diff --git a/.github/workflows/helm-oci-package-ghcr.yaml b/.github/workflows/helm-oci-package-ghcr.yaml
index 67a45442..c9f46c8e 100644
--- a/.github/workflows/helm-oci-package-ghcr.yaml
+++ b/.github/workflows/helm-oci-package-ghcr.yaml
@@ -28,7 +28,7 @@ jobs:
fetch-depth: 0
fetch-tags: true
- name: Install Helm
- uses: azure/setup-helm@v4.3.1
+ uses: azure/setup-helm@v4
- name: Lint Helm Chart
run: helm lint charts/openstack-hypervisor-operator
- name: Package Helm Chart
diff --git a/.golangci.yaml b/.golangci.yaml
index c1fa5dc5..d2fb2339 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -138,9 +138,6 @@ linters:
- G112
# if we put a password or token into a serialized payload, guess what, we probably did that on purpose
- G117
- # this triggers on net/http.Request.ParseForm() and its callers, e.g. net/http.Request.FormValue(), complaining about potential memory exhaustion from unbounded form parsing;
- # but that is incorrect, ParseForm() by default never parses more than 10 MiB for this specific reason
- - G120
# created file permissions are restricted by umask if necessary
- G306
# the following lints cause false-positives in many repositories, should be fixed with the next release. (see https://github.com/securego/gosec/issues/1500)
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 6987eca2..e08c694b 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -27,13 +27,3 @@ repos:
entry: sh -c "gmake check || make check"
language: system
pass_filenames: false
- - id: helmify
- name: helmify
- entry: sh -c "gmake helmify || make helmify"
- language: system
- pass_filenames: false
- - id: go-build
- name: go build
- entry: sh -c "gmake build-all || make build-all"
- language: system
- pass_filenames: false
diff --git a/Makefile b/Makefile
index f3ad0ef8..e4fa2350 100644
--- a/Makefile
+++ b/Makefile
@@ -35,11 +35,7 @@ default: build-all
.PHONY: install-crds
install-crds: generate ## Install CRDs into the K8s cluster specified in ~/.kube/config.
- kubectl kustomize config/crd | kubectl apply -f -
-
-.PHONY: helmify
-helmify:
- kubectl kustomize config/default | helmify -crd-dir charts/openstack-hypervisor-operator
+ kubectl apply -f config/crd/*.yaml
install-goimports: FORCE
@if ! hash goimports 2>/dev/null; then printf "\e[1;36m>> Installing goimports (this may take a while)...\e[0m\n"; go install golang.org/x/tools/cmd/goimports@latest; fi
@@ -117,7 +113,7 @@ check: FORCE static-check build/cover.html build-all
generate: install-controller-gen
@printf "\e[1;36m>> controller-gen\e[0m\n"
- @controller-gen crd:allowDangerousTypes=true rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+ @controller-gen crd:allowDangerousTypes=true rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=charts/openstack-hypervisor-operator/crds
@controller-gen object:headerFile="hack/boilerplate.go.txt" paths="./..."
@controller-gen applyconfiguration paths="./..."
diff --git a/Makefile.maker.yaml b/Makefile.maker.yaml
index a55b5839..dff6a128 100644
--- a/Makefile.maker.yaml
+++ b/Makefile.maker.yaml
@@ -7,9 +7,10 @@ binaries:
controllerGen:
enabled: true
- crdOutputPath: config/crd/bases
+ crdOutputPath: charts/openstack-hypervisor-operator/crds
objectHeaderFile: hack/boilerplate.go.txt
rbacRoleName: manager-role
+ allowDangerousTypes: true
coverageTest:
only: '/internal'
@@ -72,8 +73,4 @@ reuse:
verbatim: |
.PHONY: install-crds
install-crds: generate ## Install CRDs into the K8s cluster specified in ~/.kube/config.
- kubectl kustomize config/crd | kubectl apply -f -
-
- .PHONY: helmify
- helmify:
- kubectl kustomize config/default | helmify -crd-dir charts/openstack-hypervisor-operator
+ kubectl apply -f config/crd/*.yaml
diff --git a/api/v1/suite_test.go b/api/v1/suite_test.go
index 92e51bbe..0df775dc 100644
--- a/api/v1/suite_test.go
+++ b/api/v1/suite_test.go
@@ -48,7 +48,7 @@ var _ = BeforeSuite(func() {
By("bootstrapping test environment")
testEnv = &envtest.Environment{
- CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")},
+ CRDDirectoryPaths: []string{filepath.Join("..", "..", "charts", "openstack-hypervisor-operator", "crds")},
ErrorIfCRDPathMissing: true,
BinaryAssetsDirectory: filepath.Join("..", "..", "bin", "k8s",
fmt.Sprintf("1.31.0-%s-%s", runtime.GOOS, runtime.GOARCH)),
diff --git a/charts/openstack-hypervisor-operator/Chart.yaml b/charts/openstack-hypervisor-operator/Chart.yaml
index 60a2ba61..de7df07c 100644
--- a/charts/openstack-hypervisor-operator/Chart.yaml
+++ b/charts/openstack-hypervisor-operator/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v2
name: openstack-hypervisor-operator
description: A Helm chart for Kubernetes
-appVersion: 0.1.0
-version: 0.2.9
+appVersion: latest
+version: 1.0.0
type: application
diff --git a/charts/openstack-hypervisor-operator/crds/eviction-crd.yaml b/charts/openstack-hypervisor-operator/crds/eviction-crd.yaml
deleted file mode 100644
index 65af9e42..00000000
--- a/charts/openstack-hypervisor-operator/crds/eviction-crd.yaml
+++ /dev/null
@@ -1,147 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.19.0
- name: evictions.kvm.cloud.sap
-spec:
- group: kvm.cloud.sap
- names:
- kind: Eviction
- listKind: EvictionList
- plural: evictions
- shortNames:
- - evi
- singular: eviction
- scope: Cluster
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.hypervisor
- name: Hypervisor
- type: string
- - jsonPath: .spec.reason
- name: Reason
- type: string
- - jsonPath: .status.conditions[?(@.type=="Evicting")].reason
- name: State
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Created
- type: date
- name: v1
- schema:
- openAPIV3Schema:
- description: Eviction is the Schema for the evictions API
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: EvictionSpec defines the desired state of Eviction
- properties:
- hypervisor:
- description: Name of hypervisor to evict
- minLength: 1
- type: string
- x-kubernetes-validations:
- - message: Value is immutable
- rule: self == oldSelf
- reason:
- description: Reason for eviction, always required
- minLength: 1
- type: string
- required:
- - hypervisor
- - reason
- type: object
- status:
- description: EvictionStatus defines the observed state of Eviction
- properties:
- conditions:
- description: Conditions is an array of current conditions
- items:
- description: Condition contains details for one aspect of the current
- state of this API Resource.
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- hypervisorServiceId:
- type: string
- outstandingInstances:
- items:
- type: string
- type: array
- outstandingRamMb:
- default: 0
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-
diff --git a/charts/openstack-hypervisor-operator/crds/hypervisor-crd.yaml b/charts/openstack-hypervisor-operator/crds/hypervisor-crd.yaml
deleted file mode 100644
index b479fc60..00000000
--- a/charts/openstack-hypervisor-operator/crds/hypervisor-crd.yaml
+++ /dev/null
@@ -1,621 +0,0 @@
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.19.0
- name: hypervisors.kvm.cloud.sap
-spec:
- group: kvm.cloud.sap
- names:
- kind: Hypervisor
- listKind: HypervisorList
- plural: hypervisors
- shortNames:
- - hv
- singular: hypervisor
- scope: Cluster
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.labels.topology\.kubernetes\.io/zone
- name: Zone
- priority: 2
- type: string
- - jsonPath: .metadata.labels.kubernetes\.metal\.cloud\.sap/bb
- name: Building Block
- priority: 2
- type: string
- - jsonPath: .metadata.labels.worker\.garden\.sapcloud\.io/group
- name: Group
- priority: 2
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].reason
- name: State
- type: string
- - jsonPath: .status.conditions[?(@.type=="Tainted")].message
- name: Taint
- type: string
- - jsonPath: .spec.lifecycleEnabled
- name: Lifecycle
- type: boolean
- - jsonPath: .spec.highAvailability
- name: High Availability
- type: boolean
- - jsonPath: .spec.skipTests
- name: Skip Tests
- type: boolean
- - jsonPath: .status.operatingSystem.prettyVersion
- name: Version
- type: string
- - jsonPath: .status.internalIp
- name: IP
- type: string
- - jsonPath: .status.numInstances
- name: Instances
- type: integer
- - jsonPath: .status.operatingSystem.hardwareModel
- name: Hardware
- priority: 2
- type: string
- - jsonPath: .status.operatingSystem.kernelRelease
- name: Kernel
- priority: 2
- type: string
- - jsonPath: .status.conditions[?(@.type=="Onboarding")].reason
- name: Onboarding
- priority: 3
- type: string
- - jsonPath: .status.serviceId
- name: Service ID
- priority: 3
- type: string
- - jsonPath: .status.hypervisorId
- name: Hypervisor ID
- priority: 3
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1
- schema:
- openAPIV3Schema:
- description: Hypervisor is the Schema for the hypervisors API
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: HypervisorSpec defines the desired state of Hypervisor
- properties:
- aggregates:
- default: []
- description: Aggregates are used to apply aggregates to the hypervisor.
- items:
- type: string
- type: array
- allowedProjects:
- default: []
- description: |-
- AllowedProjects defines which openstack projects are allowed to schedule
- instances on this hypervisor. The values of this list should be project
- uuids. If left empty, all projects are allowed.
- items:
- type: string
- type: array
- createCertManagerCertificate:
- default: false
- description: |-
- Require to issue a certificate from cert-manager for the hypervisor, to be used for
- secure communication with the libvirt API.
- type: boolean
- customTraits:
- default: []
- description: CustomTraits are used to apply custom traits to the hypervisor.
- items:
- type: string
- type: array
- evacuateOnReboot:
- default: true
- description: EvacuateOnReboot request an evacuation of all instances
- before reboot.
- type: boolean
- highAvailability:
- default: true
- description: HighAvailability is used to enable the high availability
- handling of the hypervisor.
- type: boolean
- installCertificate:
- default: true
- description: InstallCertificate is used to enable the installations
- of the certificates via kvm-node-agent.
- type: boolean
- lifecycleEnabled:
- default: true
- description: LifecycleEnabled enables the lifecycle management of
- the hypervisor via hypervisor-operator.
- type: boolean
- maintenance:
- description: Maintenance indicates whether the hypervisor is in maintenance
- mode.
- enum:
- - ""
- - manual
- - auto
- - ha
- - termination
- type: string
- maintenanceReason:
- description: MaintenanceReason provides the reason for manual maintenance
- mode.
- type: string
- overcommit:
- additionalProperties:
- type: number
- description: |-
- Overcommit specifies the desired overcommit ratio by resource type.
-
- If no overcommit is specified for a resource type, the default overcommit
- ratio of 1.0 should be applied, i.e. the effective capacity is the same
- as the actual capacity.
-
- If the overcommit ratio results in a fractional effective capacity,
- the effective capacity is expected to be rounded down. This allows
- gradually adjusting the hypervisor capacity.
-
- It is validated that all overcommit ratios are greater than or equal to
- 1.0, if specified. For this we don't need extra validating webhooks.
- See: https://kubernetes.io/blog/2022/09/23/crd-validation-rules-beta/#crd-transition-rules
- type: object
- x-kubernetes-validations:
- - message: overcommit ratios must be >= 1.0
- rule: self.all(k, self[k] >= 1.0)
- reboot:
- default: false
- description: Reboot request an reboot after successful installation
- of an upgrade.
- type: boolean
- skipTests:
- default: false
- description: SkipTests skips the tests during the onboarding process.
- type: boolean
- version:
- description: OperatingSystemVersion represents the desired operating
- system version.
- type: string
- required:
- - aggregates
- - allowedProjects
- - createCertManagerCertificate
- - customTraits
- - evacuateOnReboot
- - highAvailability
- - installCertificate
- - lifecycleEnabled
- - reboot
- - skipTests
- type: object
- x-kubernetes-validations:
- - message: spec is immutable when maintenance is 'termination'; can only
- change maintenance to 'ha'
- rule: '!has(oldSelf.maintenance) || oldSelf.maintenance != ''termination''
- || self.maintenance == ''ha'' || self == oldSelf'
- - message: maintenanceReason must be non-empty when maintenance is 'manual'
- rule: '!has(self.maintenance) || self.maintenance != ''manual'' || (has(self.maintenanceReason)
- && self.maintenanceReason.size() > 0)'
- status:
- description: HypervisorStatus defines the observed state of Hypervisor
- properties:
- aggregates:
- description: Aggregates are the applied aggregates of the hypervisor
- with their names and UUIDs.
- items:
- description: Aggregate represents an OpenStack aggregate with its
- name and UUID.
- properties:
- name:
- description: Name is the name of the aggregate.
- type: string
- uuid:
- description: UUID is the unique identifier of the aggregate.
- type: string
- required:
- - name
- - uuid
- type: object
- type: array
- allocation:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: Auto-discovered resource allocation of all hosted VMs.
- type: object
- capabilities:
- description: Auto-discovered capabilities as reported by libvirt.
- properties:
- cpuArch:
- default: unknown
- description: The hosts CPU architecture (not the guests).
- type: string
- cpus:
- anyOf:
- - type: integer
- - type: string
- description: Total host cpus available as a sum of cpus over all
- numa cells.
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- memory:
- anyOf:
- - type: integer
- - type: string
- description: Total host memory available as a sum of memory over
- all numa cells.
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- type: object
- capacity:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Auto-discovered capacity of the hypervisor.
-
- Note that this capacity does not include the applied overcommit ratios,
- and represents the actual capacity of the hypervisor. Use the
- effective capacity field to get the capacity considering the applied
- overcommit ratios.
- type: object
- cells:
- description: Auto-discovered cells on this hypervisor.
- items:
- description: Cell represents a NUMA cell on the hypervisor.
- properties:
- allocation:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: Auto-discovered resource allocation of all hosted
- VMs in this cell.
- type: object
- capacity:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Auto-discovered capacity of this cell.
-
- Note that this capacity does not include the applied overcommit ratios,
- and represents the actual capacity of the cell. Use the effective capacity
- field to get the capacity considering the applied overcommit ratios.
- type: object
- cellID:
- description: Cell ID.
- format: int64
- type: integer
- effectiveCapacity:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Auto-discovered capacity of this cell, considering the
- applied overcommit ratios.
-
- In case no overcommit ratio is specified for a resource type, the default
- overcommit ratio of 1 should be applied, meaning the effective capacity
- is the same as the actual capacity.
-
- If the overcommit ratio results in a fractional effective capacity, the
- effective capacity is expected to be rounded down.
- type: object
- required:
- - cellID
- type: object
- type: array
- conditions:
- description: Represents the Hypervisor node conditions.
- items:
- description: Condition contains details for one aspect of the current
- state of this API Resource.
- properties:
- lastTransitionTime:
- description: |-
- lastTransitionTime is the last time the condition transitioned from one status to another.
- This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: |-
- message is a human readable message indicating details about the transition.
- This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: |-
- observedGeneration represents the .metadata.generation that the condition was set based upon.
- For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
- with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: |-
- reason contains a programmatic identifier indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected values and meanings for this field,
- and whether the values are considered a guaranteed API.
- The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- domainCapabilities:
- description: |-
- Auto-discovered domain capabilities relevant to check if a VM
- can be scheduled on the hypervisor.
- properties:
- arch:
- default: unknown
- description: The available domain cpu architecture.
- type: string
- hypervisorType:
- default: unknown
- description: The supported type of virtualization for domains,
- such as "ch".
- type: string
- supportedCpuModes:
- default: []
- description: |-
- Supported cpu modes for domains.
-
- The format of this list is cpu mode, and if specified, a specific
- submode. For example, the take the following xml domain cpu definition:
-
-
-
-
-
- The corresponding entries in this list would be "host-passthrough" and
- "host-passthrough/migratable".
- items:
- type: string
- type: array
- supportedDevices:
- default: []
- description: |-
- Supported devices for domains.
-
- The format of this list is the device type, and if specified, a specific
- model. For example, the take the following xml domain device definition:
-
-
-
- The corresponding entries in this list would be "video" and "video/nvidia".
- items:
- type: string
- type: array
- supportedFeatures:
- default: []
- description: |-
- Supported features for domains, such as "sev" or "sgx".
-
- This is a flat list of supported features, meaning the following xml:
-
-
-
-
-
-
- Would correspond to the entries "sev" and "sgx" in this list.
- items:
- type: string
- type: array
- type: object
- effectiveCapacity:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Auto-discovered capacity of the hypervisor, considering the
- applied overcommit ratios.
-
- In case no overcommit ratio is specified for a resource type, the default
- overcommit ratio of 1 should be applied, meaning the effective capacity
- is the same as the actual capacity.
-
- If the overcommit ratio results in a fractional effective capacity, the
- effective capacity is expected to be rounded down.
- type: object
- evicted:
- description: Evicted indicates whether the hypervisor is evicted.
- (no instances left with active maintenance mode)
- type: boolean
- hypervisorId:
- description: HypervisorID is the unique identifier of the hypervisor
- in OpenStack.
- type: string
- hypervisorVersion:
- default: unknown
- description: Represents the Hypervisor version
- type: string
- instances:
- description: Represents the Hypervisor hosted Virtual Machines
- items:
- properties:
- active:
- description: Represents the instance state.
- type: boolean
- id:
- description: Represents the instance ID (uuidv4).
- type: string
- name:
- description: Represents the instance name.
- type: string
- required:
- - active
- - id
- - name
- type: object
- type: array
- internalIp:
- description: InternalIP is the internal IP address of the hypervisor.
- type: string
- libVirtVersion:
- default: unknown
- description: Represents the LibVirt version.
- type: string
- numInstances:
- default: 0
- description: Represent the num of instances
- type: integer
- operatingSystem:
- description: Represents the Operating System status.
- properties:
- firmwareDate:
- description: FirmwareDate
- format: date-time
- type: string
- firmwareVendor:
- description: FirmwareVendor
- type: string
- firmwareVersion:
- description: FirmwareVersion
- type: string
- gardenLinuxCommitID:
- description: Represents the Garden Linux build commit id
- type: string
- gardenLinuxFeatures:
- description: Represents the Garden Linux Feature Set
- items:
- type: string
- type: array
- hardwareModel:
- description: HardwareModel
- type: string
- hardwareSerial:
- description: HardwareSerial
- type: string
- hardwareVendor:
- description: HardwareVendor
- type: string
- kernelCommandLine:
- description: KernelCommandLine contains the raw kernel boot parameters
- from /proc/cmdline.
- type: string
- kernelName:
- description: KernelName
- type: string
- kernelRelease:
- description: KernelRelease
- type: string
- kernelVersion:
- description: KernelVersion
- type: string
- prettyVersion:
- description: PrettyVersion
- type: string
- variantID:
- description: Identifying a specific variant or edition of the
- operating system
- type: string
- version:
- description: Represents the Operating System version.
- type: string
- type: object
- serviceId:
- description: ServiceID is the unique identifier of the compute service
- in OpenStack.
- type: string
- specHash:
- type: string
- traits:
- description: Traits are the applied traits of the hypervisor.
- items:
- type: string
- type: array
- updateStatus:
- description: Represents the Hypervisor update status.
- properties:
- inProgress:
- default: false
- description: Represents a running Operating System update.
- type: boolean
- installed:
- default: unknown
- description: Represents the Operating System installed update
- version.
- type: string
- retry:
- default: 3
- description: Represents the number of retries.
- type: integer
- required:
- - inProgress
- - retry
- type: object
- required:
- - numInstances
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
diff --git a/config/crd/bases/kvm.cloud.sap_evictions.yaml b/charts/openstack-hypervisor-operator/crds/kvm.cloud.sap_evictions.yaml
similarity index 100%
rename from config/crd/bases/kvm.cloud.sap_evictions.yaml
rename to charts/openstack-hypervisor-operator/crds/kvm.cloud.sap_evictions.yaml
diff --git a/config/crd/bases/kvm.cloud.sap_hypervisors.yaml b/charts/openstack-hypervisor-operator/crds/kvm.cloud.sap_hypervisors.yaml
similarity index 100%
rename from config/crd/bases/kvm.cloud.sap_hypervisors.yaml
rename to charts/openstack-hypervisor-operator/crds/kvm.cloud.sap_hypervisors.yaml
diff --git a/charts/openstack-hypervisor-operator/values.yaml b/charts/openstack-hypervisor-operator/values.yaml
index 23a25831..30d99e5a 100644
--- a/charts/openstack-hypervisor-operator/values.yaml
+++ b/charts/openstack-hypervisor-operator/values.yaml
@@ -23,8 +23,7 @@ controllerManager:
osUserDomainName: ""
osUsername: ""
image:
- repository: keppel.eu-de-1.cloud.sap/ccloud/openstack-hypervisor-operator
- tag: latest
+ repository: ghcr.io/cobaltcore-dev/openstack-hypervisor-operator
resources:
limits:
cpu: 500m
diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
deleted file mode 100644
index 8885525f..00000000
--- a/config/crd/kustomization.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-# This kustomization.yaml is not intended to be run by itself,
-# since it depends on service name and namespace that are out of this kustomize package.
-# It should be run by config/default
-resources:
-- bases/kvm.cloud.sap_evictions.yaml
-- bases/kvm.cloud.sap_hypervisors.yaml
-# +kubebuilder:scaffold:crdkustomizeresource
-
-patches:
-# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
-# patches here are for enabling the conversion webhook for each CRD
-# +kubebuilder:scaffold:crdkustomizewebhookpatch
-
-# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
-# patches here are for enabling the CA injection for each CRD
-#- path: patches/cainjection_in_evictions.yaml
-# +kubebuilder:scaffold:crdkustomizecainjectionpatch
-
-# [WEBHOOK] To enable webhook, uncomment the following section
-# the following config is for teaching kustomize how to do kustomization for CRDs.
-
-#configurations:
-#- kustomizeconfig.yaml
diff --git a/config/crd/kustomizeconfig.yaml b/config/crd/kustomizeconfig.yaml
deleted file mode 100644
index ec5c150a..00000000
--- a/config/crd/kustomizeconfig.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-# This file is for teaching kustomize how to substitute name and namespace reference in CRD
-nameReference:
-- kind: Service
- version: v1
- fieldSpecs:
- - kind: CustomResourceDefinition
- version: v1
- group: apiextensions.k8s.io
- path: spec/conversion/webhook/clientConfig/service/name
-
-namespace:
-- kind: CustomResourceDefinition
- version: v1
- group: apiextensions.k8s.io
- path: spec/conversion/webhook/clientConfig/service/namespace
- create: false
-
-varReference:
-- path: metadata/annotations
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
deleted file mode 100644
index c4e79fea..00000000
--- a/config/default/kustomization.yaml
+++ /dev/null
@@ -1,151 +0,0 @@
-# Adds namespace to all resources.
-namespace: openstack-hypervisor-operator-system
-
-# Value of this field is prepended to the
-# names of all resources, e.g. a deployment named
-# "wordpress" becomes "alices-wordpress".
-# Note that it should also match with the prefix (text before '-') of the namespace
-# field above.
-namePrefix: openstack-hypervisor-operator-
-
-# Labels to add to all resources and selectors.
-#labels:
-#- includeSelectors: true
-# pairs:
-# someName: someValue
-
-resources:
-- ../crd
-- ../rbac
-- ../manager
-# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
-# crd/kustomization.yaml
-#- ../webhook
-# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
-#- ../certmanager
-# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
-#- ../prometheus
-# [METRICS] Expose the controller manager metrics service.
-- metrics_service.yaml
-# [NETWORK POLICY] Protect the /metrics endpoint and Webhook Server with NetworkPolicy.
-# Only Pod(s) running a namespace labeled with 'metrics: enabled' will be able to gather the metrics.
-# Only CR(s) which requires webhooks and are applied on namespaces labeled with 'webhooks: enabled' will
-# be able to communicate with the Webhook Server.
-#- ../network-policy
-
-# Uncomment the patches line if you enable Metrics, and/or are using webhooks and cert-manager
-patches:
-# [METRICS] The following patch will enable the metrics endpoint using HTTPS and the port :8443.
-# More info: https://book.kubebuilder.io/reference/metrics
-- path: manager_metrics_patch.yaml
- target:
- kind: Deployment
-
-# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
-# crd/kustomization.yaml
-#- path: manager_webhook_patch.yaml
-
-# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
-# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
-# 'CERTMANAGER' needs to be enabled to use ca injection
-#- path: webhookcainjection_patch.yaml
-
-# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
-# Uncomment the following replacements to add the cert-manager CA injection annotations
-#replacements:
-# - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs
-# kind: Certificate
-# group: cert-manager.io
-# version: v1
-# name: serving-cert # this name should match the one in certificate.yaml
-# fieldPath: .metadata.namespace # namespace of the certificate CR
-# targets:
-# - select:
-# kind: ValidatingWebhookConfiguration
-# fieldPaths:
-# - .metadata.annotations.[cert-manager.io/inject-ca-from]
-# options:
-# delimiter: '/'
-# index: 0
-# create: true
-# - select:
-# kind: MutatingWebhookConfiguration
-# fieldPaths:
-# - .metadata.annotations.[cert-manager.io/inject-ca-from]
-# options:
-# delimiter: '/'
-# index: 0
-# create: true
-# - select:
-# kind: CustomResourceDefinition
-# fieldPaths:
-# - .metadata.annotations.[cert-manager.io/inject-ca-from]
-# options:
-# delimiter: '/'
-# index: 0
-# create: true
-# - source:
-# kind: Certificate
-# group: cert-manager.io
-# version: v1
-# name: serving-cert # this name should match the one in certificate.yaml
-# fieldPath: .metadata.name
-# targets:
-# - select:
-# kind: ValidatingWebhookConfiguration
-# fieldPaths:
-# - .metadata.annotations.[cert-manager.io/inject-ca-from]
-# options:
-# delimiter: '/'
-# index: 1
-# create: true
-# - select:
-# kind: MutatingWebhookConfiguration
-# fieldPaths:
-# - .metadata.annotations.[cert-manager.io/inject-ca-from]
-# options:
-# delimiter: '/'
-# index: 1
-# create: true
-# - select:
-# kind: CustomResourceDefinition
-# fieldPaths:
-# - .metadata.annotations.[cert-manager.io/inject-ca-from]
-# options:
-# delimiter: '/'
-# index: 1
-# create: true
-# - source: # Add cert-manager annotation to the webhook Service
-# kind: Service
-# version: v1
-# name: webhook-service
-# fieldPath: .metadata.name # namespace of the service
-# targets:
-# - select:
-# kind: Certificate
-# group: cert-manager.io
-# version: v1
-# fieldPaths:
-# - .spec.dnsNames.0
-# - .spec.dnsNames.1
-# options:
-# delimiter: '.'
-# index: 0
-# create: true
-# - source:
-# kind: Service
-# version: v1
-# name: webhook-service
-# fieldPath: .metadata.namespace # namespace of the service
-# targets:
-# - select:
-# kind: Certificate
-# group: cert-manager.io
-# version: v1
-# fieldPaths:
-# - .spec.dnsNames.0
-# - .spec.dnsNames.1
-# options:
-# delimiter: '.'
-# index: 1
-# create: true
diff --git a/config/default/manager_metrics_patch.yaml b/config/default/manager_metrics_patch.yaml
deleted file mode 100644
index 2aaef653..00000000
--- a/config/default/manager_metrics_patch.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-# This patch adds the args to allow exposing the metrics endpoint using HTTPS
-- op: add
- path: /spec/template/spec/containers/0/args/0
- value: --metrics-bind-address=:8443
diff --git a/config/default/metrics_service.yaml b/config/default/metrics_service.yaml
deleted file mode 100644
index 091828d5..00000000
--- a/config/default/metrics_service.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- control-plane: controller-manager
- app.kubernetes.io/name: openstack-hypervisor-operator
- app.kubernetes.io/managed-by: kustomize
- name: controller-manager-metrics-service
- namespace: system
-spec:
- ports:
- - name: https
- port: 8443
- protocol: TCP
- targetPort: 8443
- selector:
- control-plane: controller-manager
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
deleted file mode 100644
index 52b7bbe2..00000000
--- a/config/manager/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-images:
-- name: controller
- newName: ghcr.io/cobaltcore-dev/openstack-hypervisor-operator
- newTag: ""
-resources:
-- manager.yaml
-- secret.yaml
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
deleted file mode 100644
index 9b55a9c5..00000000
--- a/config/manager/manager.yaml
+++ /dev/null
@@ -1,113 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
- labels:
- control-plane: controller-manager
- app.kubernetes.io/name: openstack-hypervisor-operator
- app.kubernetes.io/managed-by: kustomize
- name: system
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: controller-manager
- namespace: system
- labels:
- control-plane: controller-manager
- app.kubernetes.io/name: openstack-hypervisor-operator
- app.kubernetes.io/managed-by: kustomize
-spec:
- selector:
- matchLabels:
- control-plane: controller-manager
- replicas: 1
- template:
- metadata:
- annotations:
- kubectl.kubernetes.io/default-container: manager
- labels:
- control-plane: controller-manager
- spec:
- # TODO(user): Uncomment the following code to configure the nodeAffinity expression
- # according to the platforms which are supported by your solution.
- # It is considered best practice to support multiple architectures. You can
- # build your manager image using the makefile target docker-buildx.
- # affinity:
- # nodeAffinity:
- # requiredDuringSchedulingIgnoredDuringExecution:
- # nodeSelectorTerms:
- # - matchExpressions:
- # - key: kubernetes.io/arch
- # operator: In
- # values:
- # - amd64
- # - arm64
- # - ppc64le
- # - s390x
- # - key: kubernetes.io/os
- # operator: In
- # values:
- # - linux
- securityContext:
- runAsNonRoot: true
- # TODO(user): For common cases that do not require escalating privileges
- # it is recommended to ensure that all your Pods/Containers are restrictive.
- # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
- # Please uncomment the following code if your project does NOT have to work on old Kubernetes
- # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
- # seccompProfile:
- # type: RuntimeDefault
- containers:
- - args:
- - --leader-elect
- - --health-probe-bind-address=:8081
- - --certificate-namespace=$(CERTIFICATE_NAMESPACE)
- - --certificate-issuer-name=$(CERTIFICATE_ISSUER_NAME)
- - --label-selector=$(LABEL_SELECTOR)
- env:
- - name: OS_AUTH_URL
- - name: OS_PROJECT_DOMAIN_NAME
- - name: OS_PROJECT_NAME
- - name: OS_REGION_NAME
- - name: OS_USER_DOMAIN_NAME
- - name: OS_USERNAME
- - name: OS_PASSWORD
- valueFrom:
- secretKeyRef:
- name: secret
- key: SERVICE_PASSWORD
- - name: CERTIFICATE_NAMESPACE
- value: "monsoon3"
- - name: CERTIFICATE_ISSUER_NAME
- value: "nova-hypervisor-agents-ca-issuer"
- - name: LABEL_SELECTOR
- image: keppel.eu-de-1.cloud.sap/ccloud/openstack-hypervisor-operator:latest
- name: manager
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - "ALL"
- livenessProbe:
- httpGet:
- path: /healthz
- port: 8081
- initialDelaySeconds: 15
- periodSeconds: 20
- readinessProbe:
- httpGet:
- path: /readyz
- port: 8081
- initialDelaySeconds: 5
- periodSeconds: 10
- # TODO(user): Configure the resources accordingly based on the project requirements.
- # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- resources:
- limits:
- cpu: 500m
- memory: 128Mi
- requests:
- cpu: 10m
- memory: 64Mi
- serviceAccountName: controller-manager
- terminationGracePeriodSeconds: 10
diff --git a/config/manager/secret.yaml b/config/manager/secret.yaml
deleted file mode 100644
index 68725c41..00000000
--- a/config/manager/secret.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
- name: secret
-type: Opaque
-stringData:
- SERVICE_PASSWORD: "TOPSECRET"
diff --git a/config/network-policy/allow-metrics-traffic.yaml b/config/network-policy/allow-metrics-traffic.yaml
deleted file mode 100644
index add3ca5e..00000000
--- a/config/network-policy/allow-metrics-traffic.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-# This NetworkPolicy allows ingress traffic
-# with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those
-# namespaces are able to gathering data from the metrics endpoint.
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/name: openstack-hypervisor-operator
- app.kubernetes.io/managed-by: kustomize
- name: allow-metrics-traffic
- namespace: system
-spec:
- podSelector:
- matchLabels:
- control-plane: controller-manager
- policyTypes:
- - Ingress
- ingress:
- # This allows ingress traffic from any namespace with the label metrics: enabled
- - from:
- - namespaceSelector:
- matchLabels:
- metrics: enabled # Only from namespaces with this label
- ports:
- - port: 8443
- protocol: TCP
diff --git a/config/network-policy/kustomization.yaml b/config/network-policy/kustomization.yaml
deleted file mode 100644
index ec0fb5e5..00000000
--- a/config/network-policy/kustomization.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-resources:
-- allow-metrics-traffic.yaml
diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml
deleted file mode 100644
index ed137168..00000000
--- a/config/prometheus/kustomization.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-resources:
-- monitor.yaml
diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml
deleted file mode 100644
index 4d0b8c02..00000000
--- a/config/prometheus/monitor.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-# Prometheus Monitor Service (Metrics)
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
- labels:
- control-plane: controller-manager
- app.kubernetes.io/name: openstack-hypervisor-operator
- app.kubernetes.io/managed-by: kustomize
- name: controller-manager-metrics-monitor
- namespace: system
-spec:
- endpoints:
- - path: /metrics
- port: https # Ensure this is the name of the port that exposes HTTPS metrics
- scheme: https
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
- tlsConfig:
- # TODO(user): The option insecureSkipVerify: true is not recommended for production since it disables
- # certificate verification. This poses a significant security risk by making the system vulnerable to
- # man-in-the-middle attacks, where an attacker could intercept and manipulate the communication between
- # Prometheus and the monitored services. This could lead to unauthorized access to sensitive metrics data,
- # compromising the integrity and confidentiality of the information.
- # Please use the following options for secure configurations:
- # caFile: /etc/metrics-certs/ca.crt
- # certFile: /etc/metrics-certs/tls.crt
- # keyFile: /etc/metrics-certs/tls.key
- insecureSkipVerify: true
- selector:
- matchLabels:
- control-plane: controller-manager
diff --git a/config/rbac/eviction_editor_role.yaml b/config/rbac/eviction_editor_role.yaml
deleted file mode 100644
index ebe75aeb..00000000
--- a/config/rbac/eviction_editor_role.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-# permissions for end users to edit evictions.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/name: openstack-hypervisor-operator
- app.kubernetes.io/managed-by: kustomize
- name: eviction-editor-role
-rules:
-- apiGroups:
- - kvm.cloud.sap
- resources:
- - evictions
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - kvm.cloud.sap
- resources:
- - evictions/status
- verbs:
- - get
diff --git a/config/rbac/eviction_viewer_role.yaml b/config/rbac/eviction_viewer_role.yaml
deleted file mode 100644
index 6c3e9106..00000000
--- a/config/rbac/eviction_viewer_role.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-# permissions for end users to view evictions.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/name: openstack-hypervisor-operator
- app.kubernetes.io/managed-by: kustomize
- name: eviction-viewer-role
-rules:
-- apiGroups:
- - kvm.cloud.sap
- resources:
- - evictions
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - kvm.cloud.sap
- resources:
- - evictions/status
- verbs:
- - get
diff --git a/config/rbac/hypervisor_editor_role.yaml b/config/rbac/hypervisor_editor_role.yaml
deleted file mode 100644
index 4aaf78fb..00000000
--- a/config/rbac/hypervisor_editor_role.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-# permissions for end users to edit hypervisors.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/name: kvm-node-agent
- app.kubernetes.io/managed-by: kustomize
- name: hypervisor-editor-role
-rules:
-- apiGroups:
- - kvm.cloud.sap
- resources:
- - hypervisors
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - kvm.cloud.sap
- resources:
- - hypervisors/status
- verbs:
- - get
diff --git a/config/rbac/hypervisor_viewer_role.yaml b/config/rbac/hypervisor_viewer_role.yaml
deleted file mode 100644
index b4335932..00000000
--- a/config/rbac/hypervisor_viewer_role.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-# permissions for end users to view hypervisors.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/name: kvm-node-agent
- app.kubernetes.io/managed-by: kustomize
- name: hypervisor-viewer-role
-rules:
-- apiGroups:
- - kvm.cloud.sap
- resources:
- - hypervisors
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - kvm.cloud.sap
- resources:
- - hypervisors/status
- verbs:
- - get
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
deleted file mode 100644
index 54f46baa..00000000
--- a/config/rbac/kustomization.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-resources:
-# All RBAC will be applied under this service account in
-# the deployment namespace. You may comment out this resource
-# if your manager will use a service account that exists at
-# runtime. Be sure to update RoleBinding and ClusterRoleBinding
-# subjects if changing service account names.
-- service_account.yaml
-- role.yaml
-- role_binding.yaml
-- leader_election_role.yaml
-- leader_election_role_binding.yaml
-# The following RBAC configurations are used to protect
-# the metrics endpoint with authn/authz. These configurations
-# ensure that only authorized users and service accounts
-# can access the metrics endpoint. Comment the following
-# permissions if you want to disable this protection.
-# More info: https://book.kubebuilder.io/reference/metrics.html
-- metrics_auth_role.yaml
-- metrics_auth_role_binding.yaml
-- metrics_reader_role.yaml
-# For each CRD, "Editor" and "Viewer" roles are scaffolded by
-# default, aiding admins in cluster management. Those roles are
-# not used by the Project itself. You can comment the following lines
-# if you do not want those helpers be installed with your Project.
-- eviction_editor_role.yaml
-- eviction_viewer_role.yaml
-- hypervisor_editor_role.yaml
-- hypervisor_viewer_role.yaml
diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml
deleted file mode 100644
index 0a9cd6f5..00000000
--- a/config/rbac/leader_election_role.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-# permissions to do leader election.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- labels:
- app.kubernetes.io/name: openstack-hypervisor-operator
- app.kubernetes.io/managed-by: kustomize
- name: leader-election-role
-rules:
-- apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
-- apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml
deleted file mode 100644
index de1d92b6..00000000
--- a/config/rbac/leader_election_role_binding.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- labels:
- app.kubernetes.io/name: openstack-hypervisor-operator
- app.kubernetes.io/managed-by: kustomize
- name: leader-election-rolebinding
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: leader-election-role
-subjects:
-- kind: ServiceAccount
- name: controller-manager
- namespace: system
diff --git a/config/rbac/metrics_auth_role.yaml b/config/rbac/metrics_auth_role.yaml
deleted file mode 100644
index 32d2e4ec..00000000
--- a/config/rbac/metrics_auth_role.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: metrics-auth-role
-rules:
-- apiGroups:
- - authentication.k8s.io
- resources:
- - tokenreviews
- verbs:
- - create
-- apiGroups:
- - authorization.k8s.io
- resources:
- - subjectaccessreviews
- verbs:
- - create
diff --git a/config/rbac/metrics_auth_role_binding.yaml b/config/rbac/metrics_auth_role_binding.yaml
deleted file mode 100644
index e775d67f..00000000
--- a/config/rbac/metrics_auth_role_binding.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: metrics-auth-rolebinding
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: metrics-auth-role
-subjects:
-- kind: ServiceAccount
- name: controller-manager
- namespace: system
diff --git a/config/rbac/metrics_reader_role.yaml b/config/rbac/metrics_reader_role.yaml
deleted file mode 100644
index 51a75db4..00000000
--- a/config/rbac/metrics_reader_role.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: metrics-reader
-rules:
-- nonResourceURLs:
- - "/metrics"
- verbs:
- - get
diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml
deleted file mode 100644
index a95e4d69..00000000
--- a/config/rbac/role_binding.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/name: openstack-hypervisor-operator
- app.kubernetes.io/managed-by: kustomize
- name: manager-rolebinding
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: manager-role
-subjects:
-- kind: ServiceAccount
- name: controller-manager
- namespace: system
diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml
deleted file mode 100644
index 2daf9239..00000000
--- a/config/rbac/service_account.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/name: openstack-hypervisor-operator
- app.kubernetes.io/managed-by: kustomize
- name: controller-manager
- namespace: system
diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml
deleted file mode 100644
index 1ca99e17..00000000
--- a/config/samples/kustomization.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-## Append samples of your project ##
-resources:
-- kvm_v1_eviction.yaml
-# +kubebuilder:scaffold:manifestskustomizesamples
diff --git a/config/samples/kvm_v1_eviction.yaml b/config/samples/kvm_v1_eviction.yaml
deleted file mode 100644
index 2342d43f..00000000
--- a/config/samples/kvm_v1_eviction.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: kvm.cloud.sap/v1
-kind: Eviction
-metadata:
- labels:
- app.kubernetes.io/name: openstack-hypervisor-operator
- app.kubernetes.io/managed-by: kustomize
- name: eviction-sample
-spec:
- hypervisor: node007-bb273
- reason: "sample reason"
diff --git a/internal/controller/suite_test.go b/internal/controller/suite_test.go
index 9e039bf9..a6e70c14 100644
--- a/internal/controller/suite_test.go
+++ b/internal/controller/suite_test.go
@@ -55,7 +55,7 @@ var _ = BeforeSuite(func() {
By("bootstrapping test environment")
testEnv = &envtest.Environment{
- CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")},
+ CRDDirectoryPaths: []string{filepath.Join("..", "..", "charts", "openstack-hypervisor-operator", "crds")},
ErrorIfCRDPathMissing: true,
// The BinaryAssetsDirectory is only required if you want to run the tests directly