Adding kubevirt-manager.

This commit is contained in:
Joseph Hanson 2024-05-22 13:46:59 -05:00
parent 03a638fadc
commit cdd2f0472c
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
8 changed files with 315 additions and 0 deletions

View file

@ -0,0 +1,22 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cdi-uploadproxy
namespace: cdi
spec:
ingressClassName: internal-nginx
rules:
- host: &host "cdi.jahanson.tech"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cdi-uploadproxy
port:
number: 443
tls:
- hosts:
- *host

View file

@ -0,0 +1,9 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# Pre Flux-Kustomizations
- ./namespace.yaml
# Flux-Kustomizations
- ./manager/ks.yaml

View file

@ -0,0 +1,83 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: &app kubevirt-manager
spec:
interval: 30m
chart:
spec:
chart: app-template
version: 3.1.0
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
maxHistory: 2
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
values:
controllers:
kubevirt-manager:
annotations:
reloader.stakater.com/auto: "true"
containers:
app:
image:
repository: docker.io/kubevirtmanager/kubevirt-manager
tag: 1.3.3
env:
TZ: America/Chicago
resources:
requests:
cpu: 5m
memory: 50Mi
limits:
memory: 150Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] }
pod:
securityContext:
runAsUser: 10000
runAsGroup: 30000
serviceAccount:
create: true
name: kubevirt-manager
service:
app:
controller: kubevirt-manager
ports:
http:
port: 8080
ingress:
app:
className: internal-nginx
hosts:
- host: &host "kubevirt.jahanson.tech"
paths:
- path: /
pathType: Prefix
service:
identifier: app
port: http
tls:
- hosts:
- *host
persistence:
cache:
type: emptyDir
globalMounts:
- path: /var/cache/nginx
run:
type: emptyDir
globalMounts:
- path: /var/run

View file

@ -0,0 +1,7 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml
- ./rbac.yaml

View file

@ -0,0 +1,110 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubevirt-manager
rules:
- apiGroups: [""]
resources: ["nodes", "namespaces"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["customresourcedefinitions"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["persistentvolumeclaims", "persistentvolumes", "services", "secrets", "serviceaccounts", "configmaps", "deployments"]
verbs: ["*"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["rolebindings"]
verbs: ["*"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["*"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list"]
- apiGroups: ["k8s.cni.cncf.io"]
resources: ["network-attachment-definitions"]
verbs: ["get", "list"]
- apiGroups: ["kubevirt.io"]
resources: ["virtualmachines", "virtualmachineinstances"]
verbs: ["*"]
- apiGroups: ["subresources.kubevirt.io"]
resources: ["*"]
verbs: ["get", "list", "update", "patch"]
- apiGroups: ["instancetype.kubevirt.io"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["cdi.kubevirt.io"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["pool.kubevirt.io"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["scheduling.k8s.io"]
resources: ["priorityclasses"]
verbs: ["get", "list"]
- apiGroups: ["autoscaling"]
resources: ["horizontalpodautoscalers"]
verbs: ["*"]
- apiGroups: ["cluster.x-k8s.io"]
resources: ["clusters", "machinedeployments"]
verbs: ["*"]
- apiGroups: ["controlplane.cluster.x-k8s.io"]
resources: ["kubeadmcontrolplanes"]
verbs: ["*"]
- apiGroups: ["infrastructure.cluster.x-k8s.io"]
resources: ["kubevirtmachinetemplates", "kubevirtclusters"]
verbs: ["*"]
- apiGroups: ["bootstrap.cluster.x-k8s.io"]
resources: ["kubeadmconfigtemplates"]
verbs: ["*"]
- apiGroups: ["addons.cluster.x-k8s.io"]
resources: ["clusterresourcesets"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubevirt-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt-manager
subjects:
- kind: ServiceAccount
name: kubevirt-manager
namespace: kubevirt
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubevirt-manager-kccm
rules:
- apiGroups: ["kubevirt.io"]
resources: ["virtualmachines"]
verbs: ["get", "list", "watch"]
- apiGroups: ["kubevirt.io"]
resources: ["virtualmachineinstances"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["services"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubevirt-manager-kccm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt-manager-kccm
subjects:
- kind: ServiceAccount
name: kubevirt-manager
namespace: kubevirt

View file

@ -0,0 +1,18 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app kubevirt-manager
namespace: flux-system
spec:
targetNamespace: kubevirt
path: ./kubernetes/apps/kubevirt/manager/app
prune: true
sourceRef:
kind: GitRepository
name: homelab
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m

View file

@ -0,0 +1,10 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: kubevirt
labels:
kustomize.toolkit.fluxcd.io/prune: disabled
volsync.backube/privileged-movers: "true"
pod-security.kubernetes.io/enforce: "privileged"
kubevirt.io: ""

View file

@ -0,0 +1,56 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/kubevirt.io/virtualmachine_v1.json
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
name: fj-runner-01
namespace: default
uid: e0725361-eb07-44bc-bb01-7a1dba39622a
labels:
kubevirt-manager.io/managed: "true"
kubevirt.io/domain: fj-runner-01
spec:
running: true
template:
metadata:
creationTimestamp: null
labels:
kubevirt-manager.io/managed: "true"
kubevirt.io/domain: fj-runner-01
spec:
architecture: amd64
domain:
cpu:
cores: 4
sockets: 1
threads: 2
devices:
disks:
- disk: {}
name: disk1
bootOrder: 0
- disk: {}
name: disk2
bootOrder: 1
interfaces:
- bridge: {}
name: net1
networkInterfaceMultiqueue: true
machine:
type: q35
resources:
requests:
memory: 8Gi
networks:
- name: net1
pod: {}
nodeSelector:
kubernetes.io/hostname: shadowfax
priorityClassName: vm-standard
volumes:
- dataVolume:
name: default-fj-runner-01-disk1
name: disk1
- dataVolume:
name: default-fj-runner-01-disk2
name: disk2