suse-edge/Factory
SHA256
14
0
Fork 15
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

unpack obscpio files

Browse Source
This commit is contained in:
Denislav Prodanov
2024-10-22 10:51:51 +03:00
parent beab68c274
commit 21086b77bb
182 changed files with 15763 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
cdi-chart/crds.obscpio → cdi-chart/crds/cdi.yaml
View File

Binary file not shown.

BIN
cdi-chart/templates.obscpio
View File

Binary file not shown.

2
cdi-chart/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,2 @@
Verify that all CDI components are installed correctly:
kubectl get all -n {{ .Release.Namespace }}

62
cdi-chart/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "cdi.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "cdi.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "cdi.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "cdi.labels" -}}
helm.sh/chart: {{ include "cdi.chart" . }}
{{ include "cdi.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "cdi.selectorLabels" -}}
app.kubernetes.io/name: {{ include "cdi.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "cdi.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "cdi.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

47
cdi-chart/templates/_hooks.tpl Normal file
View File

@@ -0,0 +1,47 @@
{{/* Hook annotations */}}
{{- define "cdi.hook.annotations" -}}
annotations:
"helm.sh/hook": {{ .hookType }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": {{ .hookWeight | quote }}
{{- end -}}
{{/* Namespace modifying hook annotations */}}
{{- define "cdi.namespaceHook.annotations" -}}
{{ template "cdi.hook.annotations" merge (dict "hookType" "pre-install") . }}
{{- end -}}
{{/* CRD upgrading hook annotations */}}
{{- define "cdi.crdUpgradeHook.annotations" -}}
{{ template "cdi.hook.annotations" merge (dict "hookType" "pre-upgrade") . }}
{{- end -}}
{{/* Custom resource uninstalling hook annotations */}}
{{- define "cdi.crUninstallHook.annotations" -}}
{{ template "cdi.hook.annotations" merge (dict "hookType" "pre-delete") . }}
{{- end -}}
{{/* CRD uninstalling hook annotations */}}
{{- define "cdi.crdUninstallHook.annotations" -}}
{{ template "cdi.hook.annotations" merge (dict "hookType" "post-delete") . }}
{{- end -}}
{{/* Namespace modifying hook name */}}
{{- define "cdi.namespaceHook.name" -}}
{{ include "cdi.fullname" . }}-namespace-modify
{{- end }}
{{/* CRD upgrading hook name */}}
{{- define "cdi.crdUpgradeHook.name" -}}
{{ include "cdi.fullname" . }}-crd-upgrade
{{- end }}
{{/* Custom resource uninstalling hook name */}}
{{- define "cdi.crUninstallHook.name" -}}
{{ include "cdi.fullname" . }}-uninstall
{{- end }}
{{/* CRD uninstalling hook name */}}
{{- define "cdi.crdUninstallHook.name" -}}
{{ include "cdi.fullname" . }}-crd-uninstall
{{- end }}

671
cdi-chart/templates/cdi-operator.yaml Normal file
View File

@@ -0,0 +1,671 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
operator.cdi.kubevirt.io: ""
name: cdi-operator-cluster
rules:
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- security.openshift.io
resources:
- securitycontextconstraints
verbs:
- get
- list
- watch
- update
- create
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
- customresourcedefinitions/status
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- cdi.kubevirt.io
- upload.cdi.kubevirt.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- create
- list
- watch
- apiGroups:
- admissionregistration.k8s.io
resourceNames:
- cdi-api-dataimportcron-validate
- cdi-api-populator-validate
- cdi-api-datavolume-validate
- cdi-api-validate
- objecttransfer-api-validate
resources:
- validatingwebhookconfigurations
verbs:
- get
- update
- delete
- apiGroups:
- admissionregistration.k8s.io
resourceNames:
- cdi-api-datavolume-mutate
- cdi-api-pvc-mutate
resources:
- mutatingwebhookconfigurations
verbs:
- get
- update
- delete
- apiGroups:
- apiregistration.k8s.io
resources:
- apiservices
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- get
- list
- watch
- apiGroups:
- cdi.kubevirt.io
resources:
- datavolumes
verbs:
- list
- get
- apiGroups:
- cdi.kubevirt.io
resources:
- datasources
verbs:
- get
- apiGroups:
- cdi.kubevirt.io
resources:
- volumeclonesources
verbs:
- get
- list
- watch
- apiGroups:
- cdi.kubevirt.io
resources:
- storageprofiles
verbs:
- get
- list
- watch
- apiGroups:
- cdi.kubevirt.io
resources:
- cdis
verbs:
- get
- list
- watch
- apiGroups:
- cdi.kubevirt.io
resources:
- cdiconfigs
verbs:
- get
- list
- watch
- apiGroups:
- cdi.kubevirt.io
resources:
- cdis/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- create
- update
- delete
- deletecollection
- patch
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- persistentvolumeclaims/finalizers
- pods/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
- pods
- services
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- create
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
- csidrivers
verbs:
- get
- list
- watch
- apiGroups:
- config.openshift.io
resources:
- proxies
- infrastructures
verbs:
- get
- list
- watch
- apiGroups:
- config.openshift.io
resources:
- clusterversions
verbs:
- get
- apiGroups:
- cdi.kubevirt.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
- volumesnapshotclasses
- volumesnapshotcontents
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- update
- deletecollection
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- scheduling.k8s.io
resources:
- priorityclasses
verbs:
- get
- list
- watch
- apiGroups:
- image.openshift.io
resources:
- imagestreams
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- apiGroups:
- kubevirt.io
resources:
- virtualmachines/finalizers
verbs:
- update
- apiGroups:
- forklift.cdi.kubevirt.io
resources:
- ovirtvolumepopulators
- openstackvolumepopulators
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- apiGroups:
- cdi.kubevirt.io
resources:
- dataimportcrons
verbs:
- get
- list
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
operator.cdi.kubevirt.io: ""
name: cdi-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cdi-operator-cluster
subjects:
- kind: ServiceAccount
name: cdi-operator
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
operator.cdi.kubevirt.io: ""
name: cdi-operator
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: containerized-data-importer
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi-operator
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- ""
resources:
- serviceaccounts
- configmaps
- events
- secrets
- services
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- apps
resources:
- deployments
- deployments/finalizers
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- get
- list
- watch
- create
- update
- apiGroups:
- config.openshift.io
resources:
- proxies
verbs:
- get
- list
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
- prometheusrules
verbs:
- get
- list
- watch
- create
- delete
- update
- patch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- create
- update
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- get
- list
- watch
- create
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- get
- list
- watch
- create
- update
- deletecollection
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- deletecollection
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- create
- update
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- apiGroups:
- ""
resources:
- services
- endpoints
- pods
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: containerized-data-importer
app.kubernetes.io/component: storage
app.kubernetes.io/managed-by: cdi-operator
cdi.kubevirt.io: ""
name: cdi-operator
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cdi-operator
subjects:
- kind: ServiceAccount
name: cdi-operator
namespace: {{ .Release.Namespace }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cdi.kubevirt.io: cdi-operator
name: cdi-operator
operator.cdi.kubevirt.io: ""
prometheus.cdi.kubevirt.io: "true"
name: cdi-operator
namespace: {{ .Release.Namespace }}
spec:
replicas: 1
selector:
matchLabels:
name: cdi-operator
operator.cdi.kubevirt.io: ""
strategy: {}
template:
metadata:
labels:
cdi.kubevirt.io: cdi-operator
name: cdi-operator
operator.cdi.kubevirt.io: ""
prometheus.cdi.kubevirt.io: "true"
spec:
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: cdi.kubevirt.io
operator: In
values:
- cdi-operator
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- env:
- name: DEPLOY_CLUSTER_RESOURCES
value: "true"
- name: OPERATOR_VERSION
value: {{ .Values.deployment.version }}
- name: CONTROLLER_IMAGE
value: {{ .Values.deployment.controllerImage }}:{{ .Values.deployment.version }}
- name: IMPORTER_IMAGE
value: {{ .Values.deployment.importerImage }}:{{ .Values.deployment.version }}
- name: CLONER_IMAGE
value: {{ .Values.deployment.clonerImage }}:{{ .Values.deployment.version }}
- name: OVIRT_POPULATOR_IMAGE
value: {{ .Values.deployment.importerImage }}:{{ .Values.deployment.version }}
- name: APISERVER_IMAGE
value: {{ .Values.deployment.apiserverImage }}:{{ .Values.deployment.version }}
- name: UPLOAD_SERVER_IMAGE
value: {{ .Values.deployment.uploadserverImage }}:{{ .Values.deployment.version }}
- name: UPLOAD_PROXY_IMAGE
value: {{ .Values.deployment.uploadproxyImage }}:{{ .Values.deployment.version }}
- name: VERBOSITY
value: "1"
- name: PULL_POLICY
value: {{ .Values.deployment.pullPolicy }}
- name: MONITORING_NAMESPACE
image: {{ .Values.deployment.operatorImage }}:{{ .Values.deployment.version }}
imagePullPolicy: {{ .Values.deployment.pullPolicy }}
name: cdi-operator
ports:
- containerPort: 8080
name: metrics
protocol: TCP
resources:
requests:
cpu: 100m
memory: 150Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
serviceAccountName: cdi-operator
tolerations:
- key: CriticalAddonsOnly
operator: Exists

69
cdi-chart/templates/cdi-uninstall-hooks.yaml Normal file
View File

@@ -0,0 +1,69 @@
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "cdi.crUninstallHook.name" . }}
{{ template "cdi.crUninstallHook.annotations" (dict "hookWeight" 1) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "cdi.crUninstallHook.name" . }}
{{ template "cdi.crUninstallHook.annotations" (dict "hookWeight" 1) }}
rules:
- apiGroups: [ "cdi.kubevirt.io" ]
resources: [ "cdis" ]
resourceNames:
- "cdi"
verbs: [ "delete" ]
- apiGroups: [ "apps" ]
resources: [ "deployments" ]
verbs: [ "get", "list" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "cdi.crUninstallHook.name" . }}
{{ template "cdi.crUninstallHook.annotations" (dict "hookWeight" 2) }}
subjects:
- kind: ServiceAccount
namespace: {{ .Release.Namespace }}
name: {{ template "cdi.crUninstallHook.name" . }}
roleRef:
kind: ClusterRole
name: {{ template "cdi.crUninstallHook.name" . }}
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "cdi.crUninstallHook.name" . }}
{{ template "cdi.crUninstallHook.annotations" (dict "hookWeight" 3) }}
spec:
template:
metadata:
name: {{ template "cdi.crUninstallHook.name" . }}
spec:
serviceAccountName: {{ template "cdi.crUninstallHook.name" . }}
restartPolicy: {{ .Values.hookRestartPolicy }}
containers:
- name: {{ template "cdi.crUninstallHook.name" . }}
image: {{ .Values.hookImage }}
securityContext:
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
args:
- delete
- cdi
- cdi
- name: {{ template "cdi.crUninstallHook.name" . }}-cleanup
image: {{ .Values.hookImage }}
securityContext:
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
args:
- wait
- --for=delete
- deployments/cdi-apiserver
- deployments/cdi-deployment
- deployments/cdi-uploadproxy
- --timeout=60s

21
cdi-chart/templates/cdi.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: cdi.kubevirt.io/v1beta1
kind: CDI
metadata:
name: cdi
spec:
{{- with .Values.cdi.config }}
config:
{{- toYaml . | nindent 4 }}
{{- end }}
imagePullPolicy: {{ .Values.cdi.imagePullPolicy }}
{{- with .Values.cdi.infra }}
infra:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.cdi.uninstallStrategy }}
uninstallStrategy: {{ .Values.cdi.uninstallStrategy }}
{{- end }}
{{- with .Values.cdi.workload }}
workload:
{{- toYaml . | nindent 4 }}
{{- end }}

55
cdi-chart/templates/crd-uninstall-hooks.yaml Normal file
View File

@@ -0,0 +1,55 @@
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "cdi.crdUninstallHook.name" . }}
{{ template "cdi.crdUninstallHook.annotations" (dict "hookWeight" 1) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "cdi.crdUninstallHook.name" . }}
{{ template "cdi.crdUninstallHook.annotations" (dict "hookWeight" 1) }}
rules:
- apiGroups: [ "apiextensions.k8s.io" ]
resources: [ "customresourcedefinitions" ]
resourceNames:
- "cdis.cdi.kubevirt.io"
verbs: [ "delete" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "cdi.crdUninstallHook.name" . }}
{{ template "cdi.crdUninstallHook.annotations" (dict "hookWeight" 2) }}
subjects:
- kind: ServiceAccount
namespace: {{ .Release.Namespace }}
name: {{ template "cdi.crdUninstallHook.name" . }}
roleRef:
kind: ClusterRole
name: {{ template "cdi.crdUninstallHook.name" . }}
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "cdi.crdUninstallHook.name" . }}
{{ template "cdi.crdUninstallHook.annotations" (dict "hookWeight" 3) }}
spec:
template:
metadata:
name: {{ template "cdi.crdUninstallHook.name" . }}
spec:
serviceAccountName: {{ template "cdi.crdUninstallHook.name" . }}
restartPolicy: {{ .Values.hookRestartPolicy }}
containers:
- name: {{ template "cdi.crdUninstallHook.name" . }}
image: {{ .Values.hookImage }}
args:
- delete
- customresourcedefinitions
- cdis.cdi.kubevirt.io
securityContext:
{{- toYaml .Values.hookSecurityContext | nindent 12 }}

80
cdi-chart/templates/crd-upgrade-hooks.yaml Normal file
View File

@@ -0,0 +1,80 @@
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ .Release.Namespace }}
name: cdi-crd-manifest
{{ template "cdi.crdUpgradeHook.annotations" (dict "hookWeight" 1) }}
data:
crd: |-
{{ $.Files.Get "crds/cdi.yaml" | nindent 4 }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "cdi.crdUpgradeHook.name" . }}
{{ template "cdi.crdUpgradeHook.annotations" (dict "hookWeight" 2) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "cdi.crdUpgradeHook.name" . }}
{{ template "cdi.crdUpgradeHook.annotations" (dict "hookWeight" 2) }}
rules:
- apiGroups: [ "" ]
resources: [ "configmaps" ]
resourceNames:
- "cdi-crd-manifest"
verbs: [ "get" ]
- apiGroups: [ "apiextensions.k8s.io" ]
resources: [ "customresourcedefinitions" ]
resourceNames:
- "cdis.cdi.kubevirt.io"
verbs: [ "get", "patch" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "cdi.crdUpgradeHook.name" . }}
{{ template "cdi.crdUpgradeHook.annotations" (dict "hookWeight" 3) }}
subjects:
- kind: ServiceAccount
namespace: {{ .Release.Namespace }}
name: {{ template "cdi.crdUpgradeHook.name" . }}
roleRef:
kind: ClusterRole
name: {{ template "cdi.crdUpgradeHook.name" . }}
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "cdi.crdUpgradeHook.name" . }}
{{ template "cdi.crdUpgradeHook.annotations" (dict "hookWeight" 4) }}
spec:
template:
metadata:
name: {{ template "cdi.crdUpgradeHook.name" . }}
spec:
serviceAccountName: {{ template "cdi.crdUpgradeHook.name" . }}
restartPolicy: {{ .Values.hookRestartPolicy }}
containers:
- name: {{ template "cdi.crdUpgradeHook.name" . }}
image: {{ .Values.hookImage }}
args:
- apply
- -f
- /etc/manifests/crd.yaml
securityContext:
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
volumeMounts:
- name: crd-volume
mountPath: /etc/manifests
volumes:
- name: crd-volume
configMap:
name: cdi-crd-manifest
items:
- key: crd
path: crd.yaml

56
cdi-chart/templates/namespace-hooks.yaml Normal file
View File

@@ -0,0 +1,56 @@
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "cdi.namespaceHook.name" . }}
{{ template "cdi.namespaceHook.annotations" (dict "hookWeight" 1) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "cdi.namespaceHook.name" . }}
{{ template "cdi.namespaceHook.annotations" (dict "hookWeight" 1) }}
rules:
- apiGroups: [ "" ]
resources: [ "namespaces" ]
resourceNames:
- {{ .Release.Namespace | quote }}
verbs: [ "get", "patch" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "cdi.namespaceHook.name" . }}
{{ template "cdi.namespaceHook.annotations" (dict "hookWeight" 2) }}
subjects:
- kind: ServiceAccount
namespace: {{ .Release.Namespace }}
name: {{ template "cdi.namespaceHook.name" . }}
roleRef:
kind: ClusterRole
name: {{ template "cdi.namespaceHook.name" . }}
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "cdi.namespaceHook.name" . }}
{{ template "cdi.namespaceHook.annotations" (dict "hookWeight" 3) }}
spec:
template:
metadata:
name: {{ template "cdi.namespaceHook.name" . }}
spec:
serviceAccountName: {{ template "cdi.namespaceHook.name" . }}
restartPolicy: {{ .Values.hookRestartPolicy }}
containers:
- name: {{ template "cdi.namespaceHook.name" . }}
securityContext:
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
image: {{ .Values.hookImage }}
args:
- label
- namespace
- {{ .Release.Namespace }}
- cdi.kubevirt.io=