Skip to content

Instantly share code, notes, and snippets.

@u20024804

u20024804/infrastructure-components.yaml

Created January 5, 2026 16:32
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save u20024804/9af53cb94048c7e4a8d9cc53363f7dd0 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save u20024804/9af53cb94048c7e4a8d9cc53363f7dd0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
infrastructure-components.yaml
apiVersion: v1
kind: Namespace
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
control-plane: controller-manager
name: capmvm-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: capmvm-system/capmvm-serving-cert
controller-gen.kubebuilder.io/version: v0.17.1
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
cluster.x-k8s.io/v1beta1: v1alpha1
name: microvmclusters.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: capmvm-webhook-service
namespace: capmvm-system
path: /convert
conversionReviewVersions:
- v1
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: MicrovmCluster
listKind: MicrovmClusterList
plural: microvmclusters
shortNames:
- mvmc
singular: microvmcluster
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Cluster to which this MicrovmCluster belongs
jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
name: Cluster
type: string
- description: Cluster infrastructure is ready
jsonPath: .status.ready
name: Ready
type: string
- description: API Endpoint
jsonPath: .spec.controlPlaneEndpoint[0]
name: ControlPlaneEndpoint
priority: 1
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: MicrovmCluster is the Schema for the microvmclusters API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: MicrovmClusterSpec defines the desired state of MicrovmCluster.
properties:
controlPlaneEndpoint:
description: |-
ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.
See https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html
for more details.
properties:
host:
description: The hostname on which the API server is serving.
type: string
port:
description: The port on which the API server is serving.
format: int32
type: integer
required:
- host
- port
type: object
microvmProxy:
description: |-
MicrovmProxy is the proxy server details to use when calling the microvm service. This is an
alteranative to using the http proxy environment variables and applied purely to the grpc service.
properties:
endpoint:
description: Endpoint is the address of the proxy.
type: string
required:
- endpoint
type: object
placement:
description:
Placement specifies how machines for the cluster should
be placed onto hosts (i.e. where the microvms are created).
properties:
staticPool:
description:
StaticPool is used to specify that static pool placement
should be used.
properties:
basicAuthSecret:
description:
"BasicAuthSecret is the name of the secret containing
basic auth info for each\nhost listed in Hosts.\nThe secret
should be created in the same namespace as the Cluster.\nThe
secret should contain a data entry for each host Endpoint
without the port:\n\napiVersion: v1\nkind: Secret\nmetadata:\n\tname:
mybasicauthsecret\n\tnamespace: same-as-cluster\ntype: Opaque\ndata:\n\t1.2.4.5:
YWRtaW4=\n\tmyhost: MWYyZDFlMmU2N2Rm"
type: string
hosts:
description: |-
Hosts defines the pool of hosts that should be used when creating microvms. The hosts will
be supplied to CAPI (as fault domains) and it will place machines across them.
items:
properties:
controlplaneAllowed:
default: true
description: |-
ControlPlaneAllowed marks this host as suitable for running control plane nodes in
addition to worker nodes.
type: boolean
endpoint:
description: |-
Endpoint is the API endpoint for the microvm service (i.e. flintlock)
including the port.
type: string
name:
description: Name is an optional name for the host.
type: string
required:
- controlplaneAllowed
- endpoint
type: object
minItems: 1
type: array
required:
- hosts
type: object
type: object
sshPublicKeys:
description: |-
SSHPublicKeys is a list of SSHPublicKeys and their associated users.
If specified these keys will be applied to all machine created unless you
specify different keys at the machine level.
items:
properties:
authorizedKeys:
description:
AuthorizedKeys is a list of public keys to add
to the user
items:
type: string
type: array
user:
description:
User is the name of the user to add keys for (eg
root, ubuntu).
type: string
required:
- authorizedKeys
- user
type: object
type: array
tlsSecretRef:
description:
"mTLS Configuration:\n\nIt is recommended that each flintlock
host is configured with its own cert\nsigned by a common CA, and
set to use mTLS.\nThe CAPMVM client should be provided with the
CA, and a client cert and key\nsigned by that CA.\nTLSSecretRef
is a reference to the name of a secret which contains TLS cert information\nfor
connecting to Flintlock hosts.\nThe secret should be created in
the same namespace as the MicroVMCluster.\nThe secret should be
of type Opaque\nwith the addition of a ca.crt key.\n\napiVersion:
v1\nkind: Secret\nmetadata:\n\tname: secret-tls\n\tnamespace: default
\ <- same as Cluster\ntype: Opaque\ndata:\n\ttls.crt: |\n\t\t-----BEGIN
CERTIFICATE-----\n\t\tMIIC2DCCAcCgAwIBAgIBATANBgkqh ...\n\t\t-----END
CERTIFICATE-----\n\ttls.key: |\n\t\t-----BEGIN EC PRIVATE KEY-----\n\t\tMIIEpgIBAAKCAQEA7yn3bRHQ5FHMQ
...\n\t\t-----END EC PRIVATE KEY-----\n\tca.crt: |\n\t\t-----BEGIN
CERTIFICATE-----\n\t\tMIIEpgIBAAKCAQEA7yn3bRHQ5FHMQ ...\n\t\t-----END
CERTIFICATE-----"
type: string
required:
- placement
type: object
status:
description: MicrovmClusterStatus defines the observed state of MicrovmCluster.
properties:
conditions:
description: Conditions defines current service state of the MicrovmCluster.
items:
description:
Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: |-
Last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when
the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
A human readable message indicating details about the transition.
This field may be empty.
type: string
reason:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
failureDomains:
additionalProperties:
description: |-
FailureDomainSpec is the Schema for Cluster API failure domains.
It allows controllers to understand how many failure domains a cluster can optionally span across.
properties:
attributes:
additionalProperties:
type: string
description:
Attributes is a free form map of attributes an
infrastructure provider might use or require.
type: object
controlPlane:
description:
ControlPlane determines if this failure domain
is suitable for use by control plane machines.
type: boolean
type: object
description: |-
FailureDomains is a list of the failure domains that CAPI should spread the machines across. For
the CAPMVM provider this equates to host machines that can run microvms using Flintlock.
type: object
ready:
default: false
description: Ready indicates that the cluster is ready.
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: capmvm-system/capmvm-serving-cert
controller-gen.kubebuilder.io/version: v0.17.1
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
cluster.x-k8s.io/v1beta1: v1alpha1
name: microvmmachines.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: capmvm-webhook-service
namespace: capmvm-system
path: /convert
conversionReviewVersions:
- v1
group: infrastructure.cluster.x-k8s.io
names:
kind: MicrovmMachine
listKind: MicrovmMachineList
plural: microvmmachines
singular: microvmmachine
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: MicrovmMachine is the Schema for the microvmmachines API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: MicrovmMachineSpec defines the desired state of MicrovmMachine.
properties:
initrd:
description: Initrd is an optional initial ramdisk to use.
properties:
filename:
description:
Filename is the name of the file in the container
to use.
type: string
image:
description: Image is the container image to use.
type: string
required:
- image
type: object
kernel:
description: Kernel specifies the kernel and its arguments to use.
properties:
filename:
description:
Filename is the name of the file in the container
to use.
type: string
image:
description: Image is the container image to use.
type: string
required:
- image
type: object
kernelCmdline:
additionalProperties:
type: string
description: |-
KernelCmdLine are the additional args to use for the kernel cmdline.
Each MicroVM provider has its own recommended list, they will be used
automatically. This field is for additional values.
type: object
labels:
additionalProperties:
type: string
description: Labels allow you to include extra data on the Microvm
type: object
memoryMb:
description:
MemoryMb is the amount of memory in megabytes that the
microvm will be allocated.
format: int64
minimum: 1024
type: integer
networkInterfaces:
description:
NetworkInterfaces specifies the network interfaces attached
to the microvm.
items:
description:
NetworkInterface represents a network interface for
the microvm.
properties:
address:
description:
Address is an optional IP address to assign to
this interface. If not supplied then DHCP will be used.
type: string
guestDeviceName:
description:
GuestDeviceName is the name of the network interface
to create in the microvm.
type: string
guestMac:
description: |-
GuestMAC allows the specifying of a specific MAC address to use for the interface. If
not supplied a autogenerated MAC address will be used.
type: string
type:
description:
Type is the type of host network interface type
to create to use by the guest.
enum:
- macvtap
- tap
type: string
required:
- guestDeviceName
- type
type: object
minItems: 1
type: array
provider:
description: |-
Provider allows you to specify the name of the microvm provider to use.
If this isn't supplied then the default provider will be used.
NOTE that the default provider cannot be controlled here: it would have been
chosen by the operator configuring Flintlock on the remote host.
type: string
providerID:
description:
ProviderID is the unique identifier as specified by the
cloud provider.
type: string
rootVolume:
description:
RootVolume specifies the volume to use for the root of
the microvm.
properties:
id:
description: ID is a unique identifier for this volume.
type: string
image:
description:
Image is the container image to use as the source
for the volume.
type: string
mountPoint:
description: |-
MountPoint specifies the guest mountpoint for the volume.
This will only be applied to additional volumes.
type: string
readOnly:
default: false
description:
ReadOnly specifies that the volume is to be mounted
readonly.
type: boolean
virtiofsPath:
description:
VirtioFSPath specifies the path in the guest where
virtiofs is mounted.
type: string
required:
- id
type: object
sshPublicKeys:
description: |-
SSHPublicKeys is list of SSH public keys that will be used with stated users
on this machine.
If specified they will take precedence over any SSH keys specified at
the cluster level.
items:
properties:
authorizedKeys:
description:
AuthorizedKeys is a list of public keys to add
to the user
items:
type: string
type: array
user:
description:
User is the name of the user to add keys for (eg
root, ubuntu).
type: string
required:
- authorizedKeys
- user
type: object
type: array
vcpu:
description: VCPU specifies how many vcpu's the microvm will be allocated.
format: int64
minimum: 1
type: integer
volumes:
description:
AdditionalVolumes specifies additional non-root volumes
to attach to the microvm.
items:
description: Volume represents a volume to be attached to a microvm.
properties:
id:
description: ID is a unique identifier for this volume.
type: string
image:
description:
Image is the container image to use as the source
for the volume.
type: string
mountPoint:
description: |-
MountPoint specifies the guest mountpoint for the volume.
This will only be applied to additional volumes.
type: string
readOnly:
default: false
description:
ReadOnly specifies that the volume is to be mounted
readonly.
type: boolean
virtiofsPath:
description:
VirtioFSPath specifies the path in the guest where
virtiofs is mounted.
type: string
required:
- id
type: object
type: array
required:
- kernel
- memoryMb
- networkInterfaces
- rootVolume
- vcpu
type: object
status:
description: MicrovmMachineStatus defines the observed state of MicrovmMachine.
properties:
addresses:
description: Addresses contains the microvm associated addresses.
items:
description:
MachineAddress contains information for the node's
address.
properties:
address:
description: The machine address.
type: string
type:
description:
Machine address type, one of Hostname, ExternalIP
or InternalIP.
type: string
required:
- address
- type
type: object
type: array
conditions:
description: Conditions defines current service state of the MicrovmMachine.
items:
description:
Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: |-
Last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when
the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
A human readable message indicating details about the transition.
This field may be empty.
type: string
reason:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
failureMessage:
description: |-
FailureMessage will be set in the event that there is a terminal problem
reconciling the Machine and will contain a more verbose string suitable
for logging and human consumption.
This field should not be set for transitive errors that a controller
faces that are expected to be fixed automatically over
time (like service outages), but instead indicate that something is
fundamentally wrong with the Machine's spec or the configuration of
the controller, and that manual intervention is required. Examples
of terminal errors would be invalid combinations of settings in the
spec, values that are unsupported by the controller, or the
responsible controller itself being critically misconfigured.
Any transient errors that occur during the reconciliation of Machines
can be added as events to the Machine object and/or logged in the
controller's output.
type: string
failureReason:
description: |-
FailureReason will be set in the event that there is a terminal problem
reconciling the Machine and will contain a succinct value suitable
for machine interpretation.
This field should not be set for transitive errors that a controller
faces that are expected to be fixed automatically over
time (like service outages), but instead indicate that something is
fundamentally wrong with the Machine's spec or the configuration of
the controller, and that manual intervention is required. Examples
of terminal errors would be invalid combinations of settings in the
spec, values that are unsupported by the controller, or the
responsible controller itself being critically misconfigured.
Any transient errors that occur during the reconciliation of Machines
can be added as events to the Machine object and/or logged in the
controller's output.
type: string
ready:
default: false
description: Ready is true when the provider resource is ready.
type: boolean
vmState:
description: VMState indicates the state of the microvm.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.17.1
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
cluster.x-k8s.io/v1beta1: v1alpha1
name: microvmmachinetemplates.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: MicrovmMachineTemplate
listKind: MicrovmMachineTemplateList
plural: microvmmachinetemplates
shortNames:
- mvmmt
singular: microvmmachinetemplate
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description:
MicrovmMachineTemplate is the Schema for the microvmmachinetemplates
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: MicrovmMachineTemplateSpec defines the desired state of MicrovmMachineTemplate.
properties:
template:
description:
MicrovmMachineTemplateResource describes the data needed
to create a MicrovmMachine from a template.
properties:
metadata:
description: |-
Standard object's metadata.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
properties:
annotations:
additionalProperties:
type: string
description: |-
Annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: http://kubernetes.io/docs/user-guide/annotations
type: object
labels:
additionalProperties:
type: string
description: |-
Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services.
More info: http://kubernetes.io/docs/user-guide/labels
type: object
type: object
spec:
description: Spec is the specification of the machine.
properties:
initrd:
description: Initrd is an optional initial ramdisk to use.
properties:
filename:
description:
Filename is the name of the file in the container
to use.
type: string
image:
description: Image is the container image to use.
type: string
required:
- image
type: object
kernel:
description:
Kernel specifies the kernel and its arguments
to use.
properties:
filename:
description:
Filename is the name of the file in the container
to use.
type: string
image:
description: Image is the container image to use.
type: string
required:
- image
type: object
kernelCmdline:
additionalProperties:
type: string
description: |-
KernelCmdLine are the additional args to use for the kernel cmdline.
Each MicroVM provider has its own recommended list, they will be used
automatically. This field is for additional values.
type: object
labels:
additionalProperties:
type: string
description:
Labels allow you to include extra data on the
Microvm
type: object
memoryMb:
description:
MemoryMb is the amount of memory in megabytes
that the microvm will be allocated.
format: int64
minimum: 1024
type: integer
networkInterfaces:
description:
NetworkInterfaces specifies the network interfaces
attached to the microvm.
items:
description:
NetworkInterface represents a network interface
for the microvm.
properties:
address:
description:
Address is an optional IP address to assign
to this interface. If not supplied then DHCP will
be used.
type: string
guestDeviceName:
description:
GuestDeviceName is the name of the network
interface to create in the microvm.
type: string
guestMac:
description: |-
GuestMAC allows the specifying of a specific MAC address to use for the interface. If
not supplied a autogenerated MAC address will be used.
type: string
type:
description:
Type is the type of host network interface
type to create to use by the guest.
enum:
- macvtap
- tap
type: string
required:
- guestDeviceName
- type
type: object
minItems: 1
type: array
provider:
description: |-
Provider allows you to specify the name of the microvm provider to use.
If this isn't supplied then the default provider will be used.
NOTE that the default provider cannot be controlled here: it would have been
chosen by the operator configuring Flintlock on the remote host.
type: string
providerID:
description:
ProviderID is the unique identifier as specified
by the cloud provider.
type: string
rootVolume:
description:
RootVolume specifies the volume to use for the
root of the microvm.
properties:
id:
description: ID is a unique identifier for this volume.
type: string
image:
description:
Image is the container image to use as the
source for the volume.
type: string
mountPoint:
description: |-
MountPoint specifies the guest mountpoint for the volume.
This will only be applied to additional volumes.
type: string
readOnly:
default: false
description:
ReadOnly specifies that the volume is to
be mounted readonly.
type: boolean
virtiofsPath:
description:
VirtioFSPath specifies the path in the guest
where virtiofs is mounted.
type: string
required:
- id
type: object
sshPublicKeys:
description: |-
SSHPublicKeys is list of SSH public keys that will be used with stated users
on this machine.
If specified they will take precedence over any SSH keys specified at
the cluster level.
items:
properties:
authorizedKeys:
description:
AuthorizedKeys is a list of public keys
to add to the user
items:
type: string
type: array
user:
description:
User is the name of the user to add keys
for (eg root, ubuntu).
type: string
required:
- authorizedKeys
- user
type: object
type: array
vcpu:
description:
VCPU specifies how many vcpu's the microvm will
be allocated.
format: int64
minimum: 1
type: integer
volumes:
description:
AdditionalVolumes specifies additional non-root
volumes to attach to the microvm.
items:
description:
Volume represents a volume to be attached to
a microvm.
properties:
id:
description: ID is a unique identifier for this volume.
type: string
image:
description:
Image is the container image to use as
the source for the volume.
type: string
mountPoint:
description: |-
MountPoint specifies the guest mountpoint for the volume.
This will only be applied to additional volumes.
type: string
readOnly:
default: false
description:
ReadOnly specifies that the volume is to
be mounted readonly.
type: boolean
virtiofsPath:
description:
VirtioFSPath specifies the path in the
guest where virtiofs is mounted.
type: string
required:
- id
type: object
type: array
required:
- kernel
- memoryMb
- networkInterfaces
- rootVolume
- vcpu
type: object
required:
- spec
type: object
required:
- template
type: object
type: object
served: true
storage: true
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
control-plane: controller-manager
name: capmvm-controller-manager
namespace: capmvm-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
name: capmvm-leader-election-role
namespace: capmvm-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
name: capmvm-manager-role
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- namespaces
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/status
- machines
- machines/status
verbs:
- get
- list
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- microvmclusters
- microvmmachines
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- microvmclusters/finalizers
- microvmmachines/finalizers
verbs:
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- microvmclusters/status
- microvmmachines/status
verbs:
- get
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
name: capmvm-leader-election-rolebinding
namespace: capmvm-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: capmvm-leader-election-role
subjects:
- kind: ServiceAccount
name: capmvm-controller-manager
namespace: capmvm-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
name: capmvm-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: capmvm-manager-role
subjects:
- kind: ServiceAccount
name: capmvm-controller-manager
namespace: capmvm-system
---
apiVersion: v1
kind: Service
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
name: capmvm-webhook-service
namespace: capmvm-system
spec:
ports:
- port: 443
targetPort: webhook-server
selector:
cluster.x-k8s.io/provider: infrastructure-mvm
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
control-plane: controller-manager
name: capmvm-controller-manager
namespace: capmvm-system
spec:
replicas: 1
selector:
matchLabels:
cluster.x-k8s.io/provider: infrastructure-mvm
control-plane: controller-manager
template:
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
control-plane: controller-manager
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: ${K8S_CP_LABEL:=node-role.kubernetes.io/control-plane}
operator: Exists
weight: 10
- preference:
matchExpressions:
- key: node-role.kubernetes.io/master
operator: Exists
weight: 10
containers:
- args:
- --leader-elect
command:
- /manager
image: ghcr.io/liquidmetal-dev/cluster-api-provider-microvm:v0.10.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: healthz
periodSeconds: 10
name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
resources:
limits:
cpu: 100m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
imagePullSecrets:
- name: capmvm-private-image-cred
serviceAccountName: capmvm-controller-manager
terminationGracePeriodSeconds: 10
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
volumes:
- name: cert
secret:
defaultMode: 420
secretName: capmvm-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
name: capmvm-serving-cert
namespace: capmvm-system
spec:
dnsNames:
- capmvm-webhook-service.capmvm-system.svc
- capmvm-webhook-service.capmvm-system.svc.cluster.local
issuerRef:
kind: Issuer
name: capmvm-selfsigned-issuer
secretName: capmvm-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
name: capmvm-selfsigned-issuer
namespace: capmvm-system
spec:
selfSigned: {}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: capmvm-system/capmvm-serving-cert
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
name: capmvm-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1beta1
clientConfig:
service:
name: capmvm-webhook-service
namespace: capmvm-system
path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha1-microvmcluster
failurePolicy: Fail
matchPolicy: Equivalent
name: default.microvmcluster.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- microvmclusters
sideEffects: None
- admissionReviewVersions:
- v1beta1
clientConfig:
service:
name: capmvm-webhook-service
namespace: capmvm-system
path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha1-microvmmachine
failurePolicy: Fail
matchPolicy: Equivalent
name: default.microvmmachine.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- microvmmachine
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: capmvm-system/capmvm-serving-cert
labels:
cluster.x-k8s.io/provider: infrastructure-mvm
name: capmvm-validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1beta1
clientConfig:
service:
name: capmvm-webhook-service
namespace: capmvm-system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-microvmcluster
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.microvmcluster.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- microvmclusters
sideEffects: None
- admissionReviewVersions:
- v1beta1
clientConfig:
service:
name: capmvm-webhook-service
namespace: capmvm-system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-microvmmachine
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.microvmmachine.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- microvmmachine
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: capmvm-webhook-service
namespace: capmvm-system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-microvmmachinetemplate
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.microvmmachinetemplate.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- microvmmachinetemplates
sideEffects: None
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment