From 913cfdbd5ab217f9e9c0552f8134944babc82972 Mon Sep 17 00:00:00 2001 From: Andrew Karpow Date: Mon, 16 Mar 2026 15:06:56 -0400 Subject: [PATCH] Remove helmify / kustomize, switch to helm-chart only. This PR removes the helmify step and removes kustomize as an option to render the manager/rbacs/crd. Helmify took a lot of work creating a helm-chart based on the boilerplate generated by kubebuilder. But ultimatively, it imposes too many constraints to the outcome of the helm-chart and makes it hard to implement custom renditions (like using .AppVersion as a image tag). Thus this PR is removing the kustomize files, leaving only the generated CRDs in the config directory (which don't need any templating) and symlinks it to the helm chart. --- .../workflows/container-registry-ghcr.yaml | 4 +- .pre-commit-config.yaml | 10 - Makefile | 2 +- Makefile.maker.yaml | 8 +- .../crds}/kvm.cloud.sap_migrations.yaml | 0 charts/kvm-node-agent/crds/migration-crd.yaml | 156 ----- charts/kvm-node-agent/values.yaml | 1 - .../crd/bases/kvm.cloud.sap_hypervisors.yaml | 621 ------------------ config/crd/kustomization.yaml | 23 - config/crd/kustomizeconfig.yaml | 19 - config/default/kustomization.yaml | 146 ---- config/default/manager_metrics_patch.yaml | 4 - config/default/metrics_service.yaml | 17 - config/manager/kustomization.yaml | 30 - config/manager/manager.yaml | 160 ----- .../manager/manager_node_selector_patch.yaml | 15 - config/prometheus/kustomization.yaml | 2 - config/prometheus/monitor.yaml | 30 - config/rbac/hypervisor_editor_role.yaml | 27 - config/rbac/hypervisor_viewer_role.yaml | 23 - config/rbac/kustomization.yaml | 28 - config/rbac/leader_election_role.yaml | 40 -- config/rbac/leader_election_role_binding.yaml | 15 - config/rbac/metrics_auth_role.yaml | 17 - config/rbac/metrics_auth_role_binding.yaml | 12 - config/rbac/metrics_reader_role.yaml | 9 - config/rbac/migration_editor_role.yaml | 27 - config/rbac/migration_viewer_role.yaml | 23 - config/rbac/role_binding.yaml | 15 - config/rbac/service_account.yaml | 8 - config/samples/kustomization.yaml | 5 - config/samples/kvm_v1alpha1_hypervisor.yaml | 9 - config/samples/kvm_v1alpha1_migration.yaml | 9 - go.sum | 2 - internal/controller/suite_test.go | 3 +- internal/evacuation/suite_test.go | 2 +- 36 files changed, 7 insertions(+), 1515 deletions(-) rename {config/crd/bases => charts/kvm-node-agent/crds}/kvm.cloud.sap_migrations.yaml (100%) delete mode 100644 charts/kvm-node-agent/crds/migration-crd.yaml delete mode 100644 config/crd/bases/kvm.cloud.sap_hypervisors.yaml delete mode 100644 config/crd/kustomization.yaml delete mode 100644 config/crd/kustomizeconfig.yaml delete mode 100644 config/default/kustomization.yaml delete mode 100644 config/default/manager_metrics_patch.yaml delete mode 100644 config/default/metrics_service.yaml delete mode 100644 config/manager/kustomization.yaml delete mode 100644 config/manager/manager.yaml delete mode 100644 config/manager/manager_node_selector_patch.yaml delete mode 100644 config/prometheus/kustomization.yaml delete mode 100644 config/prometheus/monitor.yaml delete mode 100644 config/rbac/hypervisor_editor_role.yaml delete mode 100644 config/rbac/hypervisor_viewer_role.yaml delete mode 100644 config/rbac/kustomization.yaml delete mode 100644 config/rbac/leader_election_role.yaml delete mode 100644 config/rbac/leader_election_role_binding.yaml delete mode 100644 config/rbac/metrics_auth_role.yaml delete mode 100644 config/rbac/metrics_auth_role_binding.yaml delete mode 100644 config/rbac/metrics_reader_role.yaml delete mode 100644 config/rbac/migration_editor_role.yaml delete mode 100644 config/rbac/migration_viewer_role.yaml delete mode 100644 config/rbac/role_binding.yaml delete mode 100644 config/rbac/service_account.yaml delete mode 100644 config/samples/kustomization.yaml delete mode 100644 config/samples/kvm_v1alpha1_hypervisor.yaml delete mode 100644 config/samples/kvm_v1alpha1_migration.yaml diff --git a/.github/workflows/container-registry-ghcr.yaml b/.github/workflows/container-registry-ghcr.yaml index 1766952..af48b48 100644 --- a/.github/workflows/container-registry-ghcr.yaml +++ b/.github/workflows/container-registry-ghcr.yaml @@ -30,7 +30,7 @@ jobs: username: ${{ github.actor }} - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 with: images: ghcr.io/${{ github.repository }} tags: | @@ -45,7 +45,7 @@ jobs: # https://github.com/docker/metadata-action#typesha type=sha,format=long - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v4 - name: Build and push Docker image diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 45cc23c..d6fbd7d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -31,13 +31,3 @@ repos: entry: sh -c "gmake check || make check" language: system pass_filenames: false - - id: helmify - name: helmify - entry: sh -c "gmake helmify || make helmify" - language: system - pass_filenames: false - - id: go-build - name: go build - entry: sh -c "gmake build-all || make build-all" - language: system - pass_filenames: false diff --git a/Makefile b/Makefile index be909db..7f78a4b 100644 --- a/Makefile +++ b/Makefile @@ -125,7 +125,7 @@ check: FORCE static-check build/cover.html build-all generate: install-controller-gen @printf "\e[1;36m>> controller-gen\e[0m\n" - @controller-gen crd rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases + @controller-gen crd rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=charts/kvm-node-agent/crds @controller-gen object:headerFile="hack/boilerplate.go.txt" paths="./..." @controller-gen applyconfiguration paths="./..." diff --git a/Makefile.maker.yaml b/Makefile.maker.yaml index e9de797..74233bf 100644 --- a/Makefile.maker.yaml +++ b/Makefile.maker.yaml @@ -7,7 +7,7 @@ binaries: controllerGen: enabled: true - crdOutputPath: config/crd/bases + crdOutputPath: charts/kvm-node-agent/crds objectHeaderFile: hack/boilerplate.go.txt rbacRoleName: manager-role @@ -81,8 +81,4 @@ verbatim: | .PHONY: install-crds install-crds: generate ## Install CRDs into the K8s cluster specified in ~/.kube/config. - kubectl kustomize config/crd | kubectl apply -f - - - .PHONY: helmify - helmify: - kubectl kustomize config/default | helmify -crd-dir charts/kvm-node-agent + kubectl apply -f config/crd/*.yaml diff --git a/config/crd/bases/kvm.cloud.sap_migrations.yaml b/charts/kvm-node-agent/crds/kvm.cloud.sap_migrations.yaml similarity index 100% rename from config/crd/bases/kvm.cloud.sap_migrations.yaml rename to charts/kvm-node-agent/crds/kvm.cloud.sap_migrations.yaml diff --git a/charts/kvm-node-agent/crds/migration-crd.yaml b/charts/kvm-node-agent/crds/migration-crd.yaml deleted file mode 100644 index 66eb2d7..0000000 --- a/charts/kvm-node-agent/crds/migration-crd.yaml +++ /dev/null @@ -1,156 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - name: migrations.kvm.cloud.sap -spec: - group: kvm.cloud.sap - names: - kind: Migration - listKind: MigrationList - plural: migrations - singular: migration - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.origin - name: Origin - type: string - - jsonPath: .status.destination - name: Destination - type: string - - jsonPath: .status.type - name: Type - type: string - - jsonPath: .status.operation - name: Operation - type: string - - jsonPath: .status.started - name: Started - type: date - - jsonPath: .status.timeElapsed - name: Elapsed - type: string - - jsonPath: .status.dataTotal - name: Data Total - type: string - - jsonPath: .status.dataProcessed - name: Data Processed - type: string - - jsonPath: .status.dataRemaining - name: Data Remaining - type: string - - jsonPath: .status.memBps - name: Memory TX - type: string - - jsonPath: .status.memDirtyRate - name: Memory Dirty Rate - type: string - - jsonPath: .status.memIteration - name: Memory Iteration - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Migration is the Schema for the migrations API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MigrationSpec defines the desired state of Migration. - type: object - status: - description: MigrationStatus defines the observed state of Migration. - properties: - autoConvergeThrottle: - type: string - dataProcessed: - type: string - dataRemaining: - type: string - dataTotal: - type: string - destination: - type: string - diskBps: - type: string - diskProcessed: - type: string - diskRemaining: - type: string - diskTotal: - type: string - downtime: - type: string - errMsg: - type: string - memBps: - type: string - memConstant: - format: int64 - type: integer - memDirtyRate: - type: string - memIteration: - format: int64 - type: integer - memNormal: - format: int64 - type: integer - memNormalBytes: - type: string - memPageSize: - type: string - memPostcopyRequests: - format: int64 - type: integer - memProcessed: - type: string - memRemaining: - type: string - memTotal: - type: string - operation: - type: string - origin: - type: string - setupTime: - type: string - started: - format: date-time - type: string - timeElapsed: - type: string - timeRemaining: - type: string - type: - type: string - required: - - started - type: object - required: - - metadata - - spec - - status - type: object - served: true - storage: true - subresources: - status: {} - diff --git a/charts/kvm-node-agent/values.yaml b/charts/kvm-node-agent/values.yaml index 4c7a130..312cf03 100644 --- a/charts/kvm-node-agent/values.yaml +++ b/charts/kvm-node-agent/values.yaml @@ -20,7 +20,6 @@ controllerManager: pkiPath: /pki image: repository: ghcr.io/cobaltcore-dev/kvm-node-agent - tag: latest resources: limits: cpu: 500m diff --git a/config/crd/bases/kvm.cloud.sap_hypervisors.yaml b/config/crd/bases/kvm.cloud.sap_hypervisors.yaml deleted file mode 100644 index b479fc6..0000000 --- a/config/crd/bases/kvm.cloud.sap_hypervisors.yaml +++ /dev/null @@ -1,621 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - name: hypervisors.kvm.cloud.sap -spec: - group: kvm.cloud.sap - names: - kind: Hypervisor - listKind: HypervisorList - plural: hypervisors - shortNames: - - hv - singular: hypervisor - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.labels.topology\.kubernetes\.io/zone - name: Zone - priority: 2 - type: string - - jsonPath: .metadata.labels.kubernetes\.metal\.cloud\.sap/bb - name: Building Block - priority: 2 - type: string - - jsonPath: .metadata.labels.worker\.garden\.sapcloud\.io/group - name: Group - priority: 2 - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].reason - name: State - type: string - - jsonPath: .status.conditions[?(@.type=="Tainted")].message - name: Taint - type: string - - jsonPath: .spec.lifecycleEnabled - name: Lifecycle - type: boolean - - jsonPath: .spec.highAvailability - name: High Availability - type: boolean - - jsonPath: .spec.skipTests - name: Skip Tests - type: boolean - - jsonPath: .status.operatingSystem.prettyVersion - name: Version - type: string - - jsonPath: .status.internalIp - name: IP - type: string - - jsonPath: .status.numInstances - name: Instances - type: integer - - jsonPath: .status.operatingSystem.hardwareModel - name: Hardware - priority: 2 - type: string - - jsonPath: .status.operatingSystem.kernelRelease - name: Kernel - priority: 2 - type: string - - jsonPath: .status.conditions[?(@.type=="Onboarding")].reason - name: Onboarding - priority: 3 - type: string - - jsonPath: .status.serviceId - name: Service ID - priority: 3 - type: string - - jsonPath: .status.hypervisorId - name: Hypervisor ID - priority: 3 - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: Hypervisor is the Schema for the hypervisors API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: HypervisorSpec defines the desired state of Hypervisor - properties: - aggregates: - default: [] - description: Aggregates are used to apply aggregates to the hypervisor. - items: - type: string - type: array - allowedProjects: - default: [] - description: |- - AllowedProjects defines which openstack projects are allowed to schedule - instances on this hypervisor. The values of this list should be project - uuids. If left empty, all projects are allowed. - items: - type: string - type: array - createCertManagerCertificate: - default: false - description: |- - Require to issue a certificate from cert-manager for the hypervisor, to be used for - secure communication with the libvirt API. - type: boolean - customTraits: - default: [] - description: CustomTraits are used to apply custom traits to the hypervisor. - items: - type: string - type: array - evacuateOnReboot: - default: true - description: EvacuateOnReboot request an evacuation of all instances - before reboot. - type: boolean - highAvailability: - default: true - description: HighAvailability is used to enable the high availability - handling of the hypervisor. - type: boolean - installCertificate: - default: true - description: InstallCertificate is used to enable the installations - of the certificates via kvm-node-agent. - type: boolean - lifecycleEnabled: - default: true - description: LifecycleEnabled enables the lifecycle management of - the hypervisor via hypervisor-operator. - type: boolean - maintenance: - description: Maintenance indicates whether the hypervisor is in maintenance - mode. - enum: - - "" - - manual - - auto - - ha - - termination - type: string - maintenanceReason: - description: MaintenanceReason provides the reason for manual maintenance - mode. - type: string - overcommit: - additionalProperties: - type: number - description: |- - Overcommit specifies the desired overcommit ratio by resource type. - - If no overcommit is specified for a resource type, the default overcommit - ratio of 1.0 should be applied, i.e. the effective capacity is the same - as the actual capacity. - - If the overcommit ratio results in a fractional effective capacity, - the effective capacity is expected to be rounded down. This allows - gradually adjusting the hypervisor capacity. - - It is validated that all overcommit ratios are greater than or equal to - 1.0, if specified. For this we don't need extra validating webhooks. - See: https://kubernetes.io/blog/2022/09/23/crd-validation-rules-beta/#crd-transition-rules - type: object - x-kubernetes-validations: - - message: overcommit ratios must be >= 1.0 - rule: self.all(k, self[k] >= 1.0) - reboot: - default: false - description: Reboot request an reboot after successful installation - of an upgrade. - type: boolean - skipTests: - default: false - description: SkipTests skips the tests during the onboarding process. - type: boolean - version: - description: OperatingSystemVersion represents the desired operating - system version. - type: string - required: - - aggregates - - allowedProjects - - createCertManagerCertificate - - customTraits - - evacuateOnReboot - - highAvailability - - installCertificate - - lifecycleEnabled - - reboot - - skipTests - type: object - x-kubernetes-validations: - - message: spec is immutable when maintenance is 'termination'; can only - change maintenance to 'ha' - rule: '!has(oldSelf.maintenance) || oldSelf.maintenance != ''termination'' - || self.maintenance == ''ha'' || self == oldSelf' - - message: maintenanceReason must be non-empty when maintenance is 'manual' - rule: '!has(self.maintenance) || self.maintenance != ''manual'' || (has(self.maintenanceReason) - && self.maintenanceReason.size() > 0)' - status: - description: HypervisorStatus defines the observed state of Hypervisor - properties: - aggregates: - description: Aggregates are the applied aggregates of the hypervisor - with their names and UUIDs. - items: - description: Aggregate represents an OpenStack aggregate with its - name and UUID. - properties: - name: - description: Name is the name of the aggregate. - type: string - uuid: - description: UUID is the unique identifier of the aggregate. - type: string - required: - - name - - uuid - type: object - type: array - allocation: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Auto-discovered resource allocation of all hosted VMs. - type: object - capabilities: - description: Auto-discovered capabilities as reported by libvirt. - properties: - cpuArch: - default: unknown - description: The hosts CPU architecture (not the guests). - type: string - cpus: - anyOf: - - type: integer - - type: string - description: Total host cpus available as a sum of cpus over all - numa cells. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - memory: - anyOf: - - type: integer - - type: string - description: Total host memory available as a sum of memory over - all numa cells. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Auto-discovered capacity of the hypervisor. - - Note that this capacity does not include the applied overcommit ratios, - and represents the actual capacity of the hypervisor. Use the - effective capacity field to get the capacity considering the applied - overcommit ratios. - type: object - cells: - description: Auto-discovered cells on this hypervisor. - items: - description: Cell represents a NUMA cell on the hypervisor. - properties: - allocation: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Auto-discovered resource allocation of all hosted - VMs in this cell. - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Auto-discovered capacity of this cell. - - Note that this capacity does not include the applied overcommit ratios, - and represents the actual capacity of the cell. Use the effective capacity - field to get the capacity considering the applied overcommit ratios. - type: object - cellID: - description: Cell ID. - format: int64 - type: integer - effectiveCapacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Auto-discovered capacity of this cell, considering the - applied overcommit ratios. - - In case no overcommit ratio is specified for a resource type, the default - overcommit ratio of 1 should be applied, meaning the effective capacity - is the same as the actual capacity. - - If the overcommit ratio results in a fractional effective capacity, the - effective capacity is expected to be rounded down. - type: object - required: - - cellID - type: object - type: array - conditions: - description: Represents the Hypervisor node conditions. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - domainCapabilities: - description: |- - Auto-discovered domain capabilities relevant to check if a VM - can be scheduled on the hypervisor. - properties: - arch: - default: unknown - description: The available domain cpu architecture. - type: string - hypervisorType: - default: unknown - description: The supported type of virtualization for domains, - such as "ch". - type: string - supportedCpuModes: - default: [] - description: |- - Supported cpu modes for domains. - - The format of this list is cpu mode, and if specified, a specific - submode. For example, the take the following xml domain cpu definition: - - - - - - The corresponding entries in this list would be "host-passthrough" and - "host-passthrough/migratable". - items: - type: string - type: array - supportedDevices: - default: [] - description: |- - Supported devices for domains. - - The format of this list is the device type, and if specified, a specific - model. For example, the take the following xml domain device definition: - - - - The corresponding entries in this list would be "video" and "video/nvidia". - items: - type: string - type: array - supportedFeatures: - default: [] - description: |- - Supported features for domains, such as "sev" or "sgx". - - This is a flat list of supported features, meaning the following xml: - - - - - - - Would correspond to the entries "sev" and "sgx" in this list. - items: - type: string - type: array - type: object - effectiveCapacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Auto-discovered capacity of the hypervisor, considering the - applied overcommit ratios. - - In case no overcommit ratio is specified for a resource type, the default - overcommit ratio of 1 should be applied, meaning the effective capacity - is the same as the actual capacity. - - If the overcommit ratio results in a fractional effective capacity, the - effective capacity is expected to be rounded down. - type: object - evicted: - description: Evicted indicates whether the hypervisor is evicted. - (no instances left with active maintenance mode) - type: boolean - hypervisorId: - description: HypervisorID is the unique identifier of the hypervisor - in OpenStack. - type: string - hypervisorVersion: - default: unknown - description: Represents the Hypervisor version - type: string - instances: - description: Represents the Hypervisor hosted Virtual Machines - items: - properties: - active: - description: Represents the instance state. - type: boolean - id: - description: Represents the instance ID (uuidv4). - type: string - name: - description: Represents the instance name. - type: string - required: - - active - - id - - name - type: object - type: array - internalIp: - description: InternalIP is the internal IP address of the hypervisor. - type: string - libVirtVersion: - default: unknown - description: Represents the LibVirt version. - type: string - numInstances: - default: 0 - description: Represent the num of instances - type: integer - operatingSystem: - description: Represents the Operating System status. - properties: - firmwareDate: - description: FirmwareDate - format: date-time - type: string - firmwareVendor: - description: FirmwareVendor - type: string - firmwareVersion: - description: FirmwareVersion - type: string - gardenLinuxCommitID: - description: Represents the Garden Linux build commit id - type: string - gardenLinuxFeatures: - description: Represents the Garden Linux Feature Set - items: - type: string - type: array - hardwareModel: - description: HardwareModel - type: string - hardwareSerial: - description: HardwareSerial - type: string - hardwareVendor: - description: HardwareVendor - type: string - kernelCommandLine: - description: KernelCommandLine contains the raw kernel boot parameters - from /proc/cmdline. - type: string - kernelName: - description: KernelName - type: string - kernelRelease: - description: KernelRelease - type: string - kernelVersion: - description: KernelVersion - type: string - prettyVersion: - description: PrettyVersion - type: string - variantID: - description: Identifying a specific variant or edition of the - operating system - type: string - version: - description: Represents the Operating System version. - type: string - type: object - serviceId: - description: ServiceID is the unique identifier of the compute service - in OpenStack. - type: string - specHash: - type: string - traits: - description: Traits are the applied traits of the hypervisor. - items: - type: string - type: array - updateStatus: - description: Represents the Hypervisor update status. - properties: - inProgress: - default: false - description: Represents a running Operating System update. - type: boolean - installed: - default: unknown - description: Represents the Operating System installed update - version. - type: string - retry: - default: 3 - description: Represents the number of retries. - type: integer - required: - - inProgress - - retry - type: object - required: - - numInstances - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml deleted file mode 100644 index fe82363..0000000 --- a/config/crd/kustomization.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# This kustomization.yaml is not intended to be run by itself, -# since it depends on service name and namespace that are out of this kustomize package. -# It should be run by config/default -resources: -- bases/kvm.cloud.sap_hypervisors.yaml -- bases/kvm.cloud.sap_migrations.yaml -# +kubebuilder:scaffold:crdkustomizeresource - -patches: -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. -# patches here are for enabling the conversion webhook for each CRD -# +kubebuilder:scaffold:crdkustomizewebhookpatch - -# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. -# patches here are for enabling the CA injection for each CRD -#- path: patches/cainjection_in_hypervisors.yaml -# +kubebuilder:scaffold:crdkustomizecainjectionpatch - -# [WEBHOOK] To enable webhook, uncomment the following section -# the following config is for teaching kustomize how to do kustomization for CRDs. - -#configurations: -#- kustomizeconfig.yaml diff --git a/config/crd/kustomizeconfig.yaml b/config/crd/kustomizeconfig.yaml deleted file mode 100644 index ec5c150..0000000 --- a/config/crd/kustomizeconfig.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# This file is for teaching kustomize how to substitute name and namespace reference in CRD -nameReference: -- kind: Service - version: v1 - fieldSpecs: - - kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/name - -namespace: -- kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/namespace - create: false - -varReference: -- path: metadata/annotations diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml deleted file mode 100644 index 08e7e55..0000000 --- a/config/default/kustomization.yaml +++ /dev/null @@ -1,146 +0,0 @@ -# Adds namespace to all resources. -namespace: monsoon3 - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: kvm-node-agent- - -# Labels to add to all resources and selectors. -#labels: -#- includeSelectors: true -# pairs: -# someName: someValue - -resources: -- ../crd -- ../rbac -- ../manager -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- ../webhook -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -#- ../certmanager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus -# [METRICS] Expose the controller manager metrics service. -- metrics_service.yaml - -# Uncomment the patches line if you enable Metrics, and/or are using webhooks and cert-manager -patches: -# [METRICS] The following patch will enable the metrics endpoint using HTTPS and the port :8443. -# More info: https://book.kubebuilder.io/reference/metrics -- path: manager_metrics_patch.yaml - target: - kind: Deployment - -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- path: manager_webhook_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -#- path: webhookcainjection_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -# Uncomment the following replacements to add the cert-manager CA injection annotations -#replacements: -# - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldPath: .metadata.namespace # namespace of the certificate CR -# targets: -# - select: -# kind: ValidatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 0 -# create: true -# - select: -# kind: MutatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 0 -# create: true -# - select: -# kind: CustomResourceDefinition -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 0 -# create: true -# - source: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldPath: .metadata.name -# targets: -# - select: -# kind: ValidatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 1 -# create: true -# - select: -# kind: MutatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 1 -# create: true -# - select: -# kind: CustomResourceDefinition -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 1 -# create: true -# - source: # Add cert-manager annotation to the webhook Service -# kind: Service -# version: v1 -# name: webhook-service -# fieldPath: .metadata.name # namespace of the service -# targets: -# - select: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# fieldPaths: -# - .spec.dnsNames.0 -# - .spec.dnsNames.1 -# options: -# delimiter: '.' -# index: 0 -# create: true -# - source: -# kind: Service -# version: v1 -# name: webhook-service -# fieldPath: .metadata.namespace # namespace of the service -# targets: -# - select: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# fieldPaths: -# - .spec.dnsNames.0 -# - .spec.dnsNames.1 -# options: -# delimiter: '.' -# index: 1 -# create: true diff --git a/config/default/manager_metrics_patch.yaml b/config/default/manager_metrics_patch.yaml deleted file mode 100644 index 2aaef65..0000000 --- a/config/default/manager_metrics_patch.yaml +++ /dev/null @@ -1,4 +0,0 @@ -# This patch adds the args to allow exposing the metrics endpoint using HTTPS -- op: add - path: /spec/template/spec/containers/0/args/0 - value: --metrics-bind-address=:8443 diff --git a/config/default/metrics_service.yaml b/config/default/metrics_service.yaml deleted file mode 100644 index 416738e..0000000 --- a/config/default/metrics_service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - app.kubernetes.io/name: kvm-node-agent - app.kubernetes.io/managed-by: kustomize - name: controller-manager-metrics-service - namespace: system -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - control-plane: controller-manager diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml deleted file mode 100644 index 1d19c67..0000000 --- a/config/manager/kustomization.yaml +++ /dev/null @@ -1,30 +0,0 @@ -resources: -- manager.yaml -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -images: -- name: controller - newName: ghcr.io/cobaltcore-dev/kvm-node-agent - newTag: latest -patches: -- path: manager_node_selector_patch.yaml - target: - kind: DaemonSet -- patch: |- - - op: add - path: "/spec/template/spec/containers/0/env/-" - value: - name: NODE_LABEL - valueFrom: - fieldRef: - fieldPath: "{{ .Values.controllerManager.manager.env.nodeLabelFieldPath }}" - - op: add - path: "/spec/template/spec/tolerations" - value: - - key: "node.gardener.cloud/critical-components-not-ready" - operator: "Exists" - effect: "NoSchedule" - target: - kind: DaemonSet - name: controller-manager - namespace: system diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml deleted file mode 100644 index 6d86e03..0000000 --- a/config/manager/manager.yaml +++ /dev/null @@ -1,160 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - app.kubernetes.io/name: kvm-node-agent - app.kubernetes.io/managed-by: kustomize - name: system ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: controller-manager - namespace: system - labels: - control-plane: controller-manager - app.kubernetes.io/name: kvm-node-agent - app.kubernetes.io/managed-by: kustomize -spec: - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 0 - maxSurge: 1 - selector: - matchLabels: - control-plane: controller-manager - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: manager - labels: - control-plane: controller-manager - spec: - # TODO(user): Uncomment the following code to configure the nodeAffinity expression - # according to the platforms which are supported by your solution. - # It is considered best practice to support multiple architectures. You can - # build your manager image using the makefile target docker-buildx. - # affinity: - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: kubernetes.io/arch - # operator: In - # values: - # - amd64 - # - arm64 - # - ppc64le - # - s390x - # - key: kubernetes.io/os - # operator: In - # values: - # - linux - securityContext: - # runAsNonRoot: true - supplementalGroups: - - 108 # libvirt group - initContainers: - - name: create-pki-dirs - securityContext: - runAsUser: 0 - image: busybox:1.37 - command: ['sh', '-c', 'cd /host && for i in etc/pki/CA etc/pki/libvirt etc/pki/qemu var/lib/libvirt/ch/pki; do if [ -L ${i} ]; then rm ${i}; fi; done && mkdir -p etc/pki/CA etc/pki/libvirt etc/pki/qemu var/lib/libvirt/ch/pki && chown 42438:42438 etc/pki/CA etc/pki/libvirt etc/pki/qemu var/lib/libvirt/ch/pki && chmod 0755 etc/pki/CA etc/pki/libvirt etc/pki/qemu var/lib/libvirt/ch/pki'] - volumeMounts: - - mountPath: /host - name: host - containers: - - args: - - --health-probe-bind-address=:8081 - env: - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: PKI_PATH - value: /pki - - name: HOST_IP_ADDRESS - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISSUER_NAME - value: kvm-node-agent-ca-issuer - - name: DISABLE_CREATE_CERT_MANAGER_CERTIFICATE - value: "true" - - name: LIBVIRT_DEFAULT_URI - value: "ch:///system" - image: controller:latest - name: manager - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - # TODO(user): Configure the resources accordingly based on the project requirements. - # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - volumeMounts: - - mountPath: /run/libvirt - name: run-libvirt - readOnly: true - - mountPath: /var/run/dbus/system_bus_socket - name: systemd-sock - readOnly: true - - mountPath: /pki/CA - name: pki-ca - - mountPath: /pki/libvirt - name: pki-libvirt - - mountPath: /pki/qemu - name: pki-qemu - - mountPath: /pki/ch - name: pki-ch - serviceAccountName: controller-manager - terminationGracePeriodSeconds: 10 - volumes: - - name: run-libvirt - hostPath: - path: /run/libvirt - type: Directory - - name: systemd-sock - hostPath: - path: /run/dbus/system_bus_socket - type: Socket - - name: pki-ca - hostPath: - path: /etc/pki/CA - type: DirectoryOrCreate - - name: pki-libvirt - hostPath: - path: /etc/pki/libvirt - type: DirectoryOrCreate - - name: pki-qemu - hostPath: - path: /etc/pki/qemu - type: DirectoryOrCreate - - name: pki-ch - hostPath: - path: /var/lib/libvirt/ch/pki - type: DirectoryOrCreate - - name: host - hostPath: - path: / diff --git a/config/manager/manager_node_selector_patch.yaml b/config/manager/manager_node_selector_patch.yaml deleted file mode 100644 index 3d7b8a8..0000000 --- a/config/manager/manager_node_selector_patch.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: nova.openstack.cloud.sap/virt-driver - operator: Exists diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml deleted file mode 100644 index ed13716..0000000 --- a/config/prometheus/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml deleted file mode 100644 index b5e761f..0000000 --- a/config/prometheus/monitor.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Prometheus Monitor Service (Metrics) -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - control-plane: controller-manager - app.kubernetes.io/name: kvm-node-agent - app.kubernetes.io/managed-by: kustomize - name: controller-manager-metrics-monitor - namespace: system -spec: - endpoints: - - path: /metrics - port: https # Ensure this is the name of the port that exposes HTTPS metrics - scheme: https - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - tlsConfig: - # TODO(user): The option insecureSkipVerify: true is not recommended for production since it disables - # certificate verification. This poses a significant security risk by making the system vulnerable to - # man-in-the-middle attacks, where an attacker could intercept and manipulate the communication between - # Prometheus and the monitored services. This could lead to unauthorized access to sensitive metrics data, - # compromising the integrity and confidentiality of the information. - # Please use the following options for secure configurations: - # caFile: /etc/metrics-certs/ca.crt - # certFile: /etc/metrics-certs/tls.crt - # keyFile: /etc/metrics-certs/tls.key - insecureSkipVerify: true - selector: - matchLabels: - control-plane: controller-manager diff --git a/config/rbac/hypervisor_editor_role.yaml b/config/rbac/hypervisor_editor_role.yaml deleted file mode 100644 index 4aaf78f..0000000 --- a/config/rbac/hypervisor_editor_role.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# permissions for end users to edit hypervisors. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: kvm-node-agent - app.kubernetes.io/managed-by: kustomize - name: hypervisor-editor-role -rules: -- apiGroups: - - kvm.cloud.sap - resources: - - hypervisors - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - kvm.cloud.sap - resources: - - hypervisors/status - verbs: - - get diff --git a/config/rbac/hypervisor_viewer_role.yaml b/config/rbac/hypervisor_viewer_role.yaml deleted file mode 100644 index b433593..0000000 --- a/config/rbac/hypervisor_viewer_role.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# permissions for end users to view hypervisors. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: kvm-node-agent - app.kubernetes.io/managed-by: kustomize - name: hypervisor-viewer-role -rules: -- apiGroups: - - kvm.cloud.sap - resources: - - hypervisors - verbs: - - get - - list - - watch -- apiGroups: - - kvm.cloud.sap - resources: - - hypervisors/status - verbs: - - get diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml deleted file mode 100644 index e733439..0000000 --- a/config/rbac/kustomization.yaml +++ /dev/null @@ -1,28 +0,0 @@ -resources: -# All RBAC will be applied under this service account in -# the deployment namespace. You may comment out this resource -# if your manager will use a service account that exists at -# runtime. Be sure to update RoleBinding and ClusterRoleBinding -# subjects if changing service account names. -- service_account.yaml -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# The following RBAC configurations are used to protect -# the metrics endpoint with authn/authz. These configurations -# ensure that only authorized users and service accounts -# can access the metrics endpoint. Comment the following -# permissions if you want to disable this protection. -# More info: https://book.kubebuilder.io/reference/metrics.html -- metrics_auth_role.yaml -- metrics_auth_role_binding.yaml -- metrics_reader_role.yaml -# For each CRD, "Editor" and "Viewer" roles are scaffolded by -# default, aiding admins in cluster management. Those roles are -# not used by the Project itself. You can comment the following lines -# if you do not want those helpers be installed with your Project. -- migration_editor_role.yaml -- migration_viewer_role.yaml -- hypervisor_editor_role.yaml -- hypervisor_viewer_role.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml deleted file mode 100644 index 91347c7..0000000 --- a/config/rbac/leader_election_role.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/name: kvm-node-agent - app.kubernetes.io/managed-by: kustomize - name: leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml deleted file mode 100644 index 06c9d69..0000000 --- a/config/rbac/leader_election_role_binding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/name: kvm-node-agent - app.kubernetes.io/managed-by: kustomize - name: leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: leader-election-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/config/rbac/metrics_auth_role.yaml b/config/rbac/metrics_auth_role.yaml deleted file mode 100644 index 32d2e4e..0000000 --- a/config/rbac/metrics_auth_role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: metrics-auth-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create diff --git a/config/rbac/metrics_auth_role_binding.yaml b/config/rbac/metrics_auth_role_binding.yaml deleted file mode 100644 index e775d67..0000000 --- a/config/rbac/metrics_auth_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: metrics-auth-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: metrics-auth-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/config/rbac/metrics_reader_role.yaml b/config/rbac/metrics_reader_role.yaml deleted file mode 100644 index 51a75db..0000000 --- a/config/rbac/metrics_reader_role.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: metrics-reader -rules: -- nonResourceURLs: - - "/metrics" - verbs: - - get diff --git a/config/rbac/migration_editor_role.yaml b/config/rbac/migration_editor_role.yaml deleted file mode 100644 index 3f2fde0..0000000 --- a/config/rbac/migration_editor_role.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# permissions for end users to edit migrations. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: kvm-node-agent - app.kubernetes.io/managed-by: kustomize - name: migration-editor-role -rules: -- apiGroups: - - kvm.cloud.sap - resources: - - migrations - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - kvm.cloud.sap - resources: - - migrations/status - verbs: - - get diff --git a/config/rbac/migration_viewer_role.yaml b/config/rbac/migration_viewer_role.yaml deleted file mode 100644 index 8d08fca..0000000 --- a/config/rbac/migration_viewer_role.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# permissions for end users to view migrations. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: kvm-node-agent - app.kubernetes.io/managed-by: kustomize - name: migration-viewer-role -rules: -- apiGroups: - - kvm.cloud.sap - resources: - - migrations - verbs: - - get - - list - - watch -- apiGroups: - - kvm.cloud.sap - resources: - - migrations/status - verbs: - - get diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml deleted file mode 100644 index 53000a1..0000000 --- a/config/rbac/role_binding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: kvm-node-agent - app.kubernetes.io/managed-by: kustomize - name: manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: manager-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml deleted file mode 100644 index 263242b..0000000 --- a/config/rbac/service_account.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: kvm-node-agent - app.kubernetes.io/managed-by: kustomize - name: controller-manager - namespace: system diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml deleted file mode 100644 index 67794b6..0000000 --- a/config/samples/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -## Append samples of your project ## -resources: -- kvm_v1_hypervisor.yaml -- kvm_v1_migration.yaml -# +kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/samples/kvm_v1alpha1_hypervisor.yaml b/config/samples/kvm_v1alpha1_hypervisor.yaml deleted file mode 100644 index 6aac261..0000000 --- a/config/samples/kvm_v1alpha1_hypervisor.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kvm.cloud.sap/v1 -kind: Hypervisor -metadata: - labels: - app.kubernetes.io/name: kvm-node-agent - app.kubernetes.io/managed-by: kustomize - name: hypervisor-sample -spec: - # TODO(user): Add fields here diff --git a/config/samples/kvm_v1alpha1_migration.yaml b/config/samples/kvm_v1alpha1_migration.yaml deleted file mode 100644 index 778d98b..0000000 --- a/config/samples/kvm_v1alpha1_migration.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kvm.cloud.sap/v1 -kind: Migration -metadata: - labels: - app.kubernetes.io/name: kvm-node-agent - app.kubernetes.io/managed-by: kustomize - name: migration-sample -spec: - # TODO(user): Add fields here diff --git a/go.sum b/go.sum index 2d8a494..ed21fca 100644 --- a/go.sum +++ b/go.sum @@ -14,8 +14,6 @@ github.com/cert-manager/cert-manager v1.19.4 h1:7lOkSYj+nJNjgGFfAznQzPpOfWX+1Kgz github.com/cert-manager/cert-manager v1.19.4/go.mod h1:9uBnn3IK9NxjjuXmQDYhwOwFUU5BtGVB1g/voPvvcVw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cobaltcore-dev/openstack-hypervisor-operator v0.0.0-20260309144200-9c8ed613a94c h1:KylfcJikSMWNJnuNfG1Od6fNUw4kQTjseP7khmwVlrM= -github.com/cobaltcore-dev/openstack-hypervisor-operator v0.0.0-20260309144200-9c8ed613a94c/go.mod h1:b0KmJdxvRI8UXlGe8cRm5BD8Tm2WhF7zSKMSIRGyVL4= github.com/cobaltcore-dev/openstack-hypervisor-operator v0.0.0-20260313120621-e3699e2ccab9 h1:fIQCfP6HTOMu9XqcRLUYeUCK2mPWcOkSqYVF9HUhQyE= github.com/cobaltcore-dev/openstack-hypervisor-operator v0.0.0-20260313120621-e3699e2ccab9/go.mod h1:b0KmJdxvRI8UXlGe8cRm5BD8Tm2WhF7zSKMSIRGyVL4= github.com/coreos/go-systemd/v22 v22.7.0 h1:LAEzFkke61DFROc7zNLX/WA2i5J8gYqe0rSj9KI28KA= diff --git a/internal/controller/suite_test.go b/internal/controller/suite_test.go index 372d3ab..d12d5bf 100644 --- a/internal/controller/suite_test.go +++ b/internal/controller/suite_test.go @@ -25,7 +25,6 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - "k8s.io/client-go/kubernetes/scheme" "k8s.io/client-go/rest" "sigs.k8s.io/controller-runtime/pkg/client" @@ -55,7 +54,7 @@ var _ = BeforeSuite(func() { By("bootstrapping test environment") testEnv = &envtest.Environment{ - CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")}, + CRDDirectoryPaths: []string{filepath.Join("..", "..", "charts", "kvm-node-agent", "crds")}, ErrorIfCRDPathMissing: true, // The BinaryAssetsDirectory is only required if you want to run the tests directly diff --git a/internal/evacuation/suite_test.go b/internal/evacuation/suite_test.go index d61bb66..b5a97bf 100644 --- a/internal/evacuation/suite_test.go +++ b/internal/evacuation/suite_test.go @@ -54,7 +54,7 @@ var _ = BeforeSuite(func() { By("bootstrapping test environment") testEnv = &envtest.Environment{ - CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")}, + CRDDirectoryPaths: []string{filepath.Join("..", "..", "charts", "kvm-node-agent", "crds")}, ErrorIfCRDPathMissing: true, // The BinaryAssetsDirectory is only required if you want to run the tests directly