From 40ad6ff697f6ada9c6675ffa242c18459bc86e17 Mon Sep 17 00:00:00 2001 From: Andrew Karpow Date: Mon, 16 Mar 2026 11:55:31 -0400 Subject: [PATCH] Remove helmify / kustomize, switch to helm-chart only. This PR removes the helmify step and removes kustomize as an option to render the manager/rbacs/crd. Helmify took a lot of work creating a helm-chart based on the boilerplate generated by kubebuilder. But ultimatively, it imposes too many constraints to the outcome of the helm-chart and makes it hard to implement custom renditions (like using .AppVersion as a image tag). Thus this PR is removing the kustomize files, leaving only the generated CRDs in the config directory (which don't need any templating) and symlinks it to the helm chart. --- .github/workflows/helm-oci-package-ghcr.yaml | 2 +- .golangci.yaml | 3 - .pre-commit-config.yaml | 10 - Makefile | 8 +- Makefile.maker.yaml | 9 +- api/v1/suite_test.go | 2 +- .../openstack-hypervisor-operator/Chart.yaml | 4 +- .../crds/eviction-crd.yaml | 147 ----- .../crds/hypervisor-crd.yaml | 621 ------------------ .../crds}/kvm.cloud.sap_evictions.yaml | 0 .../crds}/kvm.cloud.sap_hypervisors.yaml | 0 .../openstack-hypervisor-operator/values.yaml | 3 +- config/crd/kustomization.yaml | 23 - config/crd/kustomizeconfig.yaml | 19 - config/default/kustomization.yaml | 151 ----- config/default/manager_metrics_patch.yaml | 4 - config/default/metrics_service.yaml | 17 - config/manager/kustomization.yaml | 9 - config/manager/manager.yaml | 113 ---- config/manager/secret.yaml | 7 - .../network-policy/allow-metrics-traffic.yaml | 26 - config/network-policy/kustomization.yaml | 2 - config/prometheus/kustomization.yaml | 2 - config/prometheus/monitor.yaml | 30 - config/rbac/eviction_editor_role.yaml | 27 - config/rbac/eviction_viewer_role.yaml | 23 - config/rbac/hypervisor_editor_role.yaml | 27 - config/rbac/hypervisor_viewer_role.yaml | 23 - config/rbac/kustomization.yaml | 28 - config/rbac/leader_election_role.yaml | 40 -- config/rbac/leader_election_role_binding.yaml | 15 - config/rbac/metrics_auth_role.yaml | 17 - config/rbac/metrics_auth_role_binding.yaml | 12 - config/rbac/metrics_reader_role.yaml | 9 - config/rbac/role_binding.yaml | 15 - config/rbac/service_account.yaml | 8 - config/samples/kustomization.yaml | 4 - config/samples/kvm_v1_eviction.yaml | 10 - internal/controller/suite_test.go | 2 +- 39 files changed, 11 insertions(+), 1461 deletions(-) delete mode 100644 charts/openstack-hypervisor-operator/crds/eviction-crd.yaml delete mode 100644 charts/openstack-hypervisor-operator/crds/hypervisor-crd.yaml rename {config/crd/bases => charts/openstack-hypervisor-operator/crds}/kvm.cloud.sap_evictions.yaml (100%) rename {config/crd/bases => charts/openstack-hypervisor-operator/crds}/kvm.cloud.sap_hypervisors.yaml (100%) delete mode 100644 config/crd/kustomization.yaml delete mode 100644 config/crd/kustomizeconfig.yaml delete mode 100644 config/default/kustomization.yaml delete mode 100644 config/default/manager_metrics_patch.yaml delete mode 100644 config/default/metrics_service.yaml delete mode 100644 config/manager/kustomization.yaml delete mode 100644 config/manager/manager.yaml delete mode 100644 config/manager/secret.yaml delete mode 100644 config/network-policy/allow-metrics-traffic.yaml delete mode 100644 config/network-policy/kustomization.yaml delete mode 100644 config/prometheus/kustomization.yaml delete mode 100644 config/prometheus/monitor.yaml delete mode 100644 config/rbac/eviction_editor_role.yaml delete mode 100644 config/rbac/eviction_viewer_role.yaml delete mode 100644 config/rbac/hypervisor_editor_role.yaml delete mode 100644 config/rbac/hypervisor_viewer_role.yaml delete mode 100644 config/rbac/kustomization.yaml delete mode 100644 config/rbac/leader_election_role.yaml delete mode 100644 config/rbac/leader_election_role_binding.yaml delete mode 100644 config/rbac/metrics_auth_role.yaml delete mode 100644 config/rbac/metrics_auth_role_binding.yaml delete mode 100644 config/rbac/metrics_reader_role.yaml delete mode 100644 config/rbac/role_binding.yaml delete mode 100644 config/rbac/service_account.yaml delete mode 100644 config/samples/kustomization.yaml delete mode 100644 config/samples/kvm_v1_eviction.yaml diff --git a/.github/workflows/helm-oci-package-ghcr.yaml b/.github/workflows/helm-oci-package-ghcr.yaml index 67a45442..c9f46c8e 100644 --- a/.github/workflows/helm-oci-package-ghcr.yaml +++ b/.github/workflows/helm-oci-package-ghcr.yaml @@ -28,7 +28,7 @@ jobs: fetch-depth: 0 fetch-tags: true - name: Install Helm - uses: azure/setup-helm@v4.3.1 + uses: azure/setup-helm@v4 - name: Lint Helm Chart run: helm lint charts/openstack-hypervisor-operator - name: Package Helm Chart diff --git a/.golangci.yaml b/.golangci.yaml index c1fa5dc5..d2fb2339 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -138,9 +138,6 @@ linters: - G112 # if we put a password or token into a serialized payload, guess what, we probably did that on purpose - G117 - # this triggers on net/http.Request.ParseForm() and its callers, e.g. net/http.Request.FormValue(), complaining about potential memory exhaustion from unbounded form parsing; - # but that is incorrect, ParseForm() by default never parses more than 10 MiB for this specific reason - - G120 # created file permissions are restricted by umask if necessary - G306 # the following lints cause false-positives in many repositories, should be fixed with the next release. (see https://github.com/securego/gosec/issues/1500) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6987eca2..e08c694b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -27,13 +27,3 @@ repos: entry: sh -c "gmake check || make check" language: system pass_filenames: false - - id: helmify - name: helmify - entry: sh -c "gmake helmify || make helmify" - language: system - pass_filenames: false - - id: go-build - name: go build - entry: sh -c "gmake build-all || make build-all" - language: system - pass_filenames: false diff --git a/Makefile b/Makefile index f3ad0ef8..e4fa2350 100644 --- a/Makefile +++ b/Makefile @@ -35,11 +35,7 @@ default: build-all .PHONY: install-crds install-crds: generate ## Install CRDs into the K8s cluster specified in ~/.kube/config. - kubectl kustomize config/crd | kubectl apply -f - - -.PHONY: helmify -helmify: - kubectl kustomize config/default | helmify -crd-dir charts/openstack-hypervisor-operator + kubectl apply -f config/crd/*.yaml install-goimports: FORCE @if ! hash goimports 2>/dev/null; then printf "\e[1;36m>> Installing goimports (this may take a while)...\e[0m\n"; go install golang.org/x/tools/cmd/goimports@latest; fi @@ -117,7 +113,7 @@ check: FORCE static-check build/cover.html build-all generate: install-controller-gen @printf "\e[1;36m>> controller-gen\e[0m\n" - @controller-gen crd:allowDangerousTypes=true rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases + @controller-gen crd:allowDangerousTypes=true rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=charts/openstack-hypervisor-operator/crds @controller-gen object:headerFile="hack/boilerplate.go.txt" paths="./..." @controller-gen applyconfiguration paths="./..." diff --git a/Makefile.maker.yaml b/Makefile.maker.yaml index a55b5839..dff6a128 100644 --- a/Makefile.maker.yaml +++ b/Makefile.maker.yaml @@ -7,9 +7,10 @@ binaries: controllerGen: enabled: true - crdOutputPath: config/crd/bases + crdOutputPath: charts/openstack-hypervisor-operator/crds objectHeaderFile: hack/boilerplate.go.txt rbacRoleName: manager-role + allowDangerousTypes: true coverageTest: only: '/internal' @@ -72,8 +73,4 @@ reuse: verbatim: | .PHONY: install-crds install-crds: generate ## Install CRDs into the K8s cluster specified in ~/.kube/config. - kubectl kustomize config/crd | kubectl apply -f - - - .PHONY: helmify - helmify: - kubectl kustomize config/default | helmify -crd-dir charts/openstack-hypervisor-operator + kubectl apply -f config/crd/*.yaml diff --git a/api/v1/suite_test.go b/api/v1/suite_test.go index 92e51bbe..0df775dc 100644 --- a/api/v1/suite_test.go +++ b/api/v1/suite_test.go @@ -48,7 +48,7 @@ var _ = BeforeSuite(func() { By("bootstrapping test environment") testEnv = &envtest.Environment{ - CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")}, + CRDDirectoryPaths: []string{filepath.Join("..", "..", "charts", "openstack-hypervisor-operator", "crds")}, ErrorIfCRDPathMissing: true, BinaryAssetsDirectory: filepath.Join("..", "..", "bin", "k8s", fmt.Sprintf("1.31.0-%s-%s", runtime.GOOS, runtime.GOARCH)), diff --git a/charts/openstack-hypervisor-operator/Chart.yaml b/charts/openstack-hypervisor-operator/Chart.yaml index 60a2ba61..de7df07c 100644 --- a/charts/openstack-hypervisor-operator/Chart.yaml +++ b/charts/openstack-hypervisor-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: openstack-hypervisor-operator description: A Helm chart for Kubernetes -appVersion: 0.1.0 -version: 0.2.9 +appVersion: latest +version: 1.0.0 type: application diff --git a/charts/openstack-hypervisor-operator/crds/eviction-crd.yaml b/charts/openstack-hypervisor-operator/crds/eviction-crd.yaml deleted file mode 100644 index 65af9e42..00000000 --- a/charts/openstack-hypervisor-operator/crds/eviction-crd.yaml +++ /dev/null @@ -1,147 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - name: evictions.kvm.cloud.sap -spec: - group: kvm.cloud.sap - names: - kind: Eviction - listKind: EvictionList - plural: evictions - shortNames: - - evi - singular: eviction - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.hypervisor - name: Hypervisor - type: string - - jsonPath: .spec.reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=="Evicting")].reason - name: State - type: string - - jsonPath: .metadata.creationTimestamp - name: Created - type: date - name: v1 - schema: - openAPIV3Schema: - description: Eviction is the Schema for the evictions API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: EvictionSpec defines the desired state of Eviction - properties: - hypervisor: - description: Name of hypervisor to evict - minLength: 1 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - reason: - description: Reason for eviction, always required - minLength: 1 - type: string - required: - - hypervisor - - reason - type: object - status: - description: EvictionStatus defines the observed state of Eviction - properties: - conditions: - description: Conditions is an array of current conditions - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - hypervisorServiceId: - type: string - outstandingInstances: - items: - type: string - type: array - outstandingRamMb: - default: 0 - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} - diff --git a/charts/openstack-hypervisor-operator/crds/hypervisor-crd.yaml b/charts/openstack-hypervisor-operator/crds/hypervisor-crd.yaml deleted file mode 100644 index b479fc60..00000000 --- a/charts/openstack-hypervisor-operator/crds/hypervisor-crd.yaml +++ /dev/null @@ -1,621 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - name: hypervisors.kvm.cloud.sap -spec: - group: kvm.cloud.sap - names: - kind: Hypervisor - listKind: HypervisorList - plural: hypervisors - shortNames: - - hv - singular: hypervisor - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.labels.topology\.kubernetes\.io/zone - name: Zone - priority: 2 - type: string - - jsonPath: .metadata.labels.kubernetes\.metal\.cloud\.sap/bb - name: Building Block - priority: 2 - type: string - - jsonPath: .metadata.labels.worker\.garden\.sapcloud\.io/group - name: Group - priority: 2 - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].reason - name: State - type: string - - jsonPath: .status.conditions[?(@.type=="Tainted")].message - name: Taint - type: string - - jsonPath: .spec.lifecycleEnabled - name: Lifecycle - type: boolean - - jsonPath: .spec.highAvailability - name: High Availability - type: boolean - - jsonPath: .spec.skipTests - name: Skip Tests - type: boolean - - jsonPath: .status.operatingSystem.prettyVersion - name: Version - type: string - - jsonPath: .status.internalIp - name: IP - type: string - - jsonPath: .status.numInstances - name: Instances - type: integer - - jsonPath: .status.operatingSystem.hardwareModel - name: Hardware - priority: 2 - type: string - - jsonPath: .status.operatingSystem.kernelRelease - name: Kernel - priority: 2 - type: string - - jsonPath: .status.conditions[?(@.type=="Onboarding")].reason - name: Onboarding - priority: 3 - type: string - - jsonPath: .status.serviceId - name: Service ID - priority: 3 - type: string - - jsonPath: .status.hypervisorId - name: Hypervisor ID - priority: 3 - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: Hypervisor is the Schema for the hypervisors API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: HypervisorSpec defines the desired state of Hypervisor - properties: - aggregates: - default: [] - description: Aggregates are used to apply aggregates to the hypervisor. - items: - type: string - type: array - allowedProjects: - default: [] - description: |- - AllowedProjects defines which openstack projects are allowed to schedule - instances on this hypervisor. The values of this list should be project - uuids. If left empty, all projects are allowed. - items: - type: string - type: array - createCertManagerCertificate: - default: false - description: |- - Require to issue a certificate from cert-manager for the hypervisor, to be used for - secure communication with the libvirt API. - type: boolean - customTraits: - default: [] - description: CustomTraits are used to apply custom traits to the hypervisor. - items: - type: string - type: array - evacuateOnReboot: - default: true - description: EvacuateOnReboot request an evacuation of all instances - before reboot. - type: boolean - highAvailability: - default: true - description: HighAvailability is used to enable the high availability - handling of the hypervisor. - type: boolean - installCertificate: - default: true - description: InstallCertificate is used to enable the installations - of the certificates via kvm-node-agent. - type: boolean - lifecycleEnabled: - default: true - description: LifecycleEnabled enables the lifecycle management of - the hypervisor via hypervisor-operator. - type: boolean - maintenance: - description: Maintenance indicates whether the hypervisor is in maintenance - mode. - enum: - - "" - - manual - - auto - - ha - - termination - type: string - maintenanceReason: - description: MaintenanceReason provides the reason for manual maintenance - mode. - type: string - overcommit: - additionalProperties: - type: number - description: |- - Overcommit specifies the desired overcommit ratio by resource type. - - If no overcommit is specified for a resource type, the default overcommit - ratio of 1.0 should be applied, i.e. the effective capacity is the same - as the actual capacity. - - If the overcommit ratio results in a fractional effective capacity, - the effective capacity is expected to be rounded down. This allows - gradually adjusting the hypervisor capacity. - - It is validated that all overcommit ratios are greater than or equal to - 1.0, if specified. For this we don't need extra validating webhooks. - See: https://kubernetes.io/blog/2022/09/23/crd-validation-rules-beta/#crd-transition-rules - type: object - x-kubernetes-validations: - - message: overcommit ratios must be >= 1.0 - rule: self.all(k, self[k] >= 1.0) - reboot: - default: false - description: Reboot request an reboot after successful installation - of an upgrade. - type: boolean - skipTests: - default: false - description: SkipTests skips the tests during the onboarding process. - type: boolean - version: - description: OperatingSystemVersion represents the desired operating - system version. - type: string - required: - - aggregates - - allowedProjects - - createCertManagerCertificate - - customTraits - - evacuateOnReboot - - highAvailability - - installCertificate - - lifecycleEnabled - - reboot - - skipTests - type: object - x-kubernetes-validations: - - message: spec is immutable when maintenance is 'termination'; can only - change maintenance to 'ha' - rule: '!has(oldSelf.maintenance) || oldSelf.maintenance != ''termination'' - || self.maintenance == ''ha'' || self == oldSelf' - - message: maintenanceReason must be non-empty when maintenance is 'manual' - rule: '!has(self.maintenance) || self.maintenance != ''manual'' || (has(self.maintenanceReason) - && self.maintenanceReason.size() > 0)' - status: - description: HypervisorStatus defines the observed state of Hypervisor - properties: - aggregates: - description: Aggregates are the applied aggregates of the hypervisor - with their names and UUIDs. - items: - description: Aggregate represents an OpenStack aggregate with its - name and UUID. - properties: - name: - description: Name is the name of the aggregate. - type: string - uuid: - description: UUID is the unique identifier of the aggregate. - type: string - required: - - name - - uuid - type: object - type: array - allocation: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Auto-discovered resource allocation of all hosted VMs. - type: object - capabilities: - description: Auto-discovered capabilities as reported by libvirt. - properties: - cpuArch: - default: unknown - description: The hosts CPU architecture (not the guests). - type: string - cpus: - anyOf: - - type: integer - - type: string - description: Total host cpus available as a sum of cpus over all - numa cells. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - memory: - anyOf: - - type: integer - - type: string - description: Total host memory available as a sum of memory over - all numa cells. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Auto-discovered capacity of the hypervisor. - - Note that this capacity does not include the applied overcommit ratios, - and represents the actual capacity of the hypervisor. Use the - effective capacity field to get the capacity considering the applied - overcommit ratios. - type: object - cells: - description: Auto-discovered cells on this hypervisor. - items: - description: Cell represents a NUMA cell on the hypervisor. - properties: - allocation: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Auto-discovered resource allocation of all hosted - VMs in this cell. - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Auto-discovered capacity of this cell. - - Note that this capacity does not include the applied overcommit ratios, - and represents the actual capacity of the cell. Use the effective capacity - field to get the capacity considering the applied overcommit ratios. - type: object - cellID: - description: Cell ID. - format: int64 - type: integer - effectiveCapacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Auto-discovered capacity of this cell, considering the - applied overcommit ratios. - - In case no overcommit ratio is specified for a resource type, the default - overcommit ratio of 1 should be applied, meaning the effective capacity - is the same as the actual capacity. - - If the overcommit ratio results in a fractional effective capacity, the - effective capacity is expected to be rounded down. - type: object - required: - - cellID - type: object - type: array - conditions: - description: Represents the Hypervisor node conditions. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - domainCapabilities: - description: |- - Auto-discovered domain capabilities relevant to check if a VM - can be scheduled on the hypervisor. - properties: - arch: - default: unknown - description: The available domain cpu architecture. - type: string - hypervisorType: - default: unknown - description: The supported type of virtualization for domains, - such as "ch". - type: string - supportedCpuModes: - default: [] - description: |- - Supported cpu modes for domains. - - The format of this list is cpu mode, and if specified, a specific - submode. For example, the take the following xml domain cpu definition: - - - - - - The corresponding entries in this list would be "host-passthrough" and - "host-passthrough/migratable". - items: - type: string - type: array - supportedDevices: - default: [] - description: |- - Supported devices for domains. - - The format of this list is the device type, and if specified, a specific - model. For example, the take the following xml domain device definition: - - - - The corresponding entries in this list would be "video" and "video/nvidia". - items: - type: string - type: array - supportedFeatures: - default: [] - description: |- - Supported features for domains, such as "sev" or "sgx". - - This is a flat list of supported features, meaning the following xml: - - - - - - - Would correspond to the entries "sev" and "sgx" in this list. - items: - type: string - type: array - type: object - effectiveCapacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Auto-discovered capacity of the hypervisor, considering the - applied overcommit ratios. - - In case no overcommit ratio is specified for a resource type, the default - overcommit ratio of 1 should be applied, meaning the effective capacity - is the same as the actual capacity. - - If the overcommit ratio results in a fractional effective capacity, the - effective capacity is expected to be rounded down. - type: object - evicted: - description: Evicted indicates whether the hypervisor is evicted. - (no instances left with active maintenance mode) - type: boolean - hypervisorId: - description: HypervisorID is the unique identifier of the hypervisor - in OpenStack. - type: string - hypervisorVersion: - default: unknown - description: Represents the Hypervisor version - type: string - instances: - description: Represents the Hypervisor hosted Virtual Machines - items: - properties: - active: - description: Represents the instance state. - type: boolean - id: - description: Represents the instance ID (uuidv4). - type: string - name: - description: Represents the instance name. - type: string - required: - - active - - id - - name - type: object - type: array - internalIp: - description: InternalIP is the internal IP address of the hypervisor. - type: string - libVirtVersion: - default: unknown - description: Represents the LibVirt version. - type: string - numInstances: - default: 0 - description: Represent the num of instances - type: integer - operatingSystem: - description: Represents the Operating System status. - properties: - firmwareDate: - description: FirmwareDate - format: date-time - type: string - firmwareVendor: - description: FirmwareVendor - type: string - firmwareVersion: - description: FirmwareVersion - type: string - gardenLinuxCommitID: - description: Represents the Garden Linux build commit id - type: string - gardenLinuxFeatures: - description: Represents the Garden Linux Feature Set - items: - type: string - type: array - hardwareModel: - description: HardwareModel - type: string - hardwareSerial: - description: HardwareSerial - type: string - hardwareVendor: - description: HardwareVendor - type: string - kernelCommandLine: - description: KernelCommandLine contains the raw kernel boot parameters - from /proc/cmdline. - type: string - kernelName: - description: KernelName - type: string - kernelRelease: - description: KernelRelease - type: string - kernelVersion: - description: KernelVersion - type: string - prettyVersion: - description: PrettyVersion - type: string - variantID: - description: Identifying a specific variant or edition of the - operating system - type: string - version: - description: Represents the Operating System version. - type: string - type: object - serviceId: - description: ServiceID is the unique identifier of the compute service - in OpenStack. - type: string - specHash: - type: string - traits: - description: Traits are the applied traits of the hypervisor. - items: - type: string - type: array - updateStatus: - description: Represents the Hypervisor update status. - properties: - inProgress: - default: false - description: Represents a running Operating System update. - type: boolean - installed: - default: unknown - description: Represents the Operating System installed update - version. - type: string - retry: - default: 3 - description: Represents the number of retries. - type: integer - required: - - inProgress - - retry - type: object - required: - - numInstances - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/config/crd/bases/kvm.cloud.sap_evictions.yaml b/charts/openstack-hypervisor-operator/crds/kvm.cloud.sap_evictions.yaml similarity index 100% rename from config/crd/bases/kvm.cloud.sap_evictions.yaml rename to charts/openstack-hypervisor-operator/crds/kvm.cloud.sap_evictions.yaml diff --git a/config/crd/bases/kvm.cloud.sap_hypervisors.yaml b/charts/openstack-hypervisor-operator/crds/kvm.cloud.sap_hypervisors.yaml similarity index 100% rename from config/crd/bases/kvm.cloud.sap_hypervisors.yaml rename to charts/openstack-hypervisor-operator/crds/kvm.cloud.sap_hypervisors.yaml diff --git a/charts/openstack-hypervisor-operator/values.yaml b/charts/openstack-hypervisor-operator/values.yaml index 23a25831..30d99e5a 100644 --- a/charts/openstack-hypervisor-operator/values.yaml +++ b/charts/openstack-hypervisor-operator/values.yaml @@ -23,8 +23,7 @@ controllerManager: osUserDomainName: "" osUsername: "" image: - repository: keppel.eu-de-1.cloud.sap/ccloud/openstack-hypervisor-operator - tag: latest + repository: ghcr.io/cobaltcore-dev/openstack-hypervisor-operator resources: limits: cpu: 500m diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml deleted file mode 100644 index 8885525f..00000000 --- a/config/crd/kustomization.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# This kustomization.yaml is not intended to be run by itself, -# since it depends on service name and namespace that are out of this kustomize package. -# It should be run by config/default -resources: -- bases/kvm.cloud.sap_evictions.yaml -- bases/kvm.cloud.sap_hypervisors.yaml -# +kubebuilder:scaffold:crdkustomizeresource - -patches: -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. -# patches here are for enabling the conversion webhook for each CRD -# +kubebuilder:scaffold:crdkustomizewebhookpatch - -# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. -# patches here are for enabling the CA injection for each CRD -#- path: patches/cainjection_in_evictions.yaml -# +kubebuilder:scaffold:crdkustomizecainjectionpatch - -# [WEBHOOK] To enable webhook, uncomment the following section -# the following config is for teaching kustomize how to do kustomization for CRDs. - -#configurations: -#- kustomizeconfig.yaml diff --git a/config/crd/kustomizeconfig.yaml b/config/crd/kustomizeconfig.yaml deleted file mode 100644 index ec5c150a..00000000 --- a/config/crd/kustomizeconfig.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# This file is for teaching kustomize how to substitute name and namespace reference in CRD -nameReference: -- kind: Service - version: v1 - fieldSpecs: - - kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/name - -namespace: -- kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/namespace - create: false - -varReference: -- path: metadata/annotations diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml deleted file mode 100644 index c4e79fea..00000000 --- a/config/default/kustomization.yaml +++ /dev/null @@ -1,151 +0,0 @@ -# Adds namespace to all resources. -namespace: openstack-hypervisor-operator-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: openstack-hypervisor-operator- - -# Labels to add to all resources and selectors. -#labels: -#- includeSelectors: true -# pairs: -# someName: someValue - -resources: -- ../crd -- ../rbac -- ../manager -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- ../webhook -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -#- ../certmanager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus -# [METRICS] Expose the controller manager metrics service. -- metrics_service.yaml -# [NETWORK POLICY] Protect the /metrics endpoint and Webhook Server with NetworkPolicy. -# Only Pod(s) running a namespace labeled with 'metrics: enabled' will be able to gather the metrics. -# Only CR(s) which requires webhooks and are applied on namespaces labeled with 'webhooks: enabled' will -# be able to communicate with the Webhook Server. -#- ../network-policy - -# Uncomment the patches line if you enable Metrics, and/or are using webhooks and cert-manager -patches: -# [METRICS] The following patch will enable the metrics endpoint using HTTPS and the port :8443. -# More info: https://book.kubebuilder.io/reference/metrics -- path: manager_metrics_patch.yaml - target: - kind: Deployment - -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- path: manager_webhook_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -#- path: webhookcainjection_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -# Uncomment the following replacements to add the cert-manager CA injection annotations -#replacements: -# - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldPath: .metadata.namespace # namespace of the certificate CR -# targets: -# - select: -# kind: ValidatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 0 -# create: true -# - select: -# kind: MutatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 0 -# create: true -# - select: -# kind: CustomResourceDefinition -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 0 -# create: true -# - source: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldPath: .metadata.name -# targets: -# - select: -# kind: ValidatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 1 -# create: true -# - select: -# kind: MutatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 1 -# create: true -# - select: -# kind: CustomResourceDefinition -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 1 -# create: true -# - source: # Add cert-manager annotation to the webhook Service -# kind: Service -# version: v1 -# name: webhook-service -# fieldPath: .metadata.name # namespace of the service -# targets: -# - select: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# fieldPaths: -# - .spec.dnsNames.0 -# - .spec.dnsNames.1 -# options: -# delimiter: '.' -# index: 0 -# create: true -# - source: -# kind: Service -# version: v1 -# name: webhook-service -# fieldPath: .metadata.namespace # namespace of the service -# targets: -# - select: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# fieldPaths: -# - .spec.dnsNames.0 -# - .spec.dnsNames.1 -# options: -# delimiter: '.' -# index: 1 -# create: true diff --git a/config/default/manager_metrics_patch.yaml b/config/default/manager_metrics_patch.yaml deleted file mode 100644 index 2aaef653..00000000 --- a/config/default/manager_metrics_patch.yaml +++ /dev/null @@ -1,4 +0,0 @@ -# This patch adds the args to allow exposing the metrics endpoint using HTTPS -- op: add - path: /spec/template/spec/containers/0/args/0 - value: --metrics-bind-address=:8443 diff --git a/config/default/metrics_service.yaml b/config/default/metrics_service.yaml deleted file mode 100644 index 091828d5..00000000 --- a/config/default/metrics_service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - app.kubernetes.io/name: openstack-hypervisor-operator - app.kubernetes.io/managed-by: kustomize - name: controller-manager-metrics-service - namespace: system -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - control-plane: controller-manager diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml deleted file mode 100644 index 52b7bbe2..00000000 --- a/config/manager/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -images: -- name: controller - newName: ghcr.io/cobaltcore-dev/openstack-hypervisor-operator - newTag: "" -resources: -- manager.yaml -- secret.yaml diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml deleted file mode 100644 index 9b55a9c5..00000000 --- a/config/manager/manager.yaml +++ /dev/null @@ -1,113 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - app.kubernetes.io/name: openstack-hypervisor-operator - app.kubernetes.io/managed-by: kustomize - name: system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system - labels: - control-plane: controller-manager - app.kubernetes.io/name: openstack-hypervisor-operator - app.kubernetes.io/managed-by: kustomize -spec: - selector: - matchLabels: - control-plane: controller-manager - replicas: 1 - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: manager - labels: - control-plane: controller-manager - spec: - # TODO(user): Uncomment the following code to configure the nodeAffinity expression - # according to the platforms which are supported by your solution. - # It is considered best practice to support multiple architectures. You can - # build your manager image using the makefile target docker-buildx. - # affinity: - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: kubernetes.io/arch - # operator: In - # values: - # - amd64 - # - arm64 - # - ppc64le - # - s390x - # - key: kubernetes.io/os - # operator: In - # values: - # - linux - securityContext: - runAsNonRoot: true - # TODO(user): For common cases that do not require escalating privileges - # it is recommended to ensure that all your Pods/Containers are restrictive. - # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted - # Please uncomment the following code if your project does NOT have to work on old Kubernetes - # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). - # seccompProfile: - # type: RuntimeDefault - containers: - - args: - - --leader-elect - - --health-probe-bind-address=:8081 - - --certificate-namespace=$(CERTIFICATE_NAMESPACE) - - --certificate-issuer-name=$(CERTIFICATE_ISSUER_NAME) - - --label-selector=$(LABEL_SELECTOR) - env: - - name: OS_AUTH_URL - - name: OS_PROJECT_DOMAIN_NAME - - name: OS_PROJECT_NAME - - name: OS_REGION_NAME - - name: OS_USER_DOMAIN_NAME - - name: OS_USERNAME - - name: OS_PASSWORD - valueFrom: - secretKeyRef: - name: secret - key: SERVICE_PASSWORD - - name: CERTIFICATE_NAMESPACE - value: "monsoon3" - - name: CERTIFICATE_ISSUER_NAME - value: "nova-hypervisor-agents-ca-issuer" - - name: LABEL_SELECTOR - image: keppel.eu-de-1.cloud.sap/ccloud/openstack-hypervisor-operator:latest - name: manager - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - # TODO(user): Configure the resources accordingly based on the project requirements. - # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - serviceAccountName: controller-manager - terminationGracePeriodSeconds: 10 diff --git a/config/manager/secret.yaml b/config/manager/secret.yaml deleted file mode 100644 index 68725c41..00000000 --- a/config/manager/secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: secret -type: Opaque -stringData: - SERVICE_PASSWORD: "TOPSECRET" diff --git a/config/network-policy/allow-metrics-traffic.yaml b/config/network-policy/allow-metrics-traffic.yaml deleted file mode 100644 index add3ca5e..00000000 --- a/config/network-policy/allow-metrics-traffic.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# This NetworkPolicy allows ingress traffic -# with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those -# namespaces are able to gathering data from the metrics endpoint. -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/name: openstack-hypervisor-operator - app.kubernetes.io/managed-by: kustomize - name: allow-metrics-traffic - namespace: system -spec: - podSelector: - matchLabels: - control-plane: controller-manager - policyTypes: - - Ingress - ingress: - # This allows ingress traffic from any namespace with the label metrics: enabled - - from: - - namespaceSelector: - matchLabels: - metrics: enabled # Only from namespaces with this label - ports: - - port: 8443 - protocol: TCP diff --git a/config/network-policy/kustomization.yaml b/config/network-policy/kustomization.yaml deleted file mode 100644 index ec0fb5e5..00000000 --- a/config/network-policy/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- allow-metrics-traffic.yaml diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml deleted file mode 100644 index ed137168..00000000 --- a/config/prometheus/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml deleted file mode 100644 index 4d0b8c02..00000000 --- a/config/prometheus/monitor.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Prometheus Monitor Service (Metrics) -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - control-plane: controller-manager - app.kubernetes.io/name: openstack-hypervisor-operator - app.kubernetes.io/managed-by: kustomize - name: controller-manager-metrics-monitor - namespace: system -spec: - endpoints: - - path: /metrics - port: https # Ensure this is the name of the port that exposes HTTPS metrics - scheme: https - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - tlsConfig: - # TODO(user): The option insecureSkipVerify: true is not recommended for production since it disables - # certificate verification. This poses a significant security risk by making the system vulnerable to - # man-in-the-middle attacks, where an attacker could intercept and manipulate the communication between - # Prometheus and the monitored services. This could lead to unauthorized access to sensitive metrics data, - # compromising the integrity and confidentiality of the information. - # Please use the following options for secure configurations: - # caFile: /etc/metrics-certs/ca.crt - # certFile: /etc/metrics-certs/tls.crt - # keyFile: /etc/metrics-certs/tls.key - insecureSkipVerify: true - selector: - matchLabels: - control-plane: controller-manager diff --git a/config/rbac/eviction_editor_role.yaml b/config/rbac/eviction_editor_role.yaml deleted file mode 100644 index ebe75aeb..00000000 --- a/config/rbac/eviction_editor_role.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# permissions for end users to edit evictions. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: openstack-hypervisor-operator - app.kubernetes.io/managed-by: kustomize - name: eviction-editor-role -rules: -- apiGroups: - - kvm.cloud.sap - resources: - - evictions - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - kvm.cloud.sap - resources: - - evictions/status - verbs: - - get diff --git a/config/rbac/eviction_viewer_role.yaml b/config/rbac/eviction_viewer_role.yaml deleted file mode 100644 index 6c3e9106..00000000 --- a/config/rbac/eviction_viewer_role.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# permissions for end users to view evictions. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: openstack-hypervisor-operator - app.kubernetes.io/managed-by: kustomize - name: eviction-viewer-role -rules: -- apiGroups: - - kvm.cloud.sap - resources: - - evictions - verbs: - - get - - list - - watch -- apiGroups: - - kvm.cloud.sap - resources: - - evictions/status - verbs: - - get diff --git a/config/rbac/hypervisor_editor_role.yaml b/config/rbac/hypervisor_editor_role.yaml deleted file mode 100644 index 4aaf78fb..00000000 --- a/config/rbac/hypervisor_editor_role.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# permissions for end users to edit hypervisors. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: kvm-node-agent - app.kubernetes.io/managed-by: kustomize - name: hypervisor-editor-role -rules: -- apiGroups: - - kvm.cloud.sap - resources: - - hypervisors - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - kvm.cloud.sap - resources: - - hypervisors/status - verbs: - - get diff --git a/config/rbac/hypervisor_viewer_role.yaml b/config/rbac/hypervisor_viewer_role.yaml deleted file mode 100644 index b4335932..00000000 --- a/config/rbac/hypervisor_viewer_role.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# permissions for end users to view hypervisors. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: kvm-node-agent - app.kubernetes.io/managed-by: kustomize - name: hypervisor-viewer-role -rules: -- apiGroups: - - kvm.cloud.sap - resources: - - hypervisors - verbs: - - get - - list - - watch -- apiGroups: - - kvm.cloud.sap - resources: - - hypervisors/status - verbs: - - get diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml deleted file mode 100644 index 54f46baa..00000000 --- a/config/rbac/kustomization.yaml +++ /dev/null @@ -1,28 +0,0 @@ -resources: -# All RBAC will be applied under this service account in -# the deployment namespace. You may comment out this resource -# if your manager will use a service account that exists at -# runtime. Be sure to update RoleBinding and ClusterRoleBinding -# subjects if changing service account names. -- service_account.yaml -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# The following RBAC configurations are used to protect -# the metrics endpoint with authn/authz. These configurations -# ensure that only authorized users and service accounts -# can access the metrics endpoint. Comment the following -# permissions if you want to disable this protection. -# More info: https://book.kubebuilder.io/reference/metrics.html -- metrics_auth_role.yaml -- metrics_auth_role_binding.yaml -- metrics_reader_role.yaml -# For each CRD, "Editor" and "Viewer" roles are scaffolded by -# default, aiding admins in cluster management. Those roles are -# not used by the Project itself. You can comment the following lines -# if you do not want those helpers be installed with your Project. -- eviction_editor_role.yaml -- eviction_viewer_role.yaml -- hypervisor_editor_role.yaml -- hypervisor_viewer_role.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml deleted file mode 100644 index 0a9cd6f5..00000000 --- a/config/rbac/leader_election_role.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/name: openstack-hypervisor-operator - app.kubernetes.io/managed-by: kustomize - name: leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml deleted file mode 100644 index de1d92b6..00000000 --- a/config/rbac/leader_election_role_binding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/name: openstack-hypervisor-operator - app.kubernetes.io/managed-by: kustomize - name: leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: leader-election-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/config/rbac/metrics_auth_role.yaml b/config/rbac/metrics_auth_role.yaml deleted file mode 100644 index 32d2e4ec..00000000 --- a/config/rbac/metrics_auth_role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: metrics-auth-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create diff --git a/config/rbac/metrics_auth_role_binding.yaml b/config/rbac/metrics_auth_role_binding.yaml deleted file mode 100644 index e775d67f..00000000 --- a/config/rbac/metrics_auth_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: metrics-auth-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: metrics-auth-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/config/rbac/metrics_reader_role.yaml b/config/rbac/metrics_reader_role.yaml deleted file mode 100644 index 51a75db4..00000000 --- a/config/rbac/metrics_reader_role.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: metrics-reader -rules: -- nonResourceURLs: - - "/metrics" - verbs: - - get diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml deleted file mode 100644 index a95e4d69..00000000 --- a/config/rbac/role_binding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: openstack-hypervisor-operator - app.kubernetes.io/managed-by: kustomize - name: manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: manager-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml deleted file mode 100644 index 2daf9239..00000000 --- a/config/rbac/service_account.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: openstack-hypervisor-operator - app.kubernetes.io/managed-by: kustomize - name: controller-manager - namespace: system diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml deleted file mode 100644 index 1ca99e17..00000000 --- a/config/samples/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -## Append samples of your project ## -resources: -- kvm_v1_eviction.yaml -# +kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/samples/kvm_v1_eviction.yaml b/config/samples/kvm_v1_eviction.yaml deleted file mode 100644 index 2342d43f..00000000 --- a/config/samples/kvm_v1_eviction.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kvm.cloud.sap/v1 -kind: Eviction -metadata: - labels: - app.kubernetes.io/name: openstack-hypervisor-operator - app.kubernetes.io/managed-by: kustomize - name: eviction-sample -spec: - hypervisor: node007-bb273 - reason: "sample reason" diff --git a/internal/controller/suite_test.go b/internal/controller/suite_test.go index 9e039bf9..a6e70c14 100644 --- a/internal/controller/suite_test.go +++ b/internal/controller/suite_test.go @@ -55,7 +55,7 @@ var _ = BeforeSuite(func() { By("bootstrapping test environment") testEnv = &envtest.Environment{ - CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")}, + CRDDirectoryPaths: []string{filepath.Join("..", "..", "charts", "openstack-hypervisor-operator", "crds")}, ErrorIfCRDPathMissing: true, // The BinaryAssetsDirectory is only required if you want to run the tests directly