtles-exp/aggregate-to-manager: "true" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-aggregated-manager-role -rules: [] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - rancher-turtles-exp/aggregate-to-manager: "true" - rancher-turtles/aggregate-to-manager: "true" - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-manager-role -rules: -- apiGroups: - - "" - resources: - - configmaps - - events - - secrets - - serviceaccounts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - get -- apiGroups: - - bootstrap.cluster.x-k8s.io - resources: - - rke2configs - - rke2configs/finalizers - - rke2configs/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.x-k8s.io - resources: - - clusters - - clusters/status - - machines - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - management.cattle.io - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - turtles-capi.cattle.io - resources: - - etcdmachinesnapshots - - etcdsnapshotrestores - - rke2etcdmachinesnapshotconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - turtles-capi.cattle.io - resources: - - etcdmachinesnapshots/finalizers - - etcdsnapshotrestores/finalizers - - rke2etcdmachinesnapshotconfigs/finalizers - verbs: - - update -- apiGroups: - - turtles-capi.cattle.io - resources: - - etcdmachinesnapshots/status - - etcdsnapshotrestores/status - - rke2etcdmachinesnapshotconfigs/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: rancher-turtles - app.kubernetes.io/instance: leader-election-rolebinding - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: rolebinding - app.kubernetes.io/part-of: rancher-turtles - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-leader-election-rolebinding - namespace: {{ index .Values "rancherTurtles" "namespace" }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: rancher-turtles-etcdsnapshotrestore-leader-election-role -subjects: -- kind: ServiceAccount - name: rancher-turtles-etcdsnapshotrestore-manager - namespace: {{ index .Values "rancherTurtles" "namespace" }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: rancher-turtles - app.kubernetes.io/instance: manager-rolebinding - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: clusterrolebinding - app.kubernetes.io/part-of: rancher-turtles - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: rancher-turtles-etcdsnapshotrestore-aggregated-manager-role -subjects: -- kind: ServiceAccount - name: rancher-turtles-etcdsnapshotrestore-manager - namespace: {{ index .Values "rancherTurtles" "namespace" }} ---- -apiVersion: v1 -kind: Service -metadata: - labels: - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-webhook-service - namespace: {{ index .Values "rancherTurtles" "namespace" }} -spec: - ports: - - port: 443 - targetPort: webhook-server - selector: - turtles-capi.cattle.io: etcd-restore ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - control-plane: controller-manager - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-controller-manager - namespace: {{ index .Values "rancherTurtles" "namespace" }} -spec: - replicas: 1 - selector: - matchLabels: - control-plane: controller-manager - turtles-capi.cattle.io: etcd-restore - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: manager - labels: - control-plane: controller-manager - turtles-capi.cattle.io: etcd-restore - spec: - containers: - - args: - - --leader-elect - command: - - ./etcd-snapshot-restore - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_UID - valueFrom: - fieldRef: - fieldPath: metadata.uid - {{- $imageVersion := index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imageVersion" -}} - {{- if contains "sha256:" $imageVersion }} - image: {{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "image" }}@{{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imageVersion" }} - {{- else }} - image: {{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "image" }}:{{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imageVersion" }} - {{- end }} - imagePullPolicy: '{{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imagePullPolicy" }}' - livenessProbe: - httpGet: - path: /healthz - port: 9440 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 9440 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - serviceAccountName: rancher-turtles-etcdsnapshotrestore-manager - terminationGracePeriodSeconds: 10 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - volumes: - - name: cert - secret: - secretName: rancher-turtles-etcdsnapshotrestore-webhook-service-cert ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - labels: - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-serving-cert - namespace: {{ index .Values "rancherTurtles" "namespace" }} -spec: - dnsNames: - - rancher-turtles-etcdsnapshotrestore-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc - - rancher-turtles-etcdsnapshotrestore-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc.cluster.local - issuerRef: - kind: Issuer - name: rancher-turtles-etcdsnapshotrestore-selfsigned-issuer - secretName: rancher-turtles-etcdsnapshotrestore-webhook-service-cert ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-selfsigned-issuer - namespace: {{ index .Values "rancherTurtles" "namespace" }} -spec: - selfSigned: {} ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert - labels: - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-mutating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: rancher-turtles-etcdsnapshotrestore-webhook-service - namespace: {{ index .Values "rancherTurtles" "namespace" }} - path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config - failurePolicy: Fail - name: systemagentrke2config.kb.io - rules: - - apiGroups: - - bootstrap.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - rke2configs - sideEffects: None ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert - labels: - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-validating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: rancher-turtles-etcdsnapshotrestore-webhook-service - namespace: {{ index .Values "rancherTurtles" "namespace" }} - path: /validate-turtles-capi-cattle-io-v1alpha1-etcdmachinesnapshot - failurePolicy: Fail - matchPolicy: Equivalent - name: etcdmachinesnapshot.kb.io - rules: - - apiGroups: - - turtles-capi.cattle.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - etcdmachinesnapshots - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: rancher-turtles-etcdsnapshotrestore-webhook-service - namespace: {{ index .Values "rancherTurtles" "namespace" }} - path: /validate-turtles-capi-cattle-io-v1alpha1-etcdsnapshotrestore - failurePolicy: Fail - matchPolicy: Equivalent - name: etcdsnapshotrestore.kb.io - rules: - - apiGroups: - - turtles-capi.cattle.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - etcdsnapshotrestores - sideEffects: None -{{- end }}