Merge pull request #76 from cloudymax/capi-cluster

Get CAPI cluster out the door

charts/capi-cluster/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: cluster-api-cluster
+description: Cluster API Cluster using Kubevirt and Kubeadm
+type: application
+version: 0.0.0
+appVersion: "0.0.0"

charts/capi-cluster/README.md

@@ -0,0 +1,51 @@
+# cluster-api-cluster
+
+![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.0](https://img.shields.io/badge/AppVersion-0.0.0-informational?style=flat-square)
+
+Cluster API Cluster using Kubevirt and Kubeadm
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| MachineTemplates.controlPlane | object | `{"cores":2,"cpuModel":"host-passthrough","disk":"32Gi","memory":"4Gi","size":1}` | Control Plane VM pool spec |
+| MachineTemplates.workers | object | `{"cores":4,"cpuModel":"host-passthrough","disk":"32Gi","memory":"8Gi","size":2}` | Worker VM spec |
+| cluster.controlPlaneServiceType | string | `"ClusterIP"` | Type of service to use when exposing control plane endpoint on Host |
+| cluster.disableKubeProxy | bool | `false` | Disable the deployment of kube-proxy |
+| cluster.dnsDomain | string | `"cluster.local"` | Cluster internal DNS domain |
+| cluster.kubeletExtraArgs | object | `{"eviction-hard":"memory.available<500Mi,nodefs.available<10%","kube-reserved":"cpu=1,memory=2Gi,ephemeral-storage=1Gi","system-reserved":"cpu=500m,memory=1Gi,ephemeral-storage=1Gi"}` | Extra args to pass to kubelet |
+| cluster.name | string | `"capi"` | Name of the cluster to create |
+| cluster.namespace | string | `"kubevirt"` | Namespace in which to host cluster components |
+| cluster.podCidrBlock | string | `"10.243.0.0/16"` | CIDR block for pod network |
+| cluster.serviceCidrBlock | string | `"10.95.0.0/16"` | CIDR block for services |
+| cluster.version | string | `"v1.30.1"` | Version of kubernetes to deploy |
+| helmCharts[0].metadata.name | string | `"clilum"` |  |
+| helmCharts[0].metadata.namespace | string | `"kubevirt"` |  |
+| helmCharts[0].name | string | `"cilium"` |  |
+| helmCharts[0].spec.chartName | string | `"cilium"` |  |
+| helmCharts[0].spec.namespace | string | `"kube-system"` |  |
+| helmCharts[0].spec.options.install.createNamespace | bool | `true` |  |
+| helmCharts[0].spec.options.wait | bool | `true` |  |
+| helmCharts[0].spec.options.waitForJobs | bool | `true` |  |
+| helmCharts[0].spec.repoURL | string | `"https://helm.cilium.io/"` |  |
+| helmCharts[0].spec.valuesTemplate | string | `"operator:\n  replicas: 1\nhubble:\n  enabled: true\n  relay:\n    enabled: true\n  ui:\n    enabled: true"` |  |
+| helmCharts[1].metadata.name | string | `"cert-manager"` |  |
+| helmCharts[1].metadata.namespace | string | `"kubevirt"` |  |
+| helmCharts[1].name | string | `"cert-manager"` |  |
+| helmCharts[1].spec.chartName | string | `"cert-manager"` |  |
+| helmCharts[1].spec.namespace | string | `"cert-manager"` |  |
+| helmCharts[1].spec.options.install.createNamespace | bool | `true` |  |
+| helmCharts[1].spec.repoURL | string | `"https://charts.jetstack.io"` |  |
+| helmCharts[1].spec.valuesTemplate | string | `"crds:\n  enabled: true"` |  |
+| helmCharts[1].spec.version | string | `"v1.16.2"` |  |
+| helmCharts[2].metadata.name | string | `"ingress-nginx"` |  |
+| helmCharts[2].metadata.namespace | string | `"kubevirt"` |  |
+| helmCharts[2].name | string | `"ingress-nginx"` |  |
+| helmCharts[2].spec.chartName | string | `"ingress-nginx"` |  |
+| helmCharts[2].spec.namespace | string | `"ingress-nginx"` |  |
+| helmCharts[2].spec.options.install.createNamespace | bool | `true` |  |
+| helmCharts[2].spec.repoURL | string | `"https://kubernetes.github.io/ingress-nginx"` |  |
+| helmCharts[2].spec.valuesTemplate | string | `"install:\n  createNamespace: true"` |  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/capi-cluster/templates/Cluster.yaml

@@ -0,0 +1,27 @@
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: {{ .Values.cluster.name }}
+  namespace: {{ .Values.cluster.namespace }}
+  labels:
+    {{- range $reg, $props := .Values.helmCharts }}
+    {{ $props.name }}: enabled
+    {{- end }}
+spec:
+  clusterNetwork:
+    pods:
+      cidrBlocks:
+      - {{ .Values.cluster.podCidrBlock }}
+    services:
+      cidrBlocks:
+      - {{ .Values.cluster.serviceCidrBlock }}
+  controlPlaneRef:
+    apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+    kind: KubeadmControlPlane
+    name: {{ .Values.cluster.name }}-control-plane
+    namespace: {{ .Values.cluster.namespace }}
+  infrastructureRef:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
+    kind: KubevirtCluster
+    name: {{ .Values.cluster.name }}
+    namespace: {{ .Values.cluster.namespace }}

charts/capi-cluster/templates/ControlPlaneMachineTemplate.yaml

@@ -0,0 +1,44 @@
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
+kind: KubevirtMachineTemplate
+metadata:
+  name: capi-control-plane
+  namespace: {{ .Values.cluster.namespace }}
+spec:
+  template:
+    spec:
+      virtualMachineBootstrapCheck:
+        checkStrategy: ssh
+      virtualMachineTemplate:
+        metadata:
+          namespace: {{ .Values.cluster.namespace }}
+        spec:
+          runStrategy: Always
+          template:
+            spec:
+              domain:
+                resources:
+                  requests:
+                    ephemeral-storage: {{ .Values.MachineTemplates.controlPlane.disk }}
+                cpu:
+                  model: {{ .Values.MachineTemplates.controlPlane.cpuModel }}
+                  cores: {{ .Values.MachineTemplates.controlPlane.cores }}
+                devices:
+                  disks:
+                    - disk:
+                        bus: virtio
+                      name: containervolume
+                    - name: emptydisk
+                      disk:
+                        bus: virtio
+                  networkInterfaceMultiqueue: true
+                memory:
+                  guest: {{ .Values.MachineTemplates.controlPlane.memory }}
+              evictionStrategy: External
+              volumes:
+                - containerDisk:
+                    image: quay.io/capk/ubuntu-2204-container-disk:{{ .Values.cluster.version }}
+                  name: containervolume
+                - name: emptydisk
+                  emptyDisk:
+                    capacity: 8Gi

charts/capi-cluster/templates/Deployment.yaml

@@ -0,0 +1,62 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    capk.cluster.x-k8s.io/template-kind: extra-resource
+    cluster.x-k8s.io/cluster-name: {{ .Values.cluster.name }}
+    k8s-app: kubevirt-cloud-controller-manager
+  name: kubevirt-cloud-controller-manager
+  namespace: {{ .Values.cluster.namespace }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      capk.cluster.x-k8s.io/template-kind: extra-resource
+      cluster.x-k8s.io/cluster-name: {{ .Values.cluster.name }}
+      k8s-app: kubevirt-cloud-controller-manager
+  template:
+    metadata:
+      labels:
+        capk.cluster.x-k8s.io/template-kind: extra-resource
+        cluster.x-k8s.io/cluster-name: {{.Values.cluster.name}}
+        k8s-app: kubevirt-cloud-controller-manager
+    spec:
+      containers:
+        - args:
+            - --cloud-provider=kubevirt
+            - --cloud-config=/etc/cloud/cloud-config
+            - --kubeconfig=/etc/kubernetes/kubeconfig/value
+            - --authentication-skip-lookup=true
+            - --cluster-name={{ .Values.cluster.name }}
+          command:
+            - /bin/kubevirt-cloud-controller-manager
+          image: quay.io/kubevirt/kubevirt-cloud-controller-manager:v0.5.1
+          imagePullPolicy: Always
+          name: kubevirt-cloud-controller-manager
+          resources:
+            requests:
+              cpu: 100m
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: /etc/kubernetes/kubeconfig
+              name: kubeconfig
+              readOnly: true
+            - mountPath: /etc/cloud
+              name: cloud-config
+              readOnly: true
+      serviceAccountName: cloud-controller-manager
+      tolerations:
+        - effect: NoSchedule
+          key: node.cloudprovider.kubernetes.io/uninitialized
+          value: "true"
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/master
+      volumes:
+        - configMap:
+            name: cloud-config
+          name: cloud-config
+        - name: kubeconfig
+          secret:
+            secretName: capi-kubeconfig

charts/capi-cluster/templates/HelmChartProxy.yaml

@@ -0,0 +1,16 @@
+{{- range $reg, $props := .Values.helmCharts }}
+---
+apiVersion: addons.cluster.x-k8s.io/v1alpha1
+kind: HelmChartProxy
+metadata:
+  {{- with $props.metadata }}
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  clusterSelector:
+    matchLabels:
+      {{ $props.name }}: enabled
+  {{- with $props.spec }}
+  {{- toYaml . | nindent 2 }}
+  {{- end }}
+{{- end }}

charts/capi-cluster/templates/KubeadmConfigTemplate.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
+kind: KubeadmConfigTemplate
+metadata:
+  name: {{ .Values.cluster.name }}-md-0
+  namespace: {{ .Values.cluster.namespace }}
+spec:
+  template:
+    spec:
+      joinConfiguration:
+        nodeRegistration:
+          {{- with .Values.cluster.kubeletExtraArgs }}
+          kubeletExtraArgs:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+

charts/capi-cluster/templates/KubeadmControlPlane.yaml

@@ -0,0 +1,35 @@
+---
+apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+kind: KubeadmControlPlane
+metadata:
+  name: {{ .Values.cluster.name }}-control-plane
+  namespace: {{ .Values.cluster.namespace }}
+  {{- if eq .Values.cluster.disableKubePorxy true }}
+  annotations:
+    controlplane.cluster.x-k8s.io/skip-kube-proxy: "true"
+  {{- end }}
+spec:
+  kubeadmConfigSpec:
+    clusterConfiguration:
+      networking:
+        dnsDomain: {{ .Values.cluster.dnsDomain }}
+        podSubnet: {{ .Values.cluster.podCidrBlock }}
+        serviceSubnet: {{ .Values.cluster.serviceCidrBlock }}
+    initConfiguration:
+      nodeRegistration:
+        criSocket: /var/run/containerd/containerd.sock
+        {{- if eq .Values.cluster.disableKubePorxy true }}
+        skipPhases:
+        - "addon/kube-proxy"
+        {{- end }}
+    joinConfiguration:
+      nodeRegistration:
+        criSocket: /var/run/containerd/containerd.sock
+  machineTemplate:
+    infrastructureRef:
+      apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
+      kind: KubevirtMachineTemplate
+      name: {{ .Values.cluster.name }}-control-plane
+      namespace: {{ .Values.cluster.namespace }}
+  replicas: {{ .Values.MachineTemplates.controlPlane.size }}
+  version: {{ .Values.cluster.version }}

charts/capi-cluster/templates/KubevirtCluster.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
+kind: KubevirtCluster
+metadata:
+  name: {{ .Values.cluster.name }}
+  namespace: {{ .Values.cluster.namespace }}
+spec:
+  controlPlaneServiceTemplate:
+    spec:
+      type: {{ .Values.cluster.controlPlaneServiceType }}

charts/capi-cluster/templates/Role.yaml

@@ -0,0 +1,41 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    capk.cluster.x-k8s.io/template-kind: extra-resource
+    cluster.x-k8s.io/cluster-name: {{ .Values.cluster.name }}
+  name: kccm
+  namespace: {{ .Values.cluster.namespace }}
+rules:
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - virtualmachines
+    verbs:
+      - get
+      - watch
+      - list
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - virtualmachineinstances
+    verbs:
+      - get
+      - watch
+      - list
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - '*'

charts/capi-cluster/templates/RoleBinding.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  creationTimestamp: null
+  labels:
+    capk.cluster.x-k8s.io/template-kind: extra-resource
+    cluster.x-k8s.io/cluster-name: {{ .Values.cluster.name }}
+  name: kccm-sa
+  namespace: {{ .Values.cluster.namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kccm
+subjects:
+  - kind: ServiceAccount
+    name: cloud-controller-manager
+    namespace: {{ .Values.cluster.namespace }}

charts/capi-cluster/templates/ServiceAccount.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    capk.cluster.x-k8s.io/template-kind: extra-resource
+    cluster.x-k8s.io/cluster-name: {{ .Values.cluster.name }}
+  name: cloud-controller-manager
+  namespace: {{ .Values.cluster.namespace }}

charts/capi-cluster/templates/WorkerMachineDeployment.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: MachineDeployment
+metadata:
+  name: {{ .Values.cluster.name }}-md-0
+  namespace: {{ .Values.cluster.namespace }}
+spec:
+  clusterName: {{ .Values.cluster.name }}
+  replicas: {{ .Values.MachineTemplates.workers.size }}
+  selector:
+    matchLabels: null
+  template:
+    spec:
+      bootstrap:
+        configRef:
+          apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
+          kind: KubeadmConfigTemplate
+          name: {{ .Values.cluster.name }}-md-0
+          namespace: {{ .Values.cluster.namespace }}
+      clusterName: {{ .Values.cluster.name }}
+      infrastructureRef:
+        apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
+        kind: KubevirtMachineTemplate
+        name: {{ .Values.cluster.name }}-md-0
+        namespace: {{ .Values.cluster.namespace }}
+      version: {{ .Values.cluster.version }}