Skip to content

Instantly share code, notes, and snippets.

@richardcase

richardcase/infrastructure-components.yaml

Created February 25, 2022 15:56
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save richardcase/25582efc7d61a98eb7891dc723fe11e3 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save richardcase/25582efc7d61a98eb7891dc723fe11e3 to your computer and use it in GitHub Desktop.
Download ZIP
InfraComponents-20220225
Raw
infrastructure-components.yaml
apiVersion: v1
kind: Namespace
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
control-plane: controller-manager
name: capmvm-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: capmvm-system/capmvm-serving-cert
controller-gen.kubebuilder.io/version: v0.7.1-0.20211110210727-ab52f76cc7d1
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
cluster.x-k8s.io/v1beta1: v1alpha1
name: microvmclusters.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: capmvm-webhook-service
namespace: capmvm-system
path: /convert
conversionReviewVersions:
- v1
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: MicrovmCluster
listKind: MicrovmClusterList
plural: microvmclusters
shortNames:
- mvmc
singular: microvmcluster
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Cluster to which this MicrovmCluster belongs
jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
name: Cluster
type: string
- description: Cluster infrastructure is ready
jsonPath: .status.ready
name: Ready
type: string
- description: API Endpoint
jsonPath: .spec.controlPlaneEndpoint[0]
name: ControlPlaneEndpoint
priority: 1
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: MicrovmCluster is the Schema for the microvmclusters API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: MicrovmClusterSpec defines the desired state of MicrovmCluster.
properties:
controlPlaneEndpoint:
description: "ControlPlaneEndpoint represents the endpoint used to
communicate with the control plane. \n See https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html
for more details."
properties:
host:
description: The hostname on which the API server is serving.
type: string
port:
description: The port on which the API server is serving.
format: int32
type: integer
required:
- host
- port
type: object
microvmProxy:
description: MicrovmProxy is the proxy server details to use when
calling the microvm service. This is an alteranative to using the
http proxy environment variables and applied purely to the grpc
service.
properties:
endpoint:
description: Endpoint is the address of the proxy.
type: string
required:
- endpoint
type: object
placement:
description: Placement specifies how machines for the cluster should
be placed onto hosts (i.e. where the microvms are created).
properties:
staticPool:
description: StaticPool is used to specify that static pool placement
should be used.
properties:
hosts:
description: Hosts defines the pool of hosts that should be
used when creating microvms. The hosts will be supplied
to CAPI (as fault domains) and it will place machines across
them.
items:
properties:
controlplaneAllowed:
default: true
description: ControlPlaneAllowed marks this host as
suitable for running control plane nodes in addition
to worker nodes.
type: boolean
endpoint:
description: Endpoint is the API endpoint for the microvm
service (i.e. flintlock).
type: string
name:
description: Name is an optional name for the host.
type: string
required:
- controlplaneAllowed
- endpoint
type: object
minItems: 1
type: array
required:
- hosts
type: object
type: object
sshPublicKey:
description: SSHPublicKey is an SSH public key that will be used with
the default user. If specified this will apply to all machine created
unless you specify a different key at the machine level.
type: string
required:
- placement
type: object
status:
description: MicrovmClusterStatus defines the observed state of MicrovmCluster.
properties:
conditions:
description: Conditions defines current service state of the MicrovmCluster.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another. This should be when the underlying condition changed.
If that is not known, then using the time when the API field
changed is acceptable.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition. This field may be empty.
type: string
reason:
description: The reason for the condition's last transition
in CamelCase. The specific API may choose whether or not this
field is considered a guaranteed API. This field may not be
empty.
type: string
severity:
description: Severity provides an explicit classification of
Reason code, so the users or machines can immediately understand
the current situation and act accordingly. The Severity field
MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important.
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
failureDomains:
additionalProperties:
description: FailureDomainSpec is the Schema for Cluster API failure
domains. It allows controllers to understand how many failure
domains a cluster can optionally span across.
properties:
attributes:
additionalProperties:
type: string
description: Attributes is a free form map of attributes an
infrastructure provider might use or require.
type: object
controlPlane:
description: ControlPlane determines if this failure domain
is suitable for use by control plane machines.
type: boolean
type: object
description: FailureDomains is a list of the failure domains that
CAPI should spread the machines across. For the CAPMVM provider
this equates to host machines that can run microvms using Flintlock.
type: object
ready:
default: false
description: Ready indicates that the cluster is ready.
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: capmvm-system/capmvm-serving-cert
controller-gen.kubebuilder.io/version: v0.7.1-0.20211110210727-ab52f76cc7d1
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
cluster.x-k8s.io/v1beta1: v1alpha1
name: microvmmachines.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: capmvm-webhook-service
namespace: capmvm-system
path: /convert
conversionReviewVersions:
- v1
group: infrastructure.cluster.x-k8s.io
names:
kind: MicrovmMachine
listKind: MicrovmMachineList
plural: microvmmachines
singular: microvmmachine
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: MicrovmMachine is the Schema for the microvmmachines API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: MicrovmMachineSpec defines the desired state of MicrovmMachine.
properties:
failureDomain:
description: FailureDomain is the address of the flintlock host assigned
to this MvmMachine.
type: string
initrd:
description: Initrd is an optional initial ramdisk to use.
properties:
filename:
description: Filename is the name of the file in the container
to use.
type: string
image:
description: Image is the container image to use.
type: string
required:
- image
type: object
kernel:
description: Kernel specifies the kernel and its arguments to use.
properties:
filename:
description: Filename is the name of the file in the container
to use.
type: string
image:
description: Image is the container image to use.
type: string
required:
- image
type: object
kernelCmdline:
additionalProperties:
type: string
description: KernelCmdLine are the additional args to use for the
kernel cmdline. Each MicroVM provider has its own recommended list,
they will be used automatically. This field is for additional values.
type: object
memoryMb:
description: MemoryMb is the amount of memory in megabytes that the
microvm will be allocated.
format: int64
minimum: 1024
type: integer
networkInterfaces:
description: NetworkInterfaces specifies the network interfaces attached
to the microvm.
items:
description: NetworkInterface represents a network interface for
the microvm.
properties:
address:
description: Address is an optional IP address to assign to
this interface. If not supplied then DHCP will be used.
type: string
guestDeviceName:
description: GuestDeviceName is the name of the network interface
to create in the microvm.
type: string
guestMac:
description: GuestMAC allows the specifying of a specific MAC
address to use for the interface. If not supplied a autogenerated
MAC address will be used.
type: string
type:
description: Type is the type of host network interface type
to create to use by the guest.
enum:
- macvtap
- tap
type: string
required:
- guestDeviceName
- type
type: object
minItems: 1
type: array
providerID:
description: ProviderID is the unique identifier as specified by the
cloud provider.
type: string
rootVolume:
description: RootVolume specifies the volume to use for the root of
the microvm.
properties:
id:
description: ID is a unique identifier for this volume.
type: string
image:
description: Image is the container image to use for the volume.
type: string
mountPoint:
description: MountPoint is the mount point of the volume in the
machine.
type: string
readOnly:
default: false
description: ReadOnly specifies that the volume is to be mounted
readonly.
type: boolean
required:
- id
- image
type: object
sshPublicKey:
description: SSHPublicKey is an SSH public key that will be used with
the default user on this machine. If specified it will take precedence
over any SSH key specified at the cluster level.
type: string
vcpu:
description: VCPU specifies how many vcpu's the microvm will be allocated.
format: int64
minimum: 1
type: integer
volumes:
description: AdditionalVolumes specifies additional non-root volumes
to attach to the microvm.
items:
description: Volume represents a volume to be attached to a microvm.
properties:
id:
description: ID is a unique identifier for this volume.
type: string
image:
description: Image is the container image to use for the volume.
type: string
mountPoint:
description: MountPoint is the mount point of the volume in
the machine.
type: string
readOnly:
default: false
description: ReadOnly specifies that the volume is to be mounted
readonly.
type: boolean
required:
- id
- image
type: object
type: array
required:
- kernel
- memoryMb
- networkInterfaces
- rootVolume
- vcpu
type: object
status:
description: MicrovmMachineStatus defines the observed state of MicrovmMachine.
properties:
addresses:
description: Addresses contains the microvm associated addresses.
items:
description: MachineAddress contains information for the node's
address.
properties:
address:
description: The machine address.
type: string
type:
description: Machine address type, one of Hostname, ExternalIP
or InternalIP.
type: string
required:
- address
- type
type: object
type: array
conditions:
description: Conditions defines current service state of the MicrovmMachine.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another. This should be when the underlying condition changed.
If that is not known, then using the time when the API field
changed is acceptable.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition. This field may be empty.
type: string
reason:
description: The reason for the condition's last transition
in CamelCase. The specific API may choose whether or not this
field is considered a guaranteed API. This field may not be
empty.
type: string
severity:
description: Severity provides an explicit classification of
Reason code, so the users or machines can immediately understand
the current situation and act accordingly. The Severity field
MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important.
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
failureMessage:
description: "FailureMessage will be set in the event that there is
a terminal problem reconciling the Machine and will contain a more
verbose string suitable for logging and human consumption. \n This
field should not be set for transitive errors that a controller
faces that are expected to be fixed automatically over time (like
service outages), but instead indicate that something is fundamentally
wrong with the Machine's spec or the configuration of the controller,
and that manual intervention is required. Examples of terminal errors
would be invalid combinations of settings in the spec, values that
are unsupported by the controller, or the responsible controller
itself being critically misconfigured. \n Any transient errors that
occur during the reconciliation of Machines can be added as events
to the Machine object and/or logged in the controller's output."
type: string
failureReason:
description: "FailureReason will be set in the event that there is
a terminal problem reconciling the Machine and will contain a succinct
value suitable for machine interpretation. \n This field should
not be set for transitive errors that a controller faces that are
expected to be fixed automatically over time (like service outages),
but instead indicate that something is fundamentally wrong with
the Machine's spec or the configuration of the controller, and that
manual intervention is required. Examples of terminal errors would
be invalid combinations of settings in the spec, values that are
unsupported by the controller, or the responsible controller itself
being critically misconfigured. \n Any transient errors that occur
during the reconciliation of Machines can be added as events to
the Machine object and/or logged in the controller's output."
type: string
ready:
default: false
description: Ready is true when the provider resource is ready.
type: boolean
vmState:
description: VMState indicates the state of the microvm.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.1-0.20211110210727-ab52f76cc7d1
creationTimestamp: null
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
cluster.x-k8s.io/v1beta1: v1alpha1
name: microvmmachinetemplates.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: MicrovmMachineTemplate
listKind: MicrovmMachineTemplateList
plural: microvmmachinetemplates
shortNames:
- mvmmt
singular: microvmmachinetemplate
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: MicrovmMachineTemplate is the Schema for the microvmmachinetemplates
API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: MicrovmMachineTemplateSpec defines the desired state of MicrovmMachineTemplate.
properties:
template:
description: MicrovmMachineTemplateResource describes the data needed
to create a MicrovmMachine from a template.
properties:
metadata:
description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
properties:
annotations:
additionalProperties:
type: string
description: 'Annotations is an unstructured key value map
stored with a resource that may be set by external tools
to store and retrieve arbitrary metadata. They are not queryable
and should be preserved when modifying objects. More info:
http://kubernetes.io/docs/user-guide/annotations'
type: object
labels:
additionalProperties:
type: string
description: 'Map of string keys and values that can be used
to organize and categorize (scope and select) objects. May
match selectors of replication controllers and services.
More info: http://kubernetes.io/docs/user-guide/labels'
type: object
type: object
spec:
description: Spec is the specification of the machine.
properties:
failureDomain:
description: FailureDomain is the address of the flintlock
host assigned to this MvmMachine.
type: string
initrd:
description: Initrd is an optional initial ramdisk to use.
properties:
filename:
description: Filename is the name of the file in the container
to use.
type: string
image:
description: Image is the container image to use.
type: string
required:
- image
type: object
kernel:
description: Kernel specifies the kernel and its arguments
to use.
properties:
filename:
description: Filename is the name of the file in the container
to use.
type: string
image:
description: Image is the container image to use.
type: string
required:
- image
type: object
kernelCmdline:
additionalProperties:
type: string
description: KernelCmdLine are the additional args to use
for the kernel cmdline. Each MicroVM provider has its own
recommended list, they will be used automatically. This
field is for additional values.
type: object
memoryMb:
description: MemoryMb is the amount of memory in megabytes
that the microvm will be allocated.
format: int64
minimum: 1024
type: integer
networkInterfaces:
description: NetworkInterfaces specifies the network interfaces
attached to the microvm.
items:
description: NetworkInterface represents a network interface
for the microvm.
properties:
address:
description: Address is an optional IP address to assign
to this interface. If not supplied then DHCP will
be used.
type: string
guestDeviceName:
description: GuestDeviceName is the name of the network
interface to create in the microvm.
type: string
guestMac:
description: GuestMAC allows the specifying of a specific
MAC address to use for the interface. If not supplied
a autogenerated MAC address will be used.
type: string
type:
description: Type is the type of host network interface
type to create to use by the guest.
enum:
- macvtap
- tap
type: string
required:
- guestDeviceName
- type
type: object
minItems: 1
type: array
providerID:
description: ProviderID is the unique identifier as specified
by the cloud provider.
type: string
rootVolume:
description: RootVolume specifies the volume to use for the
root of the microvm.
properties:
id:
description: ID is a unique identifier for this volume.
type: string
image:
description: Image is the container image to use for the
volume.
type: string
mountPoint:
description: MountPoint is the mount point of the volume
in the machine.
type: string
readOnly:
default: false
description: ReadOnly specifies that the volume is to
be mounted readonly.
type: boolean
required:
- id
- image
type: object
sshPublicKey:
description: SSHPublicKey is an SSH public key that will be
used with the default user on this machine. If specified
it will take precedence over any SSH key specified at the
cluster level.
type: string
vcpu:
description: VCPU specifies how many vcpu's the microvm will
be allocated.
format: int64
minimum: 1
type: integer
volumes:
description: AdditionalVolumes specifies additional non-root
volumes to attach to the microvm.
items:
description: Volume represents a volume to be attached to
a microvm.
properties:
id:
description: ID is a unique identifier for this volume.
type: string
image:
description: Image is the container image to use for
the volume.
type: string
mountPoint:
description: MountPoint is the mount point of the volume
in the machine.
type: string
readOnly:
default: false
description: ReadOnly specifies that the volume is to
be mounted readonly.
type: boolean
required:
- id
- image
type: object
type: array
required:
- kernel
- memoryMb
- networkInterfaces
- rootVolume
- vcpu
type: object
required:
- spec
type: object
required:
- template
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
control-plane: controller-manager
name: capmvm-controller-manager
namespace: capmvm-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
name: capmvm-leader-election-role
namespace: capmvm-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
name: capmvm-manager-role
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/status
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machines
- machines/status
verbs:
- get
- list
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- microvmclusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- microvmclusters/finalizers
verbs:
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- microvmclusters/status
verbs:
- get
- patch
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- microvmmachines
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- microvmmachines/finalizers
verbs:
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- microvmmachines/status
verbs:
- get
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
name: capmvm-leader-election-rolebinding
namespace: capmvm-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: capmvm-leader-election-role
subjects:
- kind: ServiceAccount
name: capmvm-controller-manager
namespace: capmvm-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
name: capmvm-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: capmvm-manager-role
subjects:
- kind: ServiceAccount
name: capmvm-controller-manager
namespace: capmvm-system
---
apiVersion: v1
kind: Service
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
name: capmvm-webhook-service
namespace: capmvm-system
spec:
ports:
- port: 443
targetPort: webhook-server
selector:
cluster.x-k8s.io/provider: infrastructure-mvm
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
control-plane: controller-manager
name: capmvm-controller-manager
namespace: capmvm-system
spec:
replicas: 1
selector:
matchLabels:
cluster.x-k8s.io/provider: infrastructure-mvm
control-plane: controller-manager
template:
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
control-plane: controller-manager
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: ${K8S_CP_LABEL:=node-role.kubernetes.io/control-plane}
operator: Exists
weight: 10
- preference:
matchExpressions:
- key: node-role.kubernetes.io/master
operator: Exists
weight: 10
containers:
- args:
- --leader-elect
- --v=4
command:
- /manager
image: docker.io/richardcase/cluster-api-provider-microvm:dev
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: healthz
periodSeconds: 10
name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
resources:
limits:
cpu: 100m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
imagePullSecrets:
- name: capmvm-private-image-cred
serviceAccountName: capmvm-controller-manager
terminationGracePeriodSeconds: 10
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
volumes:
- name: cert
secret:
defaultMode: 420
secretName: capmvm-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
name: capmvm-serving-cert
namespace: capmvm-system
spec:
dnsNames:
- capmvm-webhook-service.capmvm-system.svc
- capmvm-webhook-service.capmvm-system.svc.cluster.local
issuerRef:
kind: Issuer
name: capmvm-selfsigned-issuer
secretName: capmvm-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
name: capmvm-selfsigned-issuer
namespace: capmvm-system
spec:
selfSigned: {}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: capmvm-system/capmvm-serving-cert
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
name: capmvm-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1beta1
clientConfig:
service:
name: capmvm-webhook-service
namespace: capmvm-system
path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha1-microvmcluster
failurePolicy: Fail
matchPolicy: Equivalent
name: default.microvmcluster.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- microvmclusters
sideEffects: None
- admissionReviewVersions:
- v1beta1
clientConfig:
service:
name: capmvm-webhook-service
namespace: capmvm-system
path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha1-microvmmachine
failurePolicy: Fail
matchPolicy: Equivalent
name: default.microvmmachine.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- microvmmachine
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: capmvm-system/capmvm-serving-cert
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
name: capmvm-validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1beta1
clientConfig:
service:
name: capmvm-webhook-service
namespace: capmvm-system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-microvmcluster
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.microvmcluster.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- microvmclusters
sideEffects: None
- admissionReviewVersions:
- v1beta1
clientConfig:
service:
name: capmvm-webhook-service
namespace: capmvm-system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-microvmmachine
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.microvmmachine.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- microvmmachine
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: capmvm-webhook-service
namespace: capmvm-system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-microvmmachinetemplate
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.microvmmachinetemplate.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- microvmmachinetemplates
sideEffects: None
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment