Skip to content

Instantly share code, notes, and snippets.

@oshoval

oshoval/gist:d5db815ebea60eb1777a838bee0530b9

Last active November 13, 2024 07:52
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save oshoval/d5db815ebea60eb1777a838bee0530b9 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save oshoval/d5db815ebea60eb1777a838bee0530b9 to your computer and use it in GitHub Desktop.
Download ZIP
Openshift IPAM
Raw
gistfile1.txt
---
apiVersion: v1
kind: Namespace
metadata:
labels:
app: ipam-virt-workloads
app.kubernetes.io/component: manager
app.kubernetes.io/created-by: kubevirt-ipam-controller
app.kubernetes.io/instance: system
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: namespace
app.kubernetes.io/part-of: kubevirt-ipam-controller
control-plane: manager
name: kubevirt-ipam-controller-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: ipam-virt-workloads
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: kubevirt-ipam-controller
app.kubernetes.io/instance: manager-sa
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: serviceaccount
app.kubernetes.io/part-of: kubevirt-ipam-controller
name: kubevirt-ipam-controller-manager
namespace: kubevirt-ipam-controller-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: ipam-virt-workloads
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: kubevirt-ipam-controller
app.kubernetes.io/instance: leader-election-role
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: role
app.kubernetes.io/part-of: kubevirt-ipam-controller
name: kubevirt-ipam-controller-leader-election-role
namespace: kubevirt-ipam-controller-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: ipam-virt-workloads
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: kubevirt-ipam-controller
app.kubernetes.io/instance: manager-role
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: clusterrole
app.kubernetes.io/part-of: kubevirt-ipam-controller
name: kubevirt-ipam-controller-manager-role
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- kubevirt.io
resources:
- virtualmachines
- virtualmachineinstances
verbs:
- get
- list
- watch
- apiGroups:
- kubevirt.io
resources:
- virtualmachines/finalizers
- virtualmachineinstances/finalizers
verbs:
- update
- apiGroups:
- k8s.cni.cncf.io
resources:
- ipamclaims
- network-attachment-definitions
verbs:
- get
- list
- watch
- apiGroups:
- k8s.cni.cncf.io
resources:
- ipamclaims
verbs:
- create
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: ipam-virt-workloads
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: kubevirt-ipam-controller
app.kubernetes.io/instance: leader-election-rolebinding
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: rolebinding
app.kubernetes.io/part-of: kubevirt-ipam-controller
name: kubevirt-ipam-controller-leader-election-rolebinding
namespace: kubevirt-ipam-controller-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubevirt-ipam-controller-leader-election-role
subjects:
- kind: ServiceAccount
name: kubevirt-ipam-controller-manager
namespace: kubevirt-ipam-controller-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: ipam-virt-workloads
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: kubevirt-ipam-controller
app.kubernetes.io/instance: manager-rolebinding
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: clusterrolebinding
app.kubernetes.io/part-of: kubevirt-ipam-controller
name: kubevirt-ipam-controller-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt-ipam-controller-manager-role
subjects:
- kind: ServiceAccount
name: kubevirt-ipam-controller-manager
namespace: kubevirt-ipam-controller-system
---
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.openshift.io/serving-cert-secret-name: kubevirt-ipam-controller-webhook-service
labels:
app: ipam-virt-workloads
app.kubernetes.io/component: webhook
app.kubernetes.io/created-by: kubevirt-ipam-controller
app.kubernetes.io/instance: webhook-service
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: service
app.kubernetes.io/part-of: kubevirt-ipam-controller
name: kubevirt-ipam-controller-webhook-service
namespace: kubevirt-ipam-controller-system
spec:
ports:
- port: 443
protocol: TCP
targetPort: 9443
selector:
app: ipam-virt-workloads
control-plane: manager
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ipam-virt-workloads
app.kubernetes.io/component: manager
app.kubernetes.io/created-by: kubevirt-ipam-controller
app.kubernetes.io/instance: manager
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: deployment
app.kubernetes.io/part-of: kubevirt-ipam-controller
control-plane: manager
name: kubevirt-ipam-controller-manager
namespace: kubevirt-ipam-controller-system
spec:
replicas: 1
selector:
matchLabels:
app: ipam-virt-workloads
control-plane: manager
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
app: ipam-virt-workloads
control-plane: manager
spec:
containers:
- args:
- --leader-elect
- --certificates-dir=/etc/ipam-controller/certificates
command:
- /manager
image: ghcr.io/kubevirt/ipam-controller:latest
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
volumeMounts:
- mountPath: /etc/ipam-controller/certificates
name: cert
readOnly: true
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccountName: kubevirt-ipam-controller-manager
terminationGracePeriodSeconds: 10
volumes:
- name: cert
secret:
defaultMode: 420
secretName: kubevirt-ipam-controller-webhook-service
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
service.beta.openshift.io/inject-cabundle: "true"
labels:
app: ipam-virt-workloads
app.kubernetes.io/component: webhook
app.kubernetes.io/created-by: kubevirt-ipam-controller
app.kubernetes.io/instance: mutating-webhook-configuration
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: mutatingwebhookconfiguration
app.kubernetes.io/part-of: kubevirt-ipam-controller
name: kubevirt-ipam-controller-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kubevirt-ipam-controller-webhook-service
namespace: kubevirt-ipam-controller-system
path: /mutate-v1-pod
failurePolicy: Fail
name: ipam-claims.k8s.cni.cncf.io
objectSelector:
matchLabels:
kubevirt.io: virt-launcher
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- pods
sideEffects: None
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment