diff --git a/.gitignore b/.gitignore index d855cec3ede6..23ca2d449f96 100644 --- a/.gitignore +++ b/.gitignore @@ -12,7 +12,7 @@ cmd/virt-api/virt-api* cmd/virtctl/virtctl* cmd/virt-dhcp/virt-dhcp* tools/openapispec/openapispec -manifests/*.yaml +manifests/**/*.yaml **/bin bin/* .vagrant diff --git a/.travis.yml b/.travis.yml index 59b08ee725fc..7d3b817f602d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -45,6 +45,7 @@ script: -service=travis-ci -package=./pkg/... -ignore=$(find -name generated_mock*.go -printf "%P\n" | paste -d, -s) ; else make test; fi - make apidocs +- make manifests cache: directories: @@ -71,6 +72,8 @@ deploy: file_glob: true file: - cmd/virtctl/virtctl-* + - manifests/release/kubevirt.yaml + - manifests/release/spice-proxy.yaml on: tags: true repo: kubevirt/kubevirt diff --git a/Makefile b/Makefile index e977e3f98111..f38ff41b0e9d 100644 --- a/Makefile +++ b/Makefile @@ -47,8 +47,8 @@ clean: rm tools/openapispec/openapispec -rf distclean: clean + find manifests -name "*.yaml" -type f -delete rm -rf vendor/ - rm -f manifest/*.yaml rm -f .glide.*.hash glide cc diff --git a/cluster/deploy.sh b/cluster/deploy.sh index 49e75e72088c..2f1254cafa55 100755 --- a/cluster/deploy.sh +++ b/cluster/deploy.sh @@ -50,30 +50,27 @@ EOF echo "Cleaning up ..." # Work around https://github.com/kubernetes/kubernetes/issues/33517 -$KUBECTL delete -f manifests/virt-handler.yaml --cascade=false --grace-period 0 2>/dev/null || : +$KUBECTL delete -f manifests/dev/virt-handler.yaml --cascade=false --grace-period 0 2>/dev/null || : $KUBECTL delete pods -n kube-system -l=daemon=virt-handler --force --grace-period 0 2>/dev/null || : -$KUBECTL delete -f manifests/libvirt.yaml --cascade=false --grace-period 0 2>/dev/null || : +$KUBECTL delete -f manifests/dev/libvirt.yaml --cascade=false --grace-period 0 2>/dev/null || : $KUBECTL delete pods -n kube-system -l=daemon=libvirt --force --grace-period 0 2>/dev/null || : # Make sure that the vms CRD is deleted, we use virtualmachines now $KUBECTL delete customresourcedefinitions vms.kubevirt.io || : # Remove all external facing services -externalServiceManifests | cluster/kubectl.sh --core delete -f - || : +externalServiceManifests | $KUBECTL delete -f - || : -# Delete everything else -for i in `ls manifests/*.yaml`; do - $KUBECTL delete -f $i --grace-period 0 2>/dev/null || : -done +# Delete everything, no matter if release, devel or infra +$KUBECTL delete -f manifests -R --grace-period 0 2>/dev/null || : sleep 2 echo "Deploying ..." -externalServiceManifests | cluster/kubectl.sh --core apply -f - +externalServiceManifests | $KUBECTL apply -f - -for i in `ls manifests/*.yaml`; do - $KUBECTL create -f $i -done +$KUBECTL create -f manifests/dev -R $i +$KUBECTL create -f manifests/testing -R $i echo "Done" diff --git a/hack/build-manifests.sh b/hack/build-manifests.sh index 7437639b9d87..f5e13d588a0d 100755 --- a/hack/build-manifests.sh +++ b/hack/build-manifests.sh @@ -22,13 +22,13 @@ set -e source hack/config.sh if [ $# -eq 0 ]; then - args=$manifest_templates + args=$(find manifests -type f -name "*.yaml.in") else args=$@ fi # Delete all generated manifests in case an input file was deleted or renamed -rm -f "manifests/*.yaml" +find manifests -name "*.yaml" -type f -delete # Render kubernetes manifests for arg in $args; do diff --git a/hack/config-default.sh b/hack/config-default.sh index e75c5c92bbe1..f91be8ddeb6e 100644 --- a/hack/config-default.sh +++ b/hack/config-default.sh @@ -3,7 +3,6 @@ docker_images="cmd/virt-controller cmd/virt-launcher cmd/virt-handler cmd/virt-a optional_docker_images="cmd/registry-disk-v1alpha images/fedora-atomic-registry-disk-demo" docker_prefix=kubevirt docker_tag=${DOCKER_TAG:-latest} -manifest_templates="`ls ${KUBEVIRT_PATH}manifests/*.in`" master_ip=192.168.200.2 master_port=8184 network_provider=weave diff --git a/manifests/README.md b/manifests/README.md new file mode 100644 index 000000000000..7701ac231f50 --- /dev/null +++ b/manifests/README.md @@ -0,0 +1,5 @@ +# Manifests + + * `dev` folder contains manifests for development + * `testing` folder contains manifests for testing purposes + * `release` folder contains manifests which are intended for users diff --git a/manifests/haproxy.yaml.in b/manifests/dev/haproxy.yaml.in similarity index 100% rename from manifests/haproxy.yaml.in rename to manifests/dev/haproxy.yaml.in diff --git a/manifests/libvirt.yaml.in b/manifests/dev/libvirt.yaml.in similarity index 100% rename from manifests/libvirt.yaml.in rename to manifests/dev/libvirt.yaml.in diff --git a/manifests/migration-resource.yaml.in b/manifests/dev/migration-resource.yaml.in similarity index 100% rename from manifests/migration-resource.yaml.in rename to manifests/dev/migration-resource.yaml.in diff --git a/manifests/rbac.authorization.k8s.io.yaml.in b/manifests/dev/rbac.authorization.k8s.io.yaml.in similarity index 100% rename from manifests/rbac.authorization.k8s.io.yaml.in rename to manifests/dev/rbac.authorization.k8s.io.yaml.in diff --git a/manifests/replicase-resource.yaml.in b/manifests/dev/replicase-resource.yaml.in similarity index 100% rename from manifests/replicase-resource.yaml.in rename to manifests/dev/replicase-resource.yaml.in diff --git a/manifests/squid.yaml.in b/manifests/dev/squid.yaml.in similarity index 100% rename from manifests/squid.yaml.in rename to manifests/dev/squid.yaml.in diff --git a/manifests/virt-api.yaml.in b/manifests/dev/virt-api.yaml.in similarity index 100% rename from manifests/virt-api.yaml.in rename to manifests/dev/virt-api.yaml.in diff --git a/manifests/virt-controller.yaml.in b/manifests/dev/virt-controller.yaml.in similarity index 100% rename from manifests/virt-controller.yaml.in rename to manifests/dev/virt-controller.yaml.in diff --git a/manifests/virt-handler.yaml.in b/manifests/dev/virt-handler.yaml.in similarity index 100% rename from manifests/virt-handler.yaml.in rename to manifests/dev/virt-handler.yaml.in diff --git a/manifests/vm-resource.yaml.in b/manifests/dev/vm-resource.yaml.in similarity index 100% rename from manifests/vm-resource.yaml.in rename to manifests/dev/vm-resource.yaml.in diff --git a/manifests/release/kubevirt.yaml.in b/manifests/release/kubevirt.yaml.in new file mode 100644 index 000000000000..33838e6d38f2 --- /dev/null +++ b/manifests/release/kubevirt.yaml.in @@ -0,0 +1,388 @@ +# custom resource definitions +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: virtualmachines.kubevirt.io +spec: + group: kubevirt.io + version: v1alpha1 + scope: Namespaced + names: + plural: virtualmachines + singular: virtualmachine + kind: VirtualMachine + shortNames: + - vm + - vms +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: migrations.kubevirt.io +spec: + scope: Namespaced + group: kubevirt.io + version: v1alpha1 + names: + kind: Migration + plural: migrations + singular: migration +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: virtualmachinereplicasets.kubevirt.io +spec: + scope: Namespaced + group: kubevirt.io + version: v1alpha1 + names: + kind: VirtualMachineReplicaSet + plural: virtualmachinereplicasets + singular: virtualmachinereplicaset + shortNames: + - vmrs + - vmrss +--- +# apiserver and virt-api proxy (will be unnecessary soon) +apiVersion: v1 +kind: Service +metadata: + name: haproxy + namespace: kube-system +spec: + ports: + - port: 8184 + targetPort: haproxy + selector: + app: haproxy +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: haproxy + namespace: kube-system +spec: + template: + metadata: + labels: + app: haproxy + spec: + serviceAccountName: kubevirt-infra + containers: + - name: haproxy + image: {{ docker_prefix }}/haproxy:{{ docker_tag }} + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8184 + name: "haproxy" + protocol: "TCP" + livenessProbe: + httpGet: + path: /apis/kubevirt.io/v1alpha1/healthz + port: 8184 + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /apis/kubevirt.io/v1alpha1/healthz + port: 8184 + initialDelaySeconds: 10 + periodSeconds: 20 + securityContext: + runAsNonRoot: true +--- +# virt-api +apiVersion: v1 +kind: Service +metadata: + name: virt-api + namespace: kube-system +spec: + ports: + - port: 8183 + targetPort: virt-api + selector: + app: virt-api +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: virt-api + namespace: kube-system +spec: + template: + metadata: + labels: + app: virt-api + spec: + serviceAccountName: kubevirt-infra + containers: + - name: virt-api + image: {{ docker_prefix }}/virt-api:{{ docker_tag }} + imagePullPolicy: IfNotPresent + command: + - "/virt-api" + - "--port" + - "8183" + - "--spice-proxy" + - "$(SPICE_PROXY)" + ports: + - containerPort: 8183 + name: "virt-api" + protocol: "TCP" + securityContext: + runAsNonRoot: true +--- +# kubevirt controller +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: virt-controller + namespace: kube-system +spec: + replicas: 2 + template: + metadata: + labels: + app: virt-controller + spec: + serviceAccountName: kubevirt-infra + containers: + - name: virt-controller + image: {{ docker_prefix }}/virt-controller:{{ docker_tag }} + imagePullPolicy: IfNotPresent + command: + - "/virt-controller" + - "--launcher-image" + - "kubevirt/virt-launcher:{{ docker_tag }}" + - "--migrator-image" + - "kubevirt/virt-migrator:{{ docker_tag }}" + - "--port" + - "8182" + ports: + - containerPort: 8182 + name: "virt-controller" + protocol: "TCP" + livenessProbe: + failureThreshold: 8 + httpGet: + port: 8182 + path: /healthz + initialDelaySeconds: 15 + timeoutSeconds: 10 + readinessProbe: + httpGet: + port: 8182 + path: /leader + initialDelaySeconds: 15 + timeoutSeconds: 10 + securityContext: + runAsNonRoot: true +--- +# virt-handler daemon set +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: virt-handler + namespace: kube-system +spec: + template: + metadata: + name: virt-handler + labels: + daemon: virt-handler + spec: + serviceAccountName: kubevirt-infra + hostPID: true + containers: + - name: virt-handler + ports: + - containerPort: 8185 + hostPort: 8185 + image: {{ docker_prefix }}/virt-handler:{{ docker_tag }} + imagePullPolicy: IfNotPresent + command: + - "/virt-handler" + - "-v" + - "3" + - "--libvirt-uri" + - "qemu:///system" + - "--hostname-override" + - "$(NODE_NAME)" + securityContext: + privileged: true + volumeMounts: + - name: libvirt-runtime + mountPath: /var/run/libvirt + - name: virt-share-dir + mountPath: /var/run/kubevirt + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumes: + - name: libvirt-runtime + hostPath: + path: /var/run/libvirt + - name: virt-share-dir + hostPath: + path: /var/run/kubevirt +--- +# libvirt daemon set +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: libvirt + namespace: kube-system +spec: + template: + metadata: + name: libvirt + labels: + daemon: libvirt + spec: + serviceAccountName: kubevirt-infra + hostNetwork: true + hostPID: true + hostIPC: true + securityContext: + runAsUser: 0 + containers: + - name: libvirtd + ports: + - containerPort: 16509 + hostPort: 16509 + image: {{ docker_prefix }}/libvirt-kubevirt:{{ docker_tag }} + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + runAsUser: 0 + volumeMounts: + - mountPath: /host-dev + name: host-dev + - mountPath: /host-sys + name: host-sys + - name: libvirt-data + mountPath: /var/lib/libvirt + - name: libvirt-runtime + mountPath: /var/run/libvirt + - name: virt-share-dir + mountPath: /var/run/kubevirt + command: ["/libvirtd.sh"] + - name: virtlogd + image: {{ docker_prefix }}/libvirt-kubevirt:{{ docker_tag }} + imagePullPolicy: IfNotPresent + volumeMounts: + - name: libvirt-runtime + mountPath: /var/run/libvirt + command: ["/usr/sbin/virtlogd", "-f", "/etc/libvirt/virtlogd.conf"] + volumes: + - name: libvirt-data + hostPath: + path: /var/lib/libvirt-container + - name: libvirt-runtime + hostPath: + path: /var/run/libvirt + - name: host-dev + hostPath: + path: /dev + - name: host-sys + hostPath: + path: /sys + - name: virt-share-dir + hostPath: + path: /var/run/kubevirt +--- +# RBAC +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: kubevirt-infra + namespace: kube-system + labels: + name: kubevirt +rules: + - apiGroups: + - '' + resources: + - pods + verbs: + - get + - list + - watch + - delete + - update + - create + - apiGroups: + - '' + resources: + - nodes + - persistentvolumeclaims + verbs: + - get + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - virtualmachines + - migrations + - virtualmachinereplicasets + verbs: + - get + - list + - watch + - delete + - update + - create + - deletecollection +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubevirt-infra + namespace: kube-system + labels: + name: kubevirt +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubevirt-admin + namespace: kube-system + labels: + name: kubevirt-admin +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: kubevirt-infra + namespace: kube-system + labels: + name: kubevirt +roleRef: + kind: ClusterRole + name: kubevirt-infra + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: kubevirt-infra + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: kubevirt-infra-cluster-admin + namespace: kube-system + labels: + name: kubevirt +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: kubevirt-infra + namespace: kube-system diff --git a/manifests/release/spice-proxy.yaml.in b/manifests/release/spice-proxy.yaml.in new file mode 100644 index 000000000000..6df38cb8371d --- /dev/null +++ b/manifests/release/spice-proxy.yaml.in @@ -0,0 +1,21 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: spice-proxy + namespace: kube-system +spec: + template: + metadata: + labels: + app: spice-proxy + spec: + containers: + - name: spice-proxy + image: {{ docker_prefix }}/spice-proxy:{{ docker_tag }} + imagePullPolicy: IfNotPresent + ports: + - containerPort: 3128 + name: "spice-proxy" + protocol: "TCP" + securityContext: + runAsNonRoot: true diff --git a/manifests/iscsi-auth-demo-target.yaml.in b/manifests/testing/iscsi-auth-demo-target.yaml.in similarity index 100% rename from manifests/iscsi-auth-demo-target.yaml.in rename to manifests/testing/iscsi-auth-demo-target.yaml.in diff --git a/manifests/iscsi-demo-target.yaml.in b/manifests/testing/iscsi-demo-target.yaml.in similarity index 100% rename from manifests/iscsi-demo-target.yaml.in rename to manifests/testing/iscsi-demo-target.yaml.in