diff --git a/Makefile b/Makefile index e16144c..4ac4ee7 100644 --- a/Makefile +++ b/Makefile @@ -73,6 +73,9 @@ metalnet: kubectl ## Install metalnet libvirt-provider: kubectl ## Install the libvirt-provider $(KUBECTL) apply -k cluster/local/libvirt-provider +cloud-hypervisor-provider: kubectl ## Install the cloud-hypervisor-provider + $(KUBECTL) apply -k cluster/local/cloud-hypervisor-provider + ## Remove components down: remove-ironcore remove-ironcore-net remove-apinetlet remove-metalnet remove-dpservice remove-metalbond remove-metalbond-client remove-metalnetlet remove-libvirt-provider unprepare ## Remove the ironcore stack diff --git a/base/cloud-hypervisor-provider/kustomization.yaml b/base/cloud-hypervisor-provider/kustomization.yaml new file mode 100644 index 0000000..d3b8d99 --- /dev/null +++ b/base/cloud-hypervisor-provider/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - github.com/ironcore-dev/cloud-hypervisor-provider/config/default?ref=ed84aa2164fe0b53ee7fbe39364cda64f859927c + - role-binding.yaml + - role.yaml + +images: + - name: machinepoollet + newName: ghcr.io/ironcore-dev/ironcore-machinepoollet + digest: sha256:7a4584539882e9fb22f213756b2cfe37f8f1d43896351545fc4192ce9825d970 + - name: cloud-hypervisor-provider + newName: ghcr.io/ironcore-dev/cloud-hypervisor-provider + digest: sha256:645b8044ddf422938866c9ba7a776cfe59706c24162a16f5fc7880930365fec3 + - name: cloud-hypervisor-prepare-host + newName: ghcr.io/ironcore-dev/cloud-hypervisor-prepare-host + digest: sha256:4d7e927839c7851e63f0256e5641d5dc88ca6ff4703cf3143a4a672cf49b44a8 \ No newline at end of file diff --git a/base/cloud-hypervisor-provider/role-binding.yaml b/base/cloud-hypervisor-provider/role-binding.yaml new file mode 100644 index 0000000..4a133cb --- /dev/null +++ b/base/cloud-hypervisor-provider/role-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cloud-hypervisor-provider-apinet-rolebinding + namespace: cloud-hypervisor-provider-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cloud-hypervisor-provider-apinet-role +subjects: +- kind: ServiceAccount + name: cloud-hypervisor-provider-controller-manager + namespace: cloud-hypervisor-provider \ No newline at end of file diff --git a/base/cloud-hypervisor-provider/role.yaml b/base/cloud-hypervisor-provider/role.yaml new file mode 100644 index 0000000..6433af2 --- /dev/null +++ b/base/cloud-hypervisor-provider/role.yaml @@ -0,0 +1,98 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cloud-hypervisor-provider-apinet-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - create + - get + - list + - watch +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests/metalnetletclient + verbs: + - create +- apiGroups: + - core.apinet.ironcore.dev + resources: + - instances + - nodes + - networks + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - core.apinet.ironcore.dev + resources: + - instances/finalizers + - networkinterfaces/finalizers + - networks/finalizers + - nodes/finalizers + verbs: + - patch + - update +- apiGroups: + - core.apinet.ironcore.dev + resources: + - instances/status + - networkinterfaces/status + - networks/status + - nodes/status + verbs: + - get + - patch + - update +- apiGroups: + - core.apinet.ironcore.dev + resources: + - loadbalancerroutings + - loadbalancers + - natgateways + - nattables + - networkpolicies + - networkpolicyrules + verbs: + - get + - list + - watch +- apiGroups: + - core.apinet.ironcore.dev + resources: + - networkinterfaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch \ No newline at end of file diff --git a/base/machine-classes/machine-classes.yaml b/base/machine-classes/machine-classes.yaml index dae8a96..a00769c 100644 --- a/base/machine-classes/machine-classes.yaml +++ b/base/machine-classes/machine-classes.yaml @@ -7,3 +7,13 @@ metadata: capabilities: cpu: 2 memory: 2Gi +--- +apiVersion: compute.ironcore.dev/v1alpha1 +kind: MachineClass +metadata: + labels: + environment: experimental + name: t3-small-experimental +capabilities: + cpu: 2 + memory: 2Gi \ No newline at end of file diff --git a/cluster/local/cloud-hypervisor-provider/kustomization.yaml b/cluster/local/cloud-hypervisor-provider/kustomization.yaml new file mode 100644 index 0000000..0e2c729 --- /dev/null +++ b/cluster/local/cloud-hypervisor-provider/kustomization.yaml @@ -0,0 +1,15 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../base/cloud-hypervisor-provider + +patches: + - path: patch-manager-args.yaml + target: + group: apps + version: v1 + kind: DaemonSet + namespace: cloud-hypervisor-provider-system + name: cloud-hypervisor-provider-controller-manager + diff --git a/cluster/local/cloud-hypervisor-provider/patch-manager-args.yaml b/cluster/local/cloud-hypervisor-provider/patch-manager-args.yaml new file mode 100644 index 0000000..d767d25 --- /dev/null +++ b/cluster/local/cloud-hypervisor-provider/patch-manager-args.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + namespace: cloud-hypervisor-provider-system + name: cloud-hypervisor-provider-controller-manager +spec: + template: + spec: + initContainers: + - name: prepare-host + imagePullPolicy: IfNotPresent + args: + - --cloud-hypervisor-bin-path=/var/lib/cloud-hypervisor-provider + - --cloud-hypervisor-bin-sub-dir=v45.0 + - --cloud-hypervisor-bin-url=https://github.com/cloud-hypervisor/cloud-hypervisor/releases/download/v45.0/cloud-hypervisor-static + - --cloud-hypervisor-firmware-path=/var/lib/cloud-hypervisor-provider + - --cloud-hypervisor-firmware-url=https://github.com/cloud-hypervisor/rust-hypervisor-firmware/releases/download/0.5.0/hypervisor-fw + - --cloud-hypervisor-firmware-sub-dir=0.5.0 + - --download + - --zap-log-level=3 + containers: + - name: manager + args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --machine-pool-name=$(NODE_NAME)-ch + - --provider-id=cloud-hypervisor-provider://$(NODE_NAME) + - --machine-runtime-endpoint=unix:/var/run/cloud-hypervisor-provider.sock + - --machine-downward-api-label=root-machine-namespace=metadata.labels['downward-api.cloud-hypervisor-provider.ironcore.dev/root-machine-namespace'] + - --machine-downward-api-label=root-machine-name=metadata.labels['downward-api.cloud-hypervisor-provider.ironcore.dev/root-machine-name'] + - --machine-downward-api-label=root-machine-uid=metadata.labels['downward-api.cloud-hypervisor-provider.ironcore.dev/root-machine-uid'] + - --dial-timeout=10s + - name: provider + imagePullPolicy: IfNotPresent + args: + - --address=/var/run/cloud-hypervisor-provider.sock + - --provider-root-dir=/var/lib/cloud-hypervisor-provider + - --zap-log-level=3 + - --cloud-hypervisor-bin-path=/home/lukasfrank/cloud-hypervisor-provider/version/cloud-hypervisor + - --cloud-hypervisor-firmware-path=/home/lukasfrank/cloud-hypervisor-provider/version/firmware + - --detach-vms=false + - --machine-class=t3-small-experimental,2000,2147483648 + - --network-interface-plugin-name=isolated \ No newline at end of file