Add cloud-hypervisor-provider

lukasfrank · lukasfrank · commit 3ee10d4e5b66 · 2025-05-27T14:09:56.000+02:00
diff --git a/Makefile b/Makefile
@@ -73,6 +73,9 @@ metalnet: kubectl ## Install metalnet
 libvirt-provider: kubectl ## Install the libvirt-provider
 	$(KUBECTL) apply -k cluster/local/libvirt-provider
 
+cloud-hypervisor-provider: kubectl ## Install the cloud-hypervisor-provider
+	$(KUBECTL) apply -k cluster/local/cloud-hypervisor-provider
+
 ## Remove components
 down: remove-ironcore remove-ironcore-net remove-apinetlet remove-metalnet remove-dpservice remove-metalbond remove-metalbond-client remove-metalnetlet remove-libvirt-provider unprepare ## Remove the ironcore stack
 
diff --git a/base/cloud-hypervisor-provider/kustomization.yaml b/base/cloud-hypervisor-provider/kustomization.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - git@github.com:ironcore-dev/cloud-hypervisor-provider/config/default?ref=ed84aa2164fe0b53ee7fbe39364cda64f859927c
+  - role-binding.yaml
+  - role.yaml
+
+images:
+  - name: machinepoollet
+    newName: ghcr.io/ironcore-dev/ironcore-machinepoollet
+    digest: sha256:7a4584539882e9fb22f213756b2cfe37f8f1d43896351545fc4192ce9825d970
+  - name: cloud-hypervisor-provider
+    newName: ghcr.io/ironcore-dev/cloud-hypervisor-provider
+    digest: sha256:645b8044ddf422938866c9ba7a776cfe59706c24162a16f5fc7880930365fec3
+  - name: cloud-hypervisor-prepare-host
+    newName: ghcr.io/ironcore-dev/cloud-hypervisor-prepare-host
+    digest: sha256:4d7e927839c7851e63f0256e5641d5dc88ca6ff4703cf3143a4a672cf49b44a8
diff --git a/base/cloud-hypervisor-provider/role-binding.yaml b/base/cloud-hypervisor-provider/role-binding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cloud-hypervisor-provider-apinet-rolebinding
+  namespace: cloud-hypervisor-provider-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cloud-hypervisor-provider-apinet-role
+subjects:
+- kind: ServiceAccount
+  name: cloud-hypervisor-provider-controller-manager
+  namespace: cloud-hypervisor-provider
diff --git a/base/cloud-hypervisor-provider/role.yaml b/base/cloud-hypervisor-provider/role.yaml
@@ -0,0 +1,98 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cloud-hypervisor-provider-apinet-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests/metalnetletclient
+  verbs:
+  - create
+- apiGroups:
+  - core.apinet.ironcore.dev
+  resources:
+  - instances
+  - nodes
+  - networks
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - core.apinet.ironcore.dev
+  resources:
+  - instances/finalizers
+  - networkinterfaces/finalizers
+  - networks/finalizers
+  - nodes/finalizers
+  verbs:
+  - patch
+  - update
+- apiGroups:
+  - core.apinet.ironcore.dev
+  resources:
+  - instances/status
+  - networkinterfaces/status
+  - networks/status
+  - nodes/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - core.apinet.ironcore.dev
+  resources:
+  - loadbalancerroutings
+  - loadbalancers
+  - natgateways
+  - nattables
+  - networkpolicies
+  - networkpolicyrules
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - core.apinet.ironcore.dev
+  resources:
+  - networkinterfaces
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
diff --git a/base/machine-classes/machine-classes.yaml b/base/machine-classes/machine-classes.yaml
@@ -7,3 +7,13 @@ metadata:
 capabilities:
   cpu: 2
   memory: 2Gi
+---
+apiVersion: compute.ironcore.dev/v1alpha1
+kind: MachineClass
+metadata:
+  labels:
+    environment: experimental
+  name: t3-small-experimental
+capabilities:
+  cpu: 2
+  memory: 2Gi
diff --git a/cluster/local/cloud-hypervisor-provider/kustomization.yaml b/cluster/local/cloud-hypervisor-provider/kustomization.yaml
@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../../base/cloud-hypervisor-provider
+
+patches:
+  - path: patch-manager-args.yaml
+    target:
+      group: apps
+      version: v1
+      kind: DaemonSet
+      namespace: cloud-hypervisor-provider-system
+      name: cloud-hypervisor-provider-controller-manager
+
diff --git a/cluster/local/cloud-hypervisor-provider/patch-manager-args.yaml b/cluster/local/cloud-hypervisor-provider/patch-manager-args.yaml
@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  namespace: cloud-hypervisor-provider-system
+  name: cloud-hypervisor-provider-controller-manager
+spec:
+  template:
+    spec:
+      initContainers:
+        - name: prepare-host
+          imagePullPolicy: IfNotPresent
+          args:
+            - --cloud-hypervisor-bin-path=/var/lib/cloud-hypervisor-provider
+            - --cloud-hypervisor-bin-sub-dir=v45.0
+            - --cloud-hypervisor-bin-url=https://github.com/cloud-hypervisor/cloud-hypervisor/releases/download/v45.0/cloud-hypervisor-static
+            - --cloud-hypervisor-firmware-path=/var/lib/cloud-hypervisor-provider
+            - --cloud-hypervisor-firmware-url=https://github.com/cloud-hypervisor/rust-hypervisor-firmware/releases/download/0.5.0/hypervisor-fw
+            - --cloud-hypervisor-firmware-sub-dir=0.5.0
+            - --download
+            - --zap-log-level=3
+      containers:
+        - name: manager
+          args:
+            - --health-probe-bind-address=:8081
+            - --metrics-bind-address=127.0.0.1:8080
+            - --machine-pool-name=$(NODE_NAME)-ch
+            - --provider-id=cloud-hypervisor-provider://$(NODE_NAME)
+            - --machine-runtime-endpoint=unix:/var/run/cloud-hypervisor-provider.sock
+            - --machine-downward-api-label=root-machine-namespace=metadata.labels['downward-api.cloud-hypervisor-provider.ironcore.dev/root-machine-namespace']
+            - --machine-downward-api-label=root-machine-name=metadata.labels['downward-api.cloud-hypervisor-provider.ironcore.dev/root-machine-name']
+            - --machine-downward-api-label=root-machine-uid=metadata.labels['downward-api.cloud-hypervisor-provider.ironcore.dev/root-machine-uid']
+            - --dial-timeout=10s
+        - name: provider
+          imagePullPolicy: IfNotPresent
+          args:
+            - --address=/var/run/cloud-hypervisor-provider.sock
+            - --provider-root-dir=/var/lib/cloud-hypervisor-provider
+            - --zap-log-level=3
+            - --cloud-hypervisor-bin-path=/home/lukasfrank/cloud-hypervisor-provider/version/cloud-hypervisor
+            - --cloud-hypervisor-firmware-path=/home/lukasfrank/cloud-hypervisor-provider/version/firmware
+            - --detach-vms=false
+            - --machine-class=t3-small-experimental,2000,2147483648
+            - --network-interface-plugin-name=isolated
