---
{{- if and .Values.imagePullSecrets .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password }}
apiVersion: v1
data:
.dockerconfigjson: {{
printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}"
.Values.imagePullSecrets.repository
.Values.imagePullSecrets.username
.Values.imagePullSecrets.password
.Values.imagePullSecrets.email
(printf "%s:%s" .Values.imagePullSecrets.username .Values.imagePullSecrets.password | b64enc)
| b64enc
}}
kind: Secret
metadata:
name: kubeslice-image-pull-secret
namespace: kubeslice-controller
type: kubernetes.io/dockerconfigjson
{{- end }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert
controller-gen.kubebuilder.io/version: v0.7.0
name: clusters.controller.kubeslice.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: kubeslice-controller-webhook-service
namespace: kubeslice-controller
path: /convert
conversionReviewVersions:
- v1
group: controller.kubeslice.io
names:
kind: Cluster
listKind: ClusterList
plural: clusters
singular: cluster
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Cluster is the Schema for the clusters API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ClusterSpec defines the desired state of Cluster
properties:
clusterProperty:
description: put in an object
properties:
geoLocation:
description: GeoLocation contains information regarding Geographical Location of the Cluster
properties:
cloudProvider:
description: CloudProvider is the cloud service provider
type: string
cloudRegion:
description: CloudRegion is the region of the cloud
type: string
latitude:
description: Latitude is the latitude of the cluster
type: string
longitude:
description: Longitude is the longitude of the cluster
type: string
type: object
monitoring:
description: Monitoring contains the Kubernetes Monitoring Dashboard
properties:
kubernetesDashboard:
description: KubernetesDashboard contains the information regarding Kubernetes Monitoring Dashboard
properties:
accessToken:
description: AccessToken is the Access Token to access the KubernetesDashboard
type: string
enabled:
description: Enabled is the enable status of the KubernetesDashboard
type: boolean
endpoint:
description: Endpoint is the base endpoint to access the kubernetes dashboard
type: string
ingressPrefix:
description: IngressPrefix is the prefix of ingress gateway for KubernetesDashboard
type: string
type: object
type: object
telemetry:
description: Telemetry contains Telemetry information
properties:
enabled:
description: Enabled is the enable status of the Telemetry
type: boolean
endpoint:
description: Endpoint is the Telemetry Endpoint
type: string
telemetryProvider:
description: TelemetryProvider is the Telemetry Provider information
type: string
type: object
type: object
networkInterface:
description: NetworkInterface is the network interface attached with the cluster.
type: string
nodeIP:
description: NodeIP is the IP address of the Node
type: string
type: object
status:
description: ClusterStatus defines the observed state of Cluster
properties:
cniSubnet:
description: CniSubnet is the podip and service ip subnet of CNI
items:
type: string
type: array
namespaces:
description: Namespaces present in cluster
items:
properties:
name:
type: string
sliceName:
type: string
type: object
type: array
secretName:
description: SecretName is the name of the secret for the worker cluster.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert
controller-gen.kubebuilder.io/version: v0.7.0
name: projects.controller.kubeslice.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: kubeslice-controller-webhook-service
namespace: kubeslice-controller
path: /convert
conversionReviewVersions:
- v1
group: controller.kubeslice.io
names:
kind: Project
listKind: ProjectList
plural: projects
singular: project
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Project is the Schema for the projects API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ProjectSpec defines the desired state of Project
properties:
serviceAccount:
description: ServiceAccount is a field of Project. Edit project_types.go to remove/update
properties:
readOnly:
items:
type: string
type: array
readWrite:
items:
type: string
type: array
type: object
type: object
status:
description: ProjectStatus defines the observed state of Project
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
name: serviceexportconfigs.controller.kubeslice.io
spec:
group: controller.kubeslice.io
names:
kind: ServiceExportConfig
listKind: ServiceExportConfigList
plural: serviceexportconfigs
singular: serviceexportconfig
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ServiceExportConfig is the Schema for the serviceexportconfigs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ServiceExportConfigSpec defines the desired state of ServiceExportConfig
properties:
serviceDiscoveryEndpoints:
description: the service discovery endpoint array
items:
properties:
cluster:
description: The ID of the cluster.
type: string
dnsName:
description: the dns_name of the service
type: string
nsmIp:
description: The NSM IP address.
type: string
podName:
description: The name of the pod.
type: string
port:
description: port of the service
format: int32
type: integer
type: object
type: array
serviceDiscoveryPorts:
description: The ports for the given service.
items:
properties:
name:
description: The name of the port.
type: string
port:
description: The port number.
format: int32
type: integer
protocol:
description: The protocol.
type: string
type: object
type: array
serviceName:
description: ServiceName is the name of the service
type: string
serviceNamespace:
type: string
sliceName:
description: The name of the slice.
type: string
sourceCluster:
description: clusterId is the id of the cluster where the service is available.
type: string
required:
- serviceName
- sliceName
- sourceCluster
type: object
status:
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert
controller-gen.kubebuilder.io/version: v0.7.0
name: sliceconfigs.controller.kubeslice.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: kubeslice-controller-webhook-service
namespace: kubeslice-controller
path: /convert
conversionReviewVersions:
- v1
group: controller.kubeslice.io
names:
kind: SliceConfig
listKind: SliceConfigList
plural: sliceconfigs
singular: sliceconfig
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: SliceConfig is the Schema for the sliceconfig API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: SliceConfigSpec defines the desired state of SliceConfig
properties:
clusters:
items:
type: string
type: array
externalGatewayConfig:
items:
description: ExternalGatewayConfig is the configuration for external gateways like 'istio', etc/
properties:
clusters:
items:
type: string
type: array
egress:
properties:
enabled:
type: boolean
type: object
gatewayType:
enum:
- none
- istio
type: string
ingress:
properties:
enabled:
type: boolean
type: object
nsIngress:
properties:
enabled:
type: boolean
type: object
type: object
type: array
namespaceIsolationProfile:
properties:
allowedNamespaces:
items:
properties:
clusters:
items:
type: string
type: array
namespace:
type: string
type: object
type: array
applicationNamespaces:
items:
properties:
clusters:
items:
type: string
type: array
namespace:
type: string
type: object
type: array
isolationEnabled:
default: false
type: boolean
type: object
qosProfileDetails:
description: The custom QOS Profile Details
properties:
bandwidthCeilingKbps:
type: integer
bandwidthGuaranteedKbps:
type: integer
dscpClass:
enum:
- Default
- AF11
- AF12
- AF13
- AF21
- AF22
- AF23
- AF31
- AF32
- AF33
- AF41
- AF42
- AF43
- EF
type: string
priority:
type: integer
queueType:
default: HTB
type: string
tcType:
default: BANDWIDTH_CONTROL
type: string
required:
- bandwidthCeilingKbps
- bandwidthGuaranteedKbps
- dscpClass
- priority
- queueType
- tcType
type: object
sliceGatewayProvider:
description: WorkerSliceGatewayProvider defines the configuration for slicegateway
properties:
sliceCaType:
default: Local
type: string
sliceGatewayType:
default: OpenVPN
type: string
required:
- sliceCaType
- sliceGatewayType
type: object
sliceIpamType:
default: Local
type: string
sliceSubnet:
type: string
sliceType:
default: Application
type: string
standardQosProfileName:
type: string
required:
- sliceGatewayProvider
type: object
status:
description: SliceConfigStatus defines the observed state of SliceConfig
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
name: sliceqosconfigs.controller.kubeslice.io
spec:
group: controller.kubeslice.io
names:
kind: SliceQoSConfig
listKind: SliceQoSConfigList
plural: sliceqosconfigs
singular: sliceqosconfig
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: SliceQoSConfig is the Schema for the sliceqosconfigs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: SliceQoSConfigSpec defines the desired state of SliceQoSConfig
properties:
bandwidthCeilingKbps:
type: integer
bandwidthGuaranteedKbps:
type: integer
dscpClass:
enum:
- Default
- AF11
- AF12
- AF13
- AF21
- AF22
- AF23
- AF31
- AF32
- AF33
- AF41
- AF42
- AF43
- EF
type: string
priority:
type: integer
queueType:
enum:
- HTB
type: string
tcType:
enum:
- BANDWIDTH_CONTROL
type: string
required:
- bandwidthCeilingKbps
- bandwidthGuaranteedKbps
- dscpClass
- priority
- queueType
- tcType
type: object
status:
description: SliceQoSConfigStatus defines the observed state of SliceQoSConfig
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
name: workerserviceimports.worker.kubeslice.io
spec:
group: worker.kubeslice.io
names:
kind: WorkerServiceImport
listKind: WorkerServiceImportList
plural: workerserviceimports
singular: workerserviceimport
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: WorkerServiceImport is the Schema for the workerserviceimport API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: WorkerServiceImportSpec defines the desired state of WorkerServiceImport
properties:
serviceDiscoveryEndpoints:
description: the service discovery endpoint array
items:
properties:
cluster:
description: The ID of the cluster.
type: string
dnsName:
description: the dns_name of the service
type: string
nsmIp:
description: The NSM IP address.
type: string
podName:
description: The name of the pod.
type: string
port:
description: port of the service
format: int32
type: integer
type: object
type: array
serviceDiscoveryPorts:
description: The ports for the given service.
items:
properties:
name:
description: The name of the port.
type: string
port:
description: The port number.
format: int32
type: integer
protocol:
description: The protocol.
type: string
type: object
type: array
serviceName:
description: ServiceName is the name of the service
type: string
serviceNamespace:
description: ServiceNamespace is the namespace of the service
type: string
sliceName:
description: The name of the slice.
type: string
sourceClusters:
description: clusterId is the id of the cluster where the service is available.
items:
type: string
type: array
type: object
status:
description: WorkerServiceImportStatus defines the observed state of WorkerServiceImport
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
name: workersliceconfigs.worker.kubeslice.io
spec:
group: worker.kubeslice.io
names:
kind: WorkerSliceConfig
listKind: WorkerSliceConfigList
plural: workersliceconfigs
singular: workersliceconfig
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: WorkerSliceConfig is the Schema for the slice API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: WorkerSliceConfigSpec defines the desired state of Slice
properties:
externalGatewayConfig:
properties:
egress:
properties:
enabled:
type: boolean
type: object
gatewayType:
enum:
- none
- istio
type: string
ingress:
properties:
enabled:
type: boolean
type: object
nsIngress:
properties:
enabled:
type: boolean
type: object
type: object
ipamClusterOctet:
type: integer
namespaceIsolationProfile:
properties:
allowedNamespaces:
items:
type: string
type: array
applicationNamespaces:
items:
type: string
type: array
isolationEnabled:
default: false
type: boolean
type: object
qosProfileDetails:
description: QOSProfile is the QOS Profile configuration from backend
properties:
bandwidthCeilingKbps:
type: integer
bandwidthGuaranteedKbps:
type: integer
dscpClass:
enum:
- Default
- AF11
- AF12
- AF13
- AF21
- AF22
- AF23
- AF31
- AF32
- AF33
- AF41
- AF42
- AF43
- EF
type: string
priority:
type: integer
queueType:
default: HTB
type: string
tcType:
type: string
type: object
sliceGatewayProvider:
description: WorkerSliceGatewayProvider defines the configuration for slicegateway
properties:
sliceCaType:
default: Local
type: string
sliceGatewayType:
default: OpenVPN
type: string
type: object
sliceIpamType:
default: Local
type: string
sliceName:
type: string
sliceSubnet:
type: string
sliceType:
default: Application
type: string
type: object
status:
description: WorkerSliceConfigStatus defines the observed state of Slice
properties:
connectedAppPods:
items:
description: AppPod defines the app pods connected to slice
properties:
nsmInterface:
description: NsmInterface is the nsm interface of App
type: string
nsmIp:
description: NsmIP is the nsm ip of App
type: string
nsmPeerIp:
description: PeerIp is the nsm peer ip of gateway
type: string
podIp:
description: PodIP is App Pod IP
type: string
podName:
description: PodName is App Pod Name
type: string
podNamespace:
description: PodNamespace is App Pod Namespace
type: string
type: object
type: array
onboardedAppNamespaces:
items:
properties:
name:
type: string
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
name: workerslicegateways.worker.kubeslice.io
spec:
group: worker.kubeslice.io
names:
kind: WorkerSliceGateway
listKind: WorkerSliceGatewayList
plural: workerslicegateways
singular: workerslicegateway
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: WorkerSliceGateway is the Schema for the slicegateways API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: WorkerSliceGatewaySpec defines the desired state of WorkerSliceGateway
properties:
gatewayCredentials:
properties:
secretName:
type: string
type: object
gatewayHostType:
enum:
- Client
- Server
type: string
gatewayNumber:
type: integer
gatewayType:
default: OpenVPN
type: string
localGatewayConfig:
properties:
clusterName:
type: string
gatewayName:
type: string
gatewaySubnet:
type: string
nodeIp:
type: string
nodePort:
type: integer
vpnIp:
type: string
type: object
remoteGatewayConfig:
properties:
clusterName:
type: string
gatewayName:
type: string
gatewaySubnet:
type: string
nodeIp:
type: string
nodePort:
type: integer
vpnIp:
type: string
type: object
sliceName:
type: string
type: object
status:
description: WorkerSliceGatewayStatus defines the observed state of WorkerSliceGateway
properties:
clusterInsertionIndex:
type: integer
gatewayNumber:
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubeslice-controller-controller-manager
namespace: kubeslice-controller
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubeslice-controller-ovpn-manager
namespace: kubeslice-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: kubeslice-controller-leader-election-role
namespace: kubeslice-controller
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: kubeslice-controller-controller-role
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- escalate
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- create
- delete
- escalate
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- escalate
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- controller.kubeslice.io
resources:
- clusters
- projects
- serviceexportconfigs
- sliceconfigs
- sliceqosconfigs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- controller.kubeslice.io
resources:
- clusters/finalizers
- projects/finalizers
- serviceexportconfigs/finalizers
- sliceconfigs/finalizers
- sliceqosconfigs/finalizers
verbs:
- update
- apiGroups:
- controller.kubeslice.io
resources:
- clusters/status
- projects/status
- serviceexportconfigs/status
- sliceconfigs/status
- sliceqosconfigs/status
verbs:
- get
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
- rolebindings
- roles
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- worker.kubeslice.io
resources:
- workerserviceimports
- workersliceconfigs
- workerslicegateways
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- worker.kubeslice.io
resources:
- workerserviceimports/finalizers
- workersliceconfigs/finalizers
- workerslicegateways/
verbs:
- update
- apiGroups:
- worker.kubeslice.io
resources:
- workerserviceimports/status
- workersliceconfigs/status
- workerslicegateways/status
verbs:
- get
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubeslice-controller-metrics-reader
rules:
- nonResourceURLs:
- /metrics
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubeslice-controller-ovpn-editor-role
rules:
- apiGroups:
- worker.kubeslice.io
resources:
- workerslicegateways
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- escalate
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- escalate
- get
- list
- watch
- update
- patch
- create
- apiGroups:
- worker.kubeslice.io
resources:
- workerslicegateways/status
verbs:
- get
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubeslice-controller-proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubeslice-controller-leader-election-rolebinding
namespace: kubeslice-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubeslice-controller-leader-election-role
subjects:
- kind: ServiceAccount
name: kubeslice-controller-controller-manager
namespace: kubeslice-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubeslice-controller-controller-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubeslice-controller-controller-role
subjects:
- kind: ServiceAccount
name: kubeslice-controller-controller-manager
namespace: kubeslice-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubeslice-controller-ovpn-controller-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubeslice-controller-ovpn-editor-role
subjects:
- kind: ServiceAccount
name: kubeslice-controller-ovpn-manager
namespace: kubeslice-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubeslice-controller-proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubeslice-controller-proxy-role
subjects:
- kind: ServiceAccount
name: kubeslice-controller-controller-manager
namespace: kubeslice-controller
---
apiVersion: v1
data:
controller_manager_config.yaml: |
apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
kind: ControllerManagerConfig
health:
healthProbeBindAddress: :8081
metrics:
bindAddress: 127.0.0.1:8080
webhook:
port: 9443
leaderElection:
leaderElect: true
resourceName: d7f43c17.kubeslice.io
kind: ConfigMap
metadata:
name: kubeslice-controller-manager-config
namespace: kubeslice-controller
---
apiVersion: v1
kind: Service
metadata:
labels:
control-plane: controller-manager
name: kubeslice-controller-controller-manager-metrics-service
namespace: kubeslice-controller
spec:
ports:
- name: https
port: 8443
protocol: TCP
targetPort: https
selector:
control-plane: controller-manager
---
apiVersion: v1
kind: Service
metadata:
name: kubeslice-controller-webhook-service
namespace: kubeslice-controller
spec:
ports:
- port: 443
protocol: TCP
targetPort: 9443
selector:
control-plane: controller-manager
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: controller-manager
name: kubeslice-controller-manager
namespace: kubeslice-controller
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
control-plane: controller-manager
spec:
containers:
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=10
image: '{{ .Values.kubeslice.rbacproxy.image }}:{{ .Values.kubeslice.rbacproxy.tag }}'
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
protocol: TCP
- args:
- --health-probe-bind-address=:8081
- --metrics-bind-address=127.0.0.1:8080
- --leader-elect
- --log-level={{ required "A valid value is required!" .Values.kubeslice.controller.logLevel }}
- --rbac-resource-prefix={{ required "A valid value is required!" .Values.kubeslice.controller.rbacResourcePrefix }}
- --project-namespace-prefix={{ required "A valid value is required!" .Values.kubeslice.controller.projectnsPrefix }}
- --controller-end-point={{ required "A valid value is required!" .Values.kubeslice.controller.endpoint }}
- --ovpn-job-image={{ .Values.kubeslice.ovpnJob.image }}:{{ .Values.kubeslice.ovpnJob.tag }}
command:
- /manager
env:
- name: KUBESLICE_CONTROLLER_MANAGER_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: '{{ .Values.kubeslice.controller.image }}:{{ .Values.kubeslice.controller.tag }}'
imagePullPolicy: '{{ .Values.kubeslice.controller.pullPolicy }}'
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
securityContext:
runAsNonRoot: true
serviceAccountName: kubeslice-controller-controller-manager
terminationGracePeriodSeconds: 10
volumes:
- name: cert
secret:
defaultMode: 420
secretName: webhook-server-cert
{{- if and .Values.imagePullSecrets .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password }}
imagePullSecrets:
- name: kubeslice-image-pull-secret
{{- end }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kubeslice-controller-serving-cert
namespace: kubeslice-controller
spec:
dnsNames:
- kubeslice-controller-webhook-service.kubeslice-controller.svc
- kubeslice-controller-webhook-service.kubeslice-controller.svc.cluster.local
issuerRef:
kind: Issuer
name: kubeslice-controller-selfsigned-issuer
secretName: webhook-server-cert
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: kubeslice-controller-selfsigned-issuer
namespace: kubeslice-controller
spec:
selfSigned: {}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert
name: kubeslice-controller-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kubeslice-controller-webhook-service
namespace: kubeslice-controller
path: /mutate-controller-kubeslice-io-v1alpha1-cluster
failurePolicy: Fail
name: mcluster.kb.io
rules:
- apiGroups:
- controller.kubeslice.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- clusters
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kubeslice-controller-webhook-service
namespace: kubeslice-controller
path: /mutate-controller-kubeslice-io-v1alpha1-project
failurePolicy: Fail
name: mproject.kb.io
rules:
- apiGroups:
- controller.kubeslice.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- projects
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kubeslice-controller-webhook-service
namespace: kubeslice-controller
path: /mutate-controller-kubeslice-io-v1alpha1-serviceexportconfig
failurePolicy: Fail
name: mserviceexportconfig.kb.io
rules:
- apiGroups:
- controller.kubeslice.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- serviceexportconfigs
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kubeslice-controller-webhook-service
namespace: kubeslice-controller
path: /mutate-controller-kubeslice-io-v1alpha1-sliceconfig
failurePolicy: Fail
name: msliceconfig.kb.io
rules:
- apiGroups:
- controller.kubeslice.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- sliceconfigs
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kubeslice-controller-webhook-service
namespace: kubeslice-controller
path: /mutate-controller-kubeslice-io-v1alpha1-sliceqosconfig
failurePolicy: Fail
name: msliceqosconfig.kb.io
rules:
- apiGroups:
- controller.kubeslice.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- sliceqosconfigs
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kubeslice-controller-webhook-service
namespace: kubeslice-controller
path: /mutate-worker-kubeslice-io-v1alpha1-workersliceconfig
failurePolicy: Fail
name: mworkersliceconfig.kb.io
rules:
- apiGroups:
- worker.kubeslice.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- workersliceconfigs
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kubeslice-controller-webhook-service
namespace: kubeslice-controller
path: /mutate-worker-kubeslice-io-v1alpha1-workerslicegateway
failurePolicy: Fail
name: mworkerslicegateway.kb.io
rules:
- apiGroups:
- worker.kubeslice.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- workerslicegateways
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert
name: kubeslice-controller-validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kubeslice-controller-webhook-service
namespace: kubeslice-controller
path: /validate-controller-kubeslice-io-v1alpha1-cluster
failurePolicy: Fail
name: vcluster.kb.io
rules:
- apiGroups:
- controller.kubeslice.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- clusters
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kubeslice-controller-webhook-service
namespace: kubeslice-controller
path: /validate-controller-kubeslice-io-v1alpha1-project
failurePolicy: Fail
name: vproject.kb.io
rules:
- apiGroups:
- controller.kubeslice.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- projects
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kubeslice-controller-webhook-service
namespace: kubeslice-controller
path: /validate-controller-kubeslice-io-v1alpha1-serviceexportconfig
failurePolicy: Fail
name: vserviceexportconfig.kb.io
rules:
- apiGroups:
- controller.kubeslice.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- serviceexportconfigs
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kubeslice-controller-webhook-service
namespace: kubeslice-controller
path: /validate-controller-kubeslice-io-v1alpha1-sliceconfig
failurePolicy: Fail
name: vsliceconfig.kb.io
rules:
- apiGroups:
- controller.kubeslice.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- sliceconfigs
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kubeslice-controller-webhook-service
namespace: kubeslice-controller
path: /validate-controller-kubeslice-io-v1alpha1-sliceqosconfig
failurePolicy: Fail
name: vsliceqosconfig.kb.io
rules:
- apiGroups:
- controller.kubeslice.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- sliceqosconfigs
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kubeslice-controller-webhook-service
namespace: kubeslice-controller
path: /validate-worker-kubeslice-io-v1alpha1-workersliceconfig
failurePolicy: Fail
name: vworkersliceconfig.kb.io
rules:
- apiGroups:
- worker.kubeslice.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- workersliceconfigs
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: kubeslice-controller-webhook-service
namespace: kubeslice-controller
path: /validate-worker-kubeslice-io-v1alpha1-workerslicegateway
failurePolicy: Fail
name: vworkerslicegateway.kb.io
rules:
- apiGroups:
- worker.kubeslice.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- workerslicegateways
sideEffects: None