From 5accf578a7a32e42319f995bb7464395c6a83dbb Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Mon, 13 Sep 2021 19:50:54 +0800 Subject: [PATCH] add eggops doc Signed-off-by: zhangxiaoyu --- config/README.en.md | 120 ++++ config/README.md | 21 +- docs/eggops.md | 373 ++++++++++ docs/manual.md | 115 ++-- eggops.yaml | 1610 +++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 2181 insertions(+), 58 deletions(-) create mode 100644 config/README.en.md create mode 100644 docs/eggops.md create mode 100644 eggops.yaml diff --git a/config/README.en.md b/config/README.en.md new file mode 100644 index 0000000..723c91e --- /dev/null +++ b/config/README.en.md @@ -0,0 +1,120 @@ +# eggo configuration + +The config directory stores multiple cluster config templates, and help users configure their own clusters. + +## config templates + +| name | OS | arch | masterNum | workerNum | loadbalance | Runtime | Install | +| --- | --- | --- | --- | --- | --- | --- | --- | +| centos.config | CentOS7 | amd64 | 1 | 2 | No | docker | bin | +| openEuler.config | openEuler 21.03 | arm64 | 1 | 2 | No | iSulad | repo + rpm | + +## Instructions + +### Modify config +Users select the appropriate config template and make modifications. The following modifications will be considered: +- ssh login username/password +- domain name, ip, architecture name/ip/arch of each node +- apiserver-endpoint, if you set the loadbalance, it is the IP of `loadbalance: bind-port`, else it is the IP of the first `master: 6443` +- install software `packages` and compressed packages `packages-src` + +For other detailed configuration of config, please refer to the eggo operation manual + +### Prepare compressed packages + +Users prepare the offline installation package according to the packages configuration. Take `openEuler.config `as an example, the compressed package include: + +``` +$ tree /root/packages +/root/packages +├── file +│   └── calico.yaml +├── image +│   └── images.tar +└── pkg + └── coredns-1.7.0-1.0.oe1.aarch64.rpm + +3 directories, 3 files +``` + +The images.tar is the image used in the cluster deployment, including: +``` +REPOSITORY TAG IMAGE ID CREATED SIZE +calico/node v3.19.1 c4d75af7e098 5 weeks ago 168MB +calico/pod2daemon-flexvol v3.19.1 5660150975fb 5 weeks ago 21.7MB +calico/cni v3.19.1 5749e8b276f9 5 weeks ago 146MB +calico/kube-controllers v3.19.1 5d3d5ddc8605 5 weeks ago 60.6MB +k8s.gcr.io/pause 3.2 80d28bedfe5d 16 months ago 683kB +``` +Users can also not prepare images.tar, and the container engine will pull the image. + +Package compression +``` +$ cd /root/packages +$ tar -zcvf packages-arm.tar.gz ./* +``` +If there are X86 architecture nodes, you need to prepare a package of X86 architecture software + +### Prepare notes documentation (optional) + +In addition to the config file and the compressed package, a description file is also needed. It records the source of the files in the compressed package, and make them traceability. Taking `centos.config` as an example, the corresponding notes file is as follows: + +```bash +1. ETCD + - etcd,etcdctl + - Architecture:x86 + - Version:3.5.0 + - Download: https://github.com/etcd-io/etcd/releases/download/v3.5.0/etcd-v3.5.0-linux-amd64.tar.gz + +2. Docker Engine + - containerd,containerd-shim,ctr,docker,dockerd,docker-init,docker-proxy,runc + - Architecture:x86 + - Version:19.03.0 + - Download: https://download.docker.com/linux/static/stable/x86_64/docker-19.03.0.tgz + +3. Kubernetes + - kube-apiserver,kube-controller-manager,kube-scheduler,kubectl,kubelet,kube-proy + - Architecture:x86 + - Version:1.21.1 + - Download: https://www.downloadkubernetes.com/ + +4. network + - bandwidth,dhcp,flannel,host-local,loopback,portmap,sbr,tuning,vrf,bridge,firewall,host-device,ipvlan,macvlan,ptp,static,vlan + - Architecture:x86 + - Version:v0.9.1 + - Download: https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz + +``` + +### Summarize + +Eggo's offline deployment package should include three parts. take `kubernetes-1.21.tar.gz` as an example: + +```bash +$ tar -tvf kubernetes-1.21.tar.gz +centos.config +packages/packages-x86.tar.gz +packages/packages-arm.tar.gz +notes +``` + +# eggops Configuration + +eggops_cluster.yaml stores some resource configurations for cluster deployment by eggops. It help users configure their own eggops_cluster.yaml. + +## Instructions + +### Modify eggops_cluster.yaml + +Users modify eggops_cluster.yaml according to actual requirements. The following modifications will be considered: +- Machine, configure a Machine resource for each available machine, which include IP, architecture, ssh login port, etc. +- Secret, configure the username/password required for machine ssh login +- PV and PVC, mount the package to the container through the shared data volume +- Infrastructure, the infrastructure configuration of the cluster, including package PVC, exposed ports, installation packages, etc. +- Cluster, the number of masters, workers, login keys, infrastructure and other information required by the cluster + +For detailed configuration of eggops_cluster.yaml, please refer to docs/eggops.md + +### Prepare compressed packages + +The user prepares the offline installation package. The steps are the same as the steps for preparing compressed package in the eggo configuration. Don't repeat them here. diff --git a/config/README.md b/config/README.md index b8b9926..b2e08ed 100644 --- a/config/README.md +++ b/config/README.md @@ -1,4 +1,4 @@ -# 集群配置 +# eggo集群配置 config目录存放了多个集群config模板,方便用户快速配置集群 @@ -98,3 +98,22 @@ packages/packages-arm.tar.gz notes ``` +# eggops集群配置 + +eggops_cluster.yaml存放了通过eggops启动集群的一些资源配置,方便用户使用。 + +## 使用方法 + +### 修改eggops_cluster.yaml +用户根据实际使用需求进行修改,主要修改的内容包括: +- Machine,每一个可用的机器配置一个Machine资源,修改IP、架构、ssh登录端口等 +- Secret,配置机器ssh登录所需的账号/密码 +- PV与PVC,通过共享数据卷将package包挂载到容器中 +- Infrastructure,集群的基础设施配置,包括package PVC、暴露端口、install安装包等等 +- Cluster,集群所需的master数量、worker数量、登录密钥、基础设施等信息 + +eggops_cluster.yaml的详细配置可以参考docs/eggops.md文档 + +### 准备packages压缩包 + +用户准备离线安装包,步骤与eggo配置中准备packages压缩包的步骤一致,此处不再赘述。 diff --git a/docs/eggops.md b/docs/eggops.md new file mode 100644 index 0000000..146db82 --- /dev/null +++ b/docs/eggops.md @@ -0,0 +1,373 @@ +# eggops使用手册 + +### 1. 准备工作 + +1) 搭建元集群 + +通过eggo部署元集群,需要至少一个worker节点。 + +2) 在元集群中安装eggops + +```bash +# 元集群的kubeconfig文件路径 +$ export KUBECONFIG=/etc/kubernetes/admin.conf +$ kubectl apply -f eggops.yaml +``` + +3) 准备yaml文件 + +需要准备`namespace`、`secret`、`persistentvolume`、`persistentvolumeclaim`等k8s原生资源,同时也需要准备`infrastructure`、`machine`、`cluster`用户自定义资源。通过`kubectl apply`命令将其发布到k8s集群中,`controllers`便会根据用户需求分配机器拉起集群。 + +- namespace.yaml + +创建`eggo-system` namespace,集群部署过程中用户创建的所有资源的namespace都设置为`eggo-system` + +```yaml +apiVersion: v1 +kind: Namespace +metadata: + name: eggo-system +``` + +namespace参考资料:https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + +- secret.yaml + +创建机器ssh login所需的密钥。下面介绍通过username/password登录,以及通过private key登录两种方式。 + +`kubernetes.io/basic-auth`,基本身份认证类型。需要指定data字段,data字段必须包含username和password两个键,对应的值是通过 base64 编码的字符串。也可以指定stringData字段,其username和password对应的值是明文字符串。 +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: secret-example + namespace: eggo-system +type: kubernetes.io/basic-auth +stringData: + username: root + password: 123456 +``` + +`kubernetes.io/ssh-auth`,ssh身份认证。需要在data或者stringData字段,提供ssh-privatekey键及其对对应的值。 +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: secret-ssh-auth-example + namespace: eggo-system +type: kubernetes.io/ssh-auth +data: + # 此例中的实际数据被截断 + ssh-privatekey: MIIEpQIBAAKCAQEAulqb/Y ... +``` + +secret参考资料:https://kubernetes.io/docs/concepts/configuration/secret/ + +- persistentvolume.yaml与persistentvolumeclaim.yaml + +创建PV与PVC,通过其可以将部署过程中所需的Package包挂载到eggo容器中去。下面介绍文件服务器nfs挂载,以及本地存储local挂载两种方式,其他PV与PVC类型可以参考k8s官方文档。 + +nfs挂载方式,首先需要搭建nfs文件服务器。 +```bash +# 创建共享文件夹 +$ mkdir -p /data +# 准备package包 +$ tree /data +/data +└── packages +    ├── packages-arm64.tar.gz +    └── packages-amd64.tar.gz + +1 directory, 2 files + +# 安装 nfs 与 rpc 相关软件包: +$ yum install nfs-utils rpcbind -y + +# NFS默认的配置文件是 /etc/exports,修改配置文件 +$ cat /etc/exports +/data *(rw,sync,no_root_squash,no_all_squash) + +$ systemctl enable rpcbind && systemctl restart rpcbind +$ systemctl enable nfs && systemctl restart nfs + +# 配置防火墙 +$ firewall-cmd --permanent --add-service=nfs +success +$ firewall-cmd --reload +success + +# 查看NFS分享的资源 +$ showmount -e +Export list for : +/data * +``` + +准备PV和PVC的yaml文件 +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: nfs-pv-example + namespace: eggo-system + labels: + type: nfs +spec: + capacity: + storage: 500Mi + accessModes: + - ReadOnlyMany + nfs: + server: 192.168.0.123 + path: "/data" + persistentVolumeReclaimPolicy: Retain + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nfs-pvc-example + namespace: eggo-system +spec: + accessModes: + - ReadOnlyMany + resources: + requests: + storage: 500Mi + selector: + matchLabels: + type: "nfs" +``` + +local挂载方式。由于是本地挂载,所以读写性能比远程网络挂载的更优。但缺点是,Pod无法调度受到限制,必须与node强绑定;同时,如果节点或者磁盘异常,则使用该volume的Pod也会异常。 + +在所有或部分节点上准备package包 +```bash +# 创建共享文件夹 +$ mkdir -p /data +# 准备package包 +$ tree /data +/data +└── packages +    ├── packages-arm64.tar.gz +    └── packages-amd64.tar.gz + +1 directory, 2 files +``` + +准备PV和PVC的yaml文件 +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: local-pv-example + namespace: eggo-system + labels: + type: local +spec: + capacity: + storage: 500Mi + volumeMode: Filesystem + accessModes: + - ReadOnlyMany + persistentVolumeReclaimPolicy: Retain + local: + path: /data + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + # 准备/data目录及package包的节点 + - node1-example + - node2-example + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: local-pvc-example + namespace: eggo-system +spec: + accessModes: + - ReadOnlyMany + resources: + requests: + storage: 500Mi + selector: + matchLabels: + type: "local" +``` +注:pv声明时指定了节点亲和性,使用该pv的Pod在调度时,会根据节点亲和性设置选择正确的节点去运行。 + +pv和pvc参考资料:https://kubernetes.io/docs/concepts/storage/volumes/ + +- machine.yaml + +machine为eggops创建的用户自定义资源,用来描述可用的待部署机器。通过machine.yaml可以将machine的基本信息记录下来,在部署cluster时会选择合适的机器进行部署。当machine被分配给cluster使用后,则不可以再被其他cluster使用。当部署的cluster被删除,其使用的machine会被释放,可以再被其他cluster使用 + +```yaml +apiVersion: eggo.isula.org/v1 +kind: Machine +metadata: + name: machine1-example + labels: + masterRole: allow + workerRole: allow +spec: + hostname: machine1 + arch: arm64 + ip: 192.168.0.1 + port: 22 +``` + +machine的基本信息包括hostname、架构、ip、ssh登录端口,与eggo config中的节点的配置是一致的,详细说明可以参考manual.md文档中的eggo配置。 + +- infrastructure.yaml + +infrastructure为eggops创建的用户自定义资源,用来描述cluster的基础设施,包括package包的共享存储卷、安装配置、暴露端口等等。大多数集群的基础设施配置是一样的,因此不同的cluster可以指定相同的infrastructure。 + +```yaml + +apiVersion: eggo.isula.org/v1 +kind: Infrastructure +metadata: + name: infrastructure-example + namespace: eggo-system +spec: + # 用于将package包挂载到容器中,部署集群时使用 + packagePersistentVolumeClain: + name: nfs-pvc-example + # 暴露端口 + open-ports: + worker: + - port: 111 + protocol: tcp + - port: 179 + protocol: tcp + # 指定所需的安装包 + install: + package-source: + type: tar.gz + srcPackages: + # package包在nfs下的路径 + arm64: packages/packages-arm.tar.gz + image: + - name: images.tar + type: image + dns: + - name: coredns + type: pkg + addition: + master: + - name: calico.yaml + type: yaml + +``` + +open-ports暴露端口、install包安装配置与eggo config中的open-ports、install配置是一致的,详细说明可以参考manual.md文档中的eggo配置。 + +- cluster.yaml + +cluster为eggops创建的用户自定义资源,用来描述k8s集群的信息等等。根据配置的k8s集群信息,元集群中会选择合适的machine,创建一个job,拉起一个Pod,通过eggo deploy命令部署一个k8s集群。当delete cluster时,与创建的流程相似,创建job,拉起Pod,通过eggo cleanup命令清除部署的k8s集群。 + +```yaml +apiVersion: eggo.isula.org/v1 +kind: Cluster +metadata: + name: cluster-example + namespace: eggo-system +spec: + # 所需master节点的描述。此处描述为,选取有masterRole: allow这一label的machine中的1台作为master节点 + masterRequire: + # master节点的数量 + number: 1 + # master节点的features + features: + masterRole: allow + # 所需worker节点的描述 + workerRequire: + number: 1 + features: + workerRole: allow + # 所需loadbalance节点的描述 + loadbalanceRequires: + number: 1 + features: + lbRole: allow + # loadbalance服务监听端口 + loadbalance-bindport: 8443 + # Pod亲和性调度 + eggoAffinity: + nodeAffinity: + requiredDuringSchedulingRequiredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - arm64 + machineLoginSecret: + name: secret-example + infrastructure: + name: infrastructure-example + runtime: + runtime: iSulad + runtime-endpoint: unix:///var/run/isulad.sock + # 启用kubelet serving证书 + enableKubeletServing: true + network: + # k8s创建的service的IP地址网段 + service-cidr: 10.32.0.0/16 + # k8s创建的service的DNS地址 + service-dns-ip: 10.32.0.10 + # k8s创建的service的网关地址 + service-gateway: 10.32.0.1 + # k8s集群网络的IP地址网段 + pod-cidr: 10.244.0.0/16 + # k8s集群部署的网络插件 + pod-plugin: calico + # k8s集群网络的网络插件的配置 + pod-plugin-args: + NetworkYamlPath: /etc/kubernetes/addons/calico.yaml +``` + +masterRequire、workerRequire与loadbalanceRequires中的features字段,可以在选择machine时通过LabelSelector筛选出合适的机器。eggoAffinity,设置亲和性调度,可以将执行eggo命令的Pod调度到某些特定机器上运行。 + +其他未特殊说明的配置与eggo config中的配置是一致的,详细说明可以参考manual.md文档中的eggo配置。 + +Pod亲和性调度参考资料:https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + +4) 部署集群 + +```bash +$ kubectl apply -f namespace.yaml +$ kubectl apply -f secret.yaml +$ kubectl apply -f persistentvolume.yaml +$ kubectl apply -f persistentvolumeclaim.yaml +$ kubectl apply -f machine.yaml +$ kubectl apply -f infrastructure.yaml +$ kubectl apply -f cluster.yaml + +# 也可以将其放在同一个文件中apply一次 +$ kubectl apply -f eggops_cluster.yaml +``` + +5) 销毁集群 +```bash +# wait=false不会在前端等待cluster删除完成 +kubectl delete -f cluster.yaml --wait=false + +# 其他资源根据用户需求可以自行选择删除,或者不删除待下次使用 +``` + +6) 卸载CRD与controller + +在卸载CRD与controller之前,需要将所有创建的资源全部删除。 + +```bash +# 元集群的kubeconfig文件路径 +$ export KUBECONFIG=/etc/kubernetes/admin.conf +$ kubectl delete -f eggops.yaml +``` diff --git a/docs/manual.md b/docs/manual.md index f21a7ab..d1e72b6 100644 --- a/docs/manual.md +++ b/docs/manual.md @@ -223,78 +223,79 @@ loadbalance: // 配置loadbalance节点 port: 22 // ssh登录的端口 arch: amd64 // 机器架构,x86_64的填amd64 bind-port: 8443 // 负载均衡服务监听的端口 -external-ca: false // 是否使用外部ca证书,该功能还未实现 -external-ca-path: /opt/externalca // 外部ca证书文件的路径 -service: // k8s创建的service的配置 - cidr: 10.32.0.0/16 // k8s创建的service的IP地址网段 - dnsaddr: 10.32.0.10 // k8s创建的service的DNS地址 - gateway: 10.32.0.1 // k8s创建的service的网关地址 - dns: // k8s创建的coredns的配置 - corednstype: pod // k8s创建的coredns的部署类型,支持pod和binary - imageversion: 1.8.4 // pod部署类型的coredns镜像版本 - replicas: 2 // pod部署类型的coredns副本数量 -network: // k8s集群网络配置 - podcidr: 10.244.0.0/16 // k8s集群网络的IP地址网段 - plugin: calico // k8s集群部署的网络插件 +external-ca: false // 是否使用外部ca证书,该功能还未实现 +external-ca-path: /opt/externalca // 外部ca证书文件的路径 +service: // k8s创建的service的配置 + cidr: 10.32.0.0/16 // k8s创建的service的IP地址网段 + dnsaddr: 10.32.0.10 // k8s创建的service的DNS地址 + gateway: 10.32.0.1 // k8s创建的service的网关地址 + dns: // k8s创建的coredns的配置 + corednstype: pod // k8s创建的coredns的部署类型,支持pod和binary + imageversion: 1.8.4 // pod部署类型的coredns镜像版本 + replicas: 2 // pod部署类型的coredns副本数量 +network: // k8s集群网络配置 + podcidr: 10.244.0.0/16 // k8s集群网络的IP地址网段 + plugin: calico // k8s集群部署的网络插件 plugin-args: {"NetworkYamlPath": "/etc/kubernetes/addons/calico.yaml"} // k8s集群网络的网络插件的配置 -apiserver-endpoint: 192.168.122.222:6443 // 对外暴露的APISERVER服务的地址或域名,如果配置了loadbalances则填loadbalance地址,否则填写第1个master节点地址 -apiserver-cert-sans: // apiserver相关的证书中需要额外配置的ip和域名 - dnsnames: [] // apiserver相关的证书中需要额外配置的域名列表 - ips: [] // apiserver相关的证书中需要额外配置的ip地址列表 -apiserver-timeout: 120s // apiserver响应超时时间 -etcd-external: false // 使用外部etcd,该功能还未实现 -etcd-token: etcd-cluster // etcd集群名称 -dns-vip: 10.32.0.10 // dns的虚拟ip地址 -dns-domain: cluster.local // DNS域名后缀 -pause-image: k8s.gcr.io/pause:3.2 // 容器运行时的pause容器的容器镜像名称 -network-plugin: cni // 网络插件类型 -cni-bin-dir: /usr/libexec/cni,/opt/cni/bin // 网络插件地址,使用","分隔多个地址 -runtime: docker // 使用哪种容器运行时,目前支持docker和iSulad -registry-mirrors: [] // 下载容器镜像时使用的镜像仓库的mirror站点地址 -insecure-registries: [] // 下载容器镜像时运行使用http协议下载镜像的镜像仓库地址 -config-extra-args: // 各个组件(kube-apiserver/etcd等)服务启动配置的额外参数 - - name: kubelet // name支持:"etcd","kube-apiserver","kube-controller-manager","kube-scheduler","kube-proxy","kubelet" +apiserver-endpoint: 192.168.122.222:6443 // 对外暴露的APISERVER服务的地址或域名,如果配置了loadbalances则填loadbalance地址,否则填写第1个master节点地址 +apiserver-cert-sans: // apiserver相关的证书中需要额外配置的ip和域名 + dnsnames: [] // apiserver相关的证书中需要额外配置的域名列表 + ips: [] // apiserver相关的证书中需要额外配置的ip地址列表 +apiserver-timeout: 120s // apiserver响应超时时间 +etcd-external: false // 使用外部etcd,该功能还未实现 +etcd-token: etcd-cluster // etcd集群名称 +dns-vip: 10.32.0.10 // dns的虚拟ip地址 +dns-domain: cluster.local // DNS域名后缀 +pause-image: k8s.gcr.io/pause:3.2 // 容器运行时的pause容器的容器镜像名称 +network-plugin: cni // 网络插件类型 +cni-bin-dir: /usr/libexec/cni,/opt/cni/bin // 网络插件地址,使用","分隔多个地址 +runtime: docker // 使用哪种容器运行时,目前支持docker和iSulad +runtime-endpoint: unix:///var/run/docker.sock // 容器运行时endpoint,docker可以不指定 +registry-mirrors: [] // 下载容器镜像时使用的镜像仓库的mirror站点地址 +insecure-registries: [] // 下载容器镜像时运行使用http协议下载镜像的镜像仓库地址 +config-extra-args: // 各个组件(kube-apiserver/etcd等)服务启动配置的额外参数 + - name: kubelet // name支持:"etcd","kube-apiserver","kube-controller-manager","kube-scheduler","kube-proxy","kubelet" extra-args: - "--cgroup-driver": systemd // 注意key对应的组件的参数,需要带上"-"或者"--" -open-ports: // 配置需要额外打开的端口,k8s自身所需端口不需要进行配置,额外的插件的端口需要进行额外配置 - worker: // 指定在那种类型的节点上打开端口,可以是master/worker/etcd/loadbalance - - port: 111 // 端口地址 - protocol: tcp // 端口类型,tcp/udp + "--cgroup-driver": systemd // 注意key对应的组件的参数,需要带上"-"或者"--" +open-ports: // 配置需要额外打开的端口,k8s自身所需端口不需要进行配置,额外的插件的端口需要进行额外配置 + worker: // 指定在那种类型的节点上打开端口,可以是master/worker/etcd/loadbalance + - port: 111 // 端口地址 + protocol: tcp // 端口类型,tcp/udp - port: 179 protocol: tcp -install: // 配置各种类型节点上需要安装的安装包或者二进制文件的详细信息,注意将对应文件放到在tar.gz安装包中 - package-source: // 配置安装包的详细信息 - type: tar.gz // 安装包的压缩类型,目前只支持tar.gz类型的安装包 - dstpath: "" // 安装包在对端机器上的路径,必须是合法绝对路径 - srcpath: // 不同架构安装包的存放路径,架构必须与机器架构相对应,必须是合法绝对路径 +install: // 配置各种类型节点上需要安装的安装包或者二进制文件的详细信息,注意将对应文件放到在tar.gz安装包中 + package-source: // 配置安装包的详细信息 + type: tar.gz // 安装包的压缩类型,目前只支持tar.gz类型的安装包 + dstpath: "" // 安装包在对端机器上的路径,必须是合法绝对路径 + srcpath: // 不同架构安装包的存放路径,架构必须与机器架构相对应,必须是合法绝对路径 arm64: /root/rpms/packages-arm64.tar.gz // arm64架构安装包的路径,配置的机器中存在arm64机器场景下需要配置,必须是合法绝对路径 amd64: /root/rpms/packages-x86.tar.gz // amd64类型安装包的路径,配置的机器中存在amd64机器场景下需要配置,必须是合法绝对路径 - etcd: // etcd类型节点需要安装的包或二进制文件列表 - - name: etcd // 需要安装的包或二进制文件的名称,如果是安装包则只写名称,不填写具体的版本号,安装时会使用`$name*`来识别 - type: pkg // package的类型,pkg/repo/bin/file/dir/image/yaml七种类型,如果配置为repo请在对应节点上配置好repo源 - dst: "" // 目的文件夹路径,bin/file/dir类型下需要配置,表示将文件(夹)放到节点的哪个目录下,为了防止用户误配置路径,导致cleanup时删除重要文件,此配置必须符合白名单,参见下一小节 - kubernetes-master: // k8s master类型节点需要安装的包或二进制文件列表 + etcd: // etcd类型节点需要安装的包或二进制文件列表 + - name: etcd // 需要安装的包或二进制文件的名称,如果是安装包则只写名称,不填写具体的版本号,安装时会使用`$name*`来识别 + type: pkg // package的类型,pkg/repo/bin/file/dir/image/yaml七种类型,如果配置为repo请在对应节点上配置好repo源 + dst: "" // 目的文件夹路径,bin/file/dir类型下需要配置,表示将文件(夹)放到节点的哪个目录下,为了防止用户误配置路径,导致cleanup时删除重要文件,此配置必须符合白名单,参见下一小节 + kubernetes-master: // k8s master类型节点需要安装的包或二进制文件列表 - name: kubernetes-client,kubernetes-master type: pkg - kubernetes-worker: // k8s worker类型节点需要安装的包或二进制文件列表 + kubernetes-worker: // k8s worker类型节点需要安装的包或二进制文件列表 - name: docker-engine,kubernetes-client,kubernetes-node,kubernetes-kubelet type: pkg dst: "" - name: conntrack-tools,socat type: pkg dst: "" - network: // 网络需要安装的包或二进制文件列表 + network: // 网络需要安装的包或二进制文件列表 - name: containernetworking-plugins type: pkg dst: "" - loadbalance: // loadbalance类型节点需要安装的包或二进制文件列表 + loadbalance: // loadbalance类型节点需要安装的包或二进制文件列表 - name: gd,gperftools-libs,libunwind,libwebp,libxslt type: pkg dst: "" - name: nginx,nginx-all-modules,nginx-filesystem,nginx-mod-http-image-filter,nginx-mod-http-perl,nginx-mod-http-xslt-filter,nginx-mod-mail,nginx-mod-stream type: pkg dst: "" - container: // 容器需要安装的包或二进制文件列表 + container: // 容器需要安装的包或二进制文件列表 - name: emacs-filesystem,gflags,gpm-libs,re2,rsync,vim-filesystem,vim-common,vim-enhanced,zlib-devel type: pkg dst: "" @@ -304,20 +305,20 @@ install: // 配置各种类型节点上需要 - name: yajl,lxc,lxc-libs,lcr,clibcni,iSulad type: pkg dst: "" - image: // 容器镜像tar包 + image: // 容器镜像tar包 - name: pause.tar type: image dst: "" - dns: // k8s coredns安装包。如果corednstype配置为pod,此处无需配置 + dns: // k8s coredns安装包。如果corednstype配置为pod,此处无需配置 - name: coredns type: pkg dst: "" - addition: // 额外的安装包或二进制文件列表 + addition: // 额外的安装包或二进制文件列表 master: - name: prejoin.sh - type: shell // shell脚本 - schedule: "prejoin" // 执行时间master节点加入集群前 - TimeOut: "30s" // 脚本执行时间,超时则被杀死,未配置默认30s + type: shell // shell脚本 + schedule: "prejoin" // 执行时间master节点加入集群前 + TimeOut: "30s" // 脚本执行时间,超时则被杀死,未配置默认30s - name: calico.yaml type: yaml dst: "" @@ -326,8 +327,8 @@ install: // 配置各种类型节点上需要 type: file dst: /usr/lib/systemd/system/ - name: postjoin.sh - type: shell // shell脚本 - schedule: "postjoin" // 执行时间worker节点加入集群后 + type: shell // shell脚本 + schedule: "postjoin" // 执行时间worker节点加入集群后 ``` ### dst 白名单 diff --git a/eggops.yaml b/eggops.yaml new file mode 100644 index 0000000..054a9ae --- /dev/null +++ b/eggops.yaml @@ -0,0 +1,1610 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + name: eggops-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: clusters.eggo.isula.org +spec: + group: eggo.isula.org + names: + kind: Cluster + listKind: ClusterList + plural: clusters + singular: cluster + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Cluster is the Schema for the clusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSpec defines the desired state of Cluster + properties: + addons: + items: + type: string + type: array + apiendpoint: + properties: + advertise: + type: string + bind-port: + format: int32 + maximum: 65535 + minimum: 0 + type: integer + type: object + eggoAffinity: + description: Describe affinity scheduling rules for eggo pod + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + enableKubeletServing: + type: boolean + infrastructure: + description: Infrastructure contain install config, open-port, etc. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + loadbalance-bindport: + format: int32 + type: integer + loadbalanceRequires: + description: machines for loadbalance + properties: + features: + additionalProperties: + type: string + description: require machie need in which cidr + type: object + number: + format: int32 + type: integer + required: + - number + type: object + machineLoginSecret: + description: MachineLoginSecret save user/password for ssh login + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + masterRequire: + description: machines for master nodes + properties: + features: + additionalProperties: + type: string + description: require machie need in which cidr + type: object + number: + format: int32 + type: integer + required: + - number + type: object + network: + description: network config of cluster + properties: + pod-cidr: + description: config for network of pod + type: string + pod-plugin: + type: string + pod-plugin-args: + additionalProperties: + type: string + type: object + service-cidr: + description: config for cluster service network + type: string + service-dns-ip: + type: string + service-gateway: + type: string + required: + - pod-cidr + - service-cidr + - service-dns-ip + - service-gateway + type: object + runtime: + properties: + runtime: + type: string + runtime-endpoint: + type: string + type: object + workerRequire: + description: machines for worker nodes + properties: + features: + additionalProperties: + type: string + description: require machie need in which cidr + type: object + number: + format: int32 + type: integer + required: + - number + type: object + required: + - masterRequire + - workerRequire + type: object + status: + description: ClusterStatus defines the observed state of Cluster + properties: + configRef: + description: 'ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don''t make new APIs embed an underspecified API type they do not control. Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + deleted: + type: boolean + hasCluster: + type: boolean + jobHistorys: + items: + properties: + finish-time: + format: date-time + type: string + message: + type: string + name: + type: string + start-time: + format: date-time + type: string + required: + - name + - start-time + type: object + type: array + jobRef: + description: 'ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don''t make new APIs embed an underspecified API type they do not control. Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + machineBindingRef: + description: 'ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don''t make new APIs embed an underspecified API type they do not control. Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + machineLoginSecretRef: + description: 'ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don''t make new APIs embed an underspecified API type they do not control. Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + message: + type: string + packagePersistentVolumeClaimRef: + description: 'ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don''t make new APIs embed an underspecified API type they do not control. Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: infrastructures.eggo.isula.org +spec: + group: eggo.isula.org + names: + kind: Infrastructure + listKind: InfrastructureList + plural: infrastructures + singular: infrastructure + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Infrastructure is the Schema for the infrastructures API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: InfrastructureSpec defines the desired state of Infrastructure + properties: + install: + properties: + addition: + properties: + etcd: + items: + properties: + dst: + type: string + name: + type: string + schedule: + type: string + timeout: + type: string + type: + description: repo bin file dir image json shell + type: string + required: + - name + - type + type: object + type: array + loadbalance: + items: + properties: + dst: + type: string + name: + type: string + schedule: + type: string + timeout: + type: string + type: + description: repo bin file dir image json shell + type: string + required: + - name + - type + type: object + type: array + master: + items: + properties: + dst: + type: string + name: + type: string + schedule: + type: string + timeout: + type: string + type: + description: repo bin file dir image json shell + type: string + required: + - name + - type + type: object + type: array + worker: + items: + properties: + dst: + type: string + name: + type: string + schedule: + type: string + timeout: + type: string + type: + description: repo bin file dir image json shell + type: string + required: + - name + - type + type: object + type: array + type: object + container: + items: + properties: + dst: + type: string + name: + type: string + schedule: + type: string + timeout: + type: string + type: + description: repo bin file dir image json shell + type: string + required: + - name + - type + type: object + type: array + etcd: + items: + properties: + dst: + type: string + name: + type: string + schedule: + type: string + timeout: + type: string + type: + description: repo bin file dir image json shell + type: string + required: + - name + - type + type: object + type: array + image: + items: + properties: + dst: + type: string + name: + type: string + schedule: + type: string + timeout: + type: string + type: + description: repo bin file dir image json shell + type: string + required: + - name + - type + type: object + type: array + kubernetes-master: + items: + properties: + dst: + type: string + name: + type: string + schedule: + type: string + timeout: + type: string + type: + description: repo bin file dir image json shell + type: string + required: + - name + - type + type: object + type: array + kubernetes-worker: + items: + properties: + dst: + type: string + name: + type: string + schedule: + type: string + timeout: + type: string + type: + description: repo bin file dir image json shell + type: string + required: + - name + - type + type: object + type: array + loadbalance: + items: + properties: + dst: + type: string + name: + type: string + schedule: + type: string + timeout: + type: string + type: + description: repo bin file dir image json shell + type: string + required: + - name + - type + type: object + type: array + network: + items: + properties: + dst: + type: string + name: + type: string + schedule: + type: string + timeout: + type: string + type: + description: repo bin file dir image json shell + type: string + required: + - name + - type + type: object + type: array + package-source: + properties: + dstpath: + description: untar path on dst node + type: string + srcPackages: + additionalProperties: + type: string + description: source packages name + type: object + type: + description: tar.gz + type: string + type: object + type: object + open-ports: + properties: + etcd: + items: + properties: + port: + format: int32 + maximum: 65535 + minimum: 0 + type: integer + protocol: + description: tcp/udp + type: string + required: + - port + - protocol + type: object + type: array + loadbalance: + items: + properties: + port: + format: int32 + maximum: 65535 + minimum: 0 + type: integer + protocol: + description: tcp/udp + type: string + required: + - port + - protocol + type: object + type: array + master: + items: + properties: + port: + format: int32 + maximum: 65535 + minimum: 0 + type: integer + protocol: + description: tcp/udp + type: string + required: + - port + - protocol + type: object + type: array + worker: + items: + properties: + port: + format: int32 + maximum: 65535 + minimum: 0 + type: integer + protocol: + description: tcp/udp + type: string + required: + - port + - protocol + type: object + type: array + type: object + packagePersistentVolumeClaim: + description: PackagePersistentVolumeClaim volume stored install packages + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: object + status: + description: InfrastructureStatus defines the observed state of Infrastructure + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: machinebindings.eggo.isula.org +spec: + group: eggo.isula.org + names: + kind: MachineBinding + listKind: MachineBindingList + plural: machinebindings + singular: machinebinding + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: MachineBinding is the Schema for the machinebindings API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineBindingSpec defines the desired state of MachineBinding + properties: + machineSets: + description: remember which machines binded key is usage string + items: + properties: + machines: + items: + description: Machine is the Schema for the machines API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSpec defines the desired state of Machine + properties: + arch: + description: architecture of machine + type: string + hostname: + description: hostname for machine + type: string + ip: + description: ip for ssh login + type: string + port: + description: port for ssh login, default is 22 + format: int32 + maximum: 65535 + minimum: 0 + type: integer + type: object + status: + description: MachineStatus defines the observed state of Machine + properties: + cluster: + description: which cluster use this machine + type: string + error-message: + description: record error information + type: string + role-bindings: + description: 'current role of machine, support: master, etcd, worker, loadbalance' + format: int32 + type: integer + status: + description: status of machine, 0 represents success, other represents failed + format: int32 + type: integer + type: object + type: object + type: array + usage: + type: string + type: object + type: array + usages: + additionalProperties: + format: int32 + type: integer + description: 'usages, support: 1 represent master, 2 represent worker, 4 represent etcd, 8 represent loadbalance key is uid' + type: object + type: object + status: + description: MachineBindingStatus defines the observed state of MachineBinding + properties: + usages: + additionalProperties: + properties: + message: + type: string + usagesStatus: + format: int32 + type: integer + type: object + description: key is uid + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: machines.eggo.isula.org +spec: + group: eggo.isula.org + names: + kind: Machine + listKind: MachineList + plural: machines + singular: machine + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Machine is the Schema for the machines API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineSpec defines the desired state of Machine + properties: + arch: + description: architecture of machine + type: string + hostname: + description: hostname for machine + type: string + ip: + description: ip for ssh login + type: string + port: + description: port for ssh login, default is 22 + format: int32 + maximum: 65535 + minimum: 0 + type: integer + type: object + status: + description: MachineStatus defines the observed state of Machine + properties: + cluster: + description: which cluster use this machine + type: string + error-message: + description: record error information + type: string + role-bindings: + description: 'current role of machine, support: master, etcd, worker, loadbalance' + format: int32 + type: integer + status: + description: status of machine, 0 represents success, other represents failed + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: eggops-controller-manager + namespace: eggops-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: eggops-leader-election-role + namespace: eggops-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: eggops-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs/status + verbs: + - get + - list + - watch +- apiGroups: + - eggo.isula.org + resources: + - clusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eggo.isula.org + resources: + - clusters/finalizers + verbs: + - update +- apiGroups: + - eggo.isula.org + resources: + - clusters/status + verbs: + - get + - patch + - update +- apiGroups: + - eggo.isula.org + resources: + - infrastructures + verbs: + - get + - list + - watch +- apiGroups: + - eggo.isula.org + resources: + - machinebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eggo.isula.org + resources: + - machinebindings/status + verbs: + - get + - patch + - update +- apiGroups: + - eggo.isula.org + resources: + - machines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - eggo.isula.org + resources: + - machines/finalizers + verbs: + - update +- apiGroups: + - eggo.isula.org + resources: + - machines/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: eggops-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: eggops-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: eggops-leader-election-rolebinding + namespace: eggops-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: eggops-leader-election-role +subjects: +- kind: ServiceAccount + name: eggops-controller-manager + namespace: eggops-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eggops-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: eggops-manager-role +subjects: +- kind: ServiceAccount + name: eggops-controller-manager + namespace: eggops-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eggops-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: eggops-proxy-role +subjects: +- kind: ServiceAccount + name: eggops-controller-manager + namespace: eggops-system +--- +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: ce9441bc.isula.org +kind: ConfigMap +metadata: + name: eggops-manager-config + namespace: eggops-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: eggops-controller-manager-metrics-service + namespace: eggops-system +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + name: eggops-controller-manager + namespace: eggops-system +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + command: + - /manager + image: kylinn/eggops-arm64:v0.9.3 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 100m + memory: 30Mi + requests: + cpu: 100m + memory: 20Mi + securityContext: + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true + serviceAccountName: eggops-controller-manager + terminationGracePeriodSeconds: 10 -- Gitee