diff --git a/chart/seeder-crd/templates/metal.harvesterhci.io_inventorytemplates.yaml b/chart/seeder-crd/templates/metal.harvesterhci.io_inventorytemplates.yaml new file mode 100644 index 0000000..75f1d90 --- /dev/null +++ b/chart/seeder-crd/templates/metal.harvesterhci.io_inventorytemplates.yaml @@ -0,0 +1,158 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + {} + name: inventorytemplates.metal.harvesterhci.io +spec: + group: metal.harvesterhci.io + names: + kind: InventoryTemplate + listKind: InventoryTemplateList + plural: inventorytemplates + singular: inventorytemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.status + name: InventoryTemplateStatus + type: string + - jsonPath: .status.message + name: Reason + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: InventoryTemplate is the Schema for the InventoryTemplate API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + credentials: + description: |- + SecretReference represents a Secret Reference. It has enough information to retrieve secret + in any namespace + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + vmSpec: + properties: + count: + default: 1 + format: int32 + type: integer + cpu: + default: 8 + format: int32 + type: integer + disks: + items: + properties: + driver: + default: virtio + enum: + - virtio + - sata + - scsi + type: string + size: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClass: + type: string + required: + - driver + - size + - storageClass + type: object + type: array + ingressClassName: + default: nginx + type: string + memory: + anyOf: + - type: integer + - type: string + default: 32Gi + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + namespace: + default: default + type: string + networks: + items: + description: |- + NetworkConfig allows users to define VMNetworks to be used with nic interfaces in + the underlying kubevirt vm + properties: + nicModel: + default: virtio + enum: + - e1000 + - e1000e + - igb + - ne2k_pci + - pcnet + - rtl8139 + - virtio + type: string + vmNetwork: + type: string + required: + - nicModel + - vmNetwork + type: object + type: array + required: + - count + - cpu + - disks + - ingressClassName + - memory + - namespace + - networks + type: object + required: + - credentials + - vmSpec + type: object + status: + properties: + message: + type: string + status: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/chart/seeder-crd/templates/metal.harvesterhci.io_nestedclusters.yaml b/chart/seeder-crd/templates/metal.harvesterhci.io_nestedclusters.yaml new file mode 100644 index 0000000..a64d922 --- /dev/null +++ b/chart/seeder-crd/templates/metal.harvesterhci.io_nestedclusters.yaml @@ -0,0 +1,249 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + {} + name: nestedclusters.metal.harvesterhci.io +spec: + group: metal.harvesterhci.io + names: + kind: NestedCluster + listKind: NestedClusterList + plural: nestedclusters + singular: nestedcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.status + name: ClusterStatus + type: string + - jsonPath: .status.token + name: ClusterToken + type: string + - jsonPath: .status.clusterAddress + name: ClusterAddress + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Cluster is the Schema for the clusters API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + NestedClusterSpec defines the state of underlying Cluster object + generted by the nested cluster controller + properties: + clusterConfig: + properties: + bondOptions: + additionalProperties: + type: string + type: object + configURL: + type: string + customProvisioningTemplate: + type: string + nameservers: + items: + type: string + type: array + sshKeys: + items: + type: string + type: array + streamImageMode: + type: boolean + vlanID: + default: 1 + minimum: 1 + type: integer + wipeDisks: + type: boolean + type: object + imageURL: + type: string + inventoryTemplateConfig: + items: + description: |- + InventoryTemplateConfig defines the inventory template + and eventually geenerates the inventory objects and configures a cluster + using the generated inventory and address pool references + properties: + addressPoolReference: + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + inventoryTemplateSpec: + properties: + credentials: + description: |- + SecretReference represents a Secret Reference. It has enough information to retrieve secret + in any namespace + properties: + name: + description: name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: namespace defines the space within which + the secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + vmSpec: + properties: + count: + default: 1 + format: int32 + type: integer + cpu: + default: 8 + format: int32 + type: integer + disks: + items: + properties: + driver: + default: virtio + enum: + - virtio + - sata + - scsi + type: string + size: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClass: + type: string + required: + - driver + - size + - storageClass + type: object + type: array + ingressClassName: + default: nginx + type: string + memory: + anyOf: + - type: integer + - type: string + default: 32Gi + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + namespace: + default: default + type: string + networks: + items: + description: |- + NetworkConfig allows users to define VMNetworks to be used with nic interfaces in + the underlying kubevirt vm + properties: + nicModel: + default: virtio + enum: + - e1000 + - e1000e + - igb + - ne2k_pci + - pcnet + - rtl8139 + - virtio + type: string + vmNetwork: + type: string + required: + - nicModel + - vmNetwork + type: object + type: array + required: + - count + - cpu + - disks + - ingressClassName + - memory + - namespace + - networks + type: object + required: + - credentials + - vmSpec + type: object + name: + type: string + required: + - addressPoolReference + - inventoryTemplateSpec + - name + type: object + type: array + version: + type: string + vipConfig: + properties: + addressPoolReference: + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + staticAddress: + type: string + required: + - addressPoolReference + type: object + required: + - clusterConfig + - imageURL + - inventoryTemplateConfig + - version + - vipConfig + type: object + status: + description: ClusterStatus defines the observed state of Cluster + properties: + clusterAddress: + type: string + status: + type: string + token: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/samples/metal_v1alpha1_inventorytemplate.yaml b/config/samples/metal_v1alpha1_inventorytemplate.yaml new file mode 100644 index 0000000..52c992b --- /dev/null +++ b/config/samples/metal_v1alpha1_inventorytemplate.yaml @@ -0,0 +1,22 @@ +apiVersion: metal.harvesterhci.io/v1alpha1 +kind: InventoryTemplate +metadata: + name: vm-test + namespace: tink-system +spec: + credentials: + name: cpu-model + namespace: tink-system + vmSpec: + cpu: 8 + memory: 8Gi + disks: + - size: 250Gi + driver: virtio + storageClass: dell-140-lvm + networks: + - vmNetwork: "default/vlan2017" + nicModel: virtio + namespace: default + count: 3 + ingressClassName: nginx \ No newline at end of file diff --git a/config/samples/metal_v1alpha1_nestedcluster.yaml b/config/samples/metal_v1alpha1_nestedcluster.yaml new file mode 100644 index 0000000..fe303d0 --- /dev/null +++ b/config/samples/metal_v1alpha1_nestedcluster.yaml @@ -0,0 +1,60 @@ +apiVersion: metal.harvesterhci.io/v1alpha1 +kind: NestedCluster +metadata: + name: nested-cluster-test + namespace: tink-system +spec: + version: v1.6.1 + clusterConfig: + nameservers: + - 8.8.8.8 + vlanID: 1 + wipeDisks: true + imageURL: http://10.115.1.6/iso + vipConfig: + addressPoolReference: + name: vlan2017 + namespace: tink-system + inventoryTemplateConfig: + - name: pool-1 + inventoryTemplateSpec: + credentials: + name: cpu-model + namespace: tink-system + vmSpec: + cpu: 8 + memory: 32Gi + disks: + - size: 300Gi + driver: virtio + storageClass: dell-140-lvm + networks: + - vmNetwork: "default/vlan2017" + nicModel: virtio + namespace: default + count: 2 + ingressClassName: nginx + addressPoolReference: + name: vlan2017 + namespace: tink-system + - name: pool-2 + inventoryTemplateSpec: + credentials: + name: cpu-model + namespace: tink-system + vmSpec: + cpu: 8 + memory: 32Gi + disks: + - size: 300Gi + driver: virtio + storageClass: dell-140-lvm + networks: + - vmNetwork: "default/vlan2017" + nicModel: virtio + namespace: default + count: 1 + ingressClassName: nginx + addressPoolReference: + name: vlan2017 + namespace: tink-system \ No newline at end of file diff --git a/go.mod b/go.mod index 31b6477..7645545 100644 --- a/go.mod +++ b/go.mod @@ -8,6 +8,7 @@ require ( github.com/google/uuid v1.6.0 github.com/gorilla/mux v1.8.0 github.com/harvester/webhook v0.1.4 + github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.7.7 github.com/onsi/ginkgo/v2 v2.22.0 github.com/onsi/gomega v1.36.1 github.com/rancher/dynamiclistener v0.3.5 @@ -24,6 +25,8 @@ require ( k8s.io/api v0.34.1 k8s.io/apimachinery v0.34.1 k8s.io/client-go v12.0.0+incompatible + kubevirt.io/api v1.7.0 + kubevirt.io/containerized-data-importer-api v1.63.1 sigs.k8s.io/controller-runtime v0.20.4 ) @@ -75,6 +78,7 @@ require ( github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.0 // indirect github.com/opencontainers/runc v1.2.3 // indirect + github.com/openshift/custom-resource-status v1.1.2 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/rancher/mapper v0.0.0-20190814232720-058a8b7feb99 // indirect github.com/rancher/wrangler v1.1.1 // indirect @@ -97,6 +101,7 @@ require ( golang.org/x/tools v0.37.0 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect k8s.io/kube-aggregator v0.34.1 // indirect + kubevirt.io/controller-lifecycle-operator-sdk/api v0.0.0-20220329064328-f3cc58c6ed90 // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect sigs.k8s.io/randfill v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect @@ -138,7 +143,7 @@ require ( k8s.io/apiextensions-apiserver v0.34.1 // indirect k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect - k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect + k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 sigs.k8s.io/yaml v1.6.0 ) diff --git a/go.sum b/go.sum index f26a053..121da60 100644 --- a/go.sum +++ b/go.sum @@ -1339,6 +1339,8 @@ github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMo github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw= github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/VictorLowther/simplexml v0.0.0-20180716164440-0bff93621230 h1:t95Grn2mOPfb3+kPDWsNnj4dlNcxnvuR72IjY8eYjfQ= github.com/VictorLowther/simplexml v0.0.0-20180716164440-0bff93621230/go.mod h1:t2EzW1qybnPDQ3LR/GgeF0GOzHUXT5IVMLP2gkW1cmc= github.com/VictorLowther/soap v0.0.0-20150314151524-8e36fca84b22 h1:a0MBqYm44o0NcthLKCljZHe1mxlN6oahCQHHThnSwB4= @@ -1477,6 +1479,8 @@ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/dvyukov/go-fuzz v0.0.0-20210103155950-6a8e9d1f2415/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw= +github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/emicklei/go-restful v2.15.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU= github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= @@ -1563,13 +1567,19 @@ github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= github.com/go-logr/zerologr v1.2.3 h1:up5N9vcH9Xck3jJkXzgyOxozT14R47IyDODz8LM1KSs= github.com/go-logr/zerologr v1.2.3/go.mod h1:BxwGo7y5zgSHYR1BjbnHPyF/5ZjVKfKxAZANVu6E8Ho= +github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= +github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns= github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= +github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= +github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= +github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= @@ -1672,6 +1682,7 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX github.com/google/go-pkcs11 v0.2.0/go.mod h1:6eQoGcuNJpa7jnd5pMGdkSaQpNDYvPlXWMcjXXThLlY= github.com/google/go-pkcs11 v0.2.1-0.20230907215043-c6f79328ddf9/go.mod h1:6eQoGcuNJpa7jnd5pMGdkSaQpNDYvPlXWMcjXXThLlY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= @@ -1741,6 +1752,7 @@ github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qK github.com/googleapis/gax-go/v2 v2.12.1/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc= github.com/googleapis/gax-go/v2 v2.12.2/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc= github.com/googleapis/gnostic v0.2.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -1825,6 +1837,8 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= +github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.7.7 h1:z4P744DR+PIpkjwXSEc6TvN3L6LVzmUquFgmNm8wSUc= +github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.7.7/go.mod h1:CM7HAH5PNuIsqjMN0fGc1ydM74Uj+0VZFhob620nklw= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= @@ -1845,6 +1859,7 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxv github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -1865,6 +1880,9 @@ github.com/lyft/protoc-gen-star/v2 v2.0.1/go.mod h1:RcCdONR2ScXaYnQC5tUzxzlpA3WV github.com/lyft/protoc-gen-star/v2 v2.0.3/go.mod h1:amey7yeodaJhXSbf/TlLvWiqQfLOSpEk//mLlc+axEk= github.com/lyft/protoc-gen-star/v2 v2.0.4-0.20230330145011-496ad1ac90a4/go.mod h1:amey7yeodaJhXSbf/TlLvWiqQfLOSpEk//mLlc+axEk= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= +github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ= @@ -1921,13 +1939,16 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= +github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= +github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU= github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= @@ -1954,6 +1975,7 @@ github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= +github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs= github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo= github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc= @@ -1982,6 +2004,8 @@ github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQ github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/opencontainers/runc v1.2.3 h1:fxE7amCzfZflJO2lHXf4y/y8M1BoAqp+FVmG19oYB80= github.com/opencontainers/runc v1.2.3/go.mod h1:nSxcWUydXrsBZVYNSkTjoQ/N6rcyTtn+1SD5D4+kRIM= +github.com/openshift/custom-resource-status v1.1.2 h1:C3DL44LEbvlbItfd8mT5jWrqPfHnSOQoQf/sypqA6A4= +github.com/openshift/custom-resource-status v1.1.2/go.mod h1:DB/Mf2oTeiAmVVX1gN+NEqweonAPY0TKUwADizj8+ZA= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0= github.com/ory/dockertest/v3 v3.12.0 h1:3oV9d0sDzlSQfHtIaB5k6ghUCVMVLpAY8hwrqoCyRCw= @@ -2183,6 +2207,7 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0= @@ -2417,6 +2442,7 @@ golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -2442,13 +2468,16 @@ golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM= golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= @@ -2607,6 +2636,7 @@ golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -2626,6 +2656,7 @@ golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2636,8 +2667,10 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2815,6 +2848,7 @@ golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjs golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -2837,6 +2871,7 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM= golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= @@ -2998,6 +3033,7 @@ google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= @@ -3288,6 +3324,7 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLks gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= @@ -3338,14 +3375,19 @@ k8s.io/apiserver v0.33.5/go.mod h1:Q+b5Btbc8x0PqOCeh/xBTesKk+cXQRN+PF2wdrTKDeg= k8s.io/client-go v0.33.5 h1:I8BdmQGxInpkMEnJvV6iG7dqzP3JRlpZZlib3OMFc3o= k8s.io/client-go v0.33.5/go.mod h1:W8PQP4MxbM4ypgagVE65mUUqK1/ByQkSALF9tzuQ6u0= k8s.io/code-generator v0.0.0-20181117043124-c2090bec4d9b/go.mod h1:MYiN+ZJZ9HkETbgVZdWw2AsuAi9PZ4V80cwfuf2axe8= +k8s.io/code-generator v0.23.3/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= k8s.io/code-generator v0.33.5/go.mod h1:Ra+sdZquRakeTGcEnQAPw6BmlZ92IvxwQQTX/XOvOIE= k8s.io/component-base v0.33.5/go.mod h1:Zma1YjBVuuGxIbspj1vGR3/5blzo2ARf1v0QTtog1to= k8s.io/gengo v0.0.0-20190327210449-e17681d19d3a/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= +k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo/v2 v2.0.0-20240826214909-a7b603a56eb7/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU= k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU= k8s.io/klog v0.2.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= +k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.40.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= @@ -3359,6 +3401,12 @@ k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +kubevirt.io/api v1.7.0 h1:Kxmtk6HtFkKpZA7UcTRHWoxFKnwJaUmPzTXQVmvP5Bc= +kubevirt.io/api v1.7.0/go.mod h1:i9ptPTe87h5qun3mjAfcaIH1e8/W5c0LwqSBeNr/TRQ= +kubevirt.io/containerized-data-importer-api v1.63.1 h1:g2I9za0QEscRsQjOOK/MM0feywp1x9Gl8IyT6Egtg0g= +kubevirt.io/containerized-data-importer-api v1.63.1/go.mod h1:VGp35wxpLXU18b7cnEpmcThI3AjcZUSfg/Zfql44U4o= +kubevirt.io/controller-lifecycle-operator-sdk/api v0.0.0-20220329064328-f3cc58c6ed90 h1:QMrd0nKP0BGbnxTqakhDZAUhGKxPiPiN5gSDqKUmGGc= +kubevirt.io/controller-lifecycle-operator-sdk/api v0.0.0-20220329064328-f3cc58c6ed90/go.mod h1:018lASpFYBsYN6XwmA2TIrPCx6e0gviTd/ZNtSitKgc= lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk= lukechampine.com/uint128 v1.2.0/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk= lukechampine.com/uint128 v1.3.0/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk= @@ -3433,6 +3481,7 @@ sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= +sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= sigs.k8s.io/structured-merge-diff/v4 v4.6.0 h1:IUA9nvMmnKWcj5jl84xn+T5MnlZKThmUW1TdblaLVAc= sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= diff --git a/pkg/api/v1alpha1/common.go b/pkg/api/v1alpha1/common.go index 59f2411..1dfb345 100644 --- a/pkg/api/v1alpha1/common.go +++ b/pkg/api/v1alpha1/common.go @@ -1,5 +1,9 @@ package v1alpha1 +import ( + "k8s.io/apimachinery/pkg/runtime/schema" +) + // common constants not associated with a particular type const ( DefaultNS = "metal-system" @@ -13,7 +17,11 @@ const ( ) var ( - DefaultAPIPrefix = "rke2" + DefaultAPIPrefix = "rke2" + InventoryGroupVersionKind = schema.GroupVersionKind{Group: GroupVersion.Group, Version: GroupVersion.Version, Kind: "Inventory"} + ClusterGroupVersionKind = schema.GroupVersionKind{Group: GroupVersion.Group, Version: GroupVersion.Version, Kind: "Cluster"} + InventoryTemplateGroupVersionKind = schema.GroupVersionKind{Group: GroupVersion.Group, Version: GroupVersion.Version, Kind: "InventoryTemplate"} + NestedClusterGroupVersionKind = schema.GroupVersionKind{Group: GroupVersion.Group, Version: GroupVersion.Version, Kind: "NestedCluster"} ) const ( diff --git a/pkg/api/v1alpha1/inventory_template_types.go b/pkg/api/v1alpha1/inventory_template_types.go new file mode 100644 index 0000000..79bbeac --- /dev/null +++ b/pkg/api/v1alpha1/inventory_template_types.go @@ -0,0 +1,93 @@ +package v1alpha1 + +import ( + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + kubevirtv1 "kubevirt.io/api/core/v1" +) + +const ( + InventoryTemplateProvisioned InventoryTemplateProvisioningStatus = "templateProvisioned" + InventoryTemplateProvisioningError InventoryTemplateProvisioningStatus = "error" + SecretKubeconfigFieldKey = "kubeconfig" + InventoryTemplateFinalizer = "metal.harvesterhci.io/nestedcluster" + InventoryUUIDLabelKey = "inventorytemplate.harvesterhci.io/uuid" + KubeBMCNS = "kubevirtbmc-system" + KubeBMCIngressAnnotationKey = "cert-manager.io/issuer" + KubeBMCIngressAnnotationValue = "kubevirtbmc-selfsigned-issuer" + KubevirtBMCSecretName = "kubevirtbmc-secret" + IngressExposeService = "ingress-expose" + KubeSystemNS = "kube-system" +) + +type InventoryTemplateSpec struct { + Credentials *corev1.SecretReference `json:"credentials"` + VMSpec VMSpec `json:"vmSpec"` +} + +type VMSpec struct { + // +kubebuilder:default=8 + CPU uint32 `json:"cpu"` + // +kubebuilder:default="32Gi" + Memory resource.Quantity `json:"memory"` + Disks []DiskConfig `json:"disks"` + Networks []NetworkConfig `json:"networks"` + // +kubebuilder:default="default" + Namespace string `json:"namespace"` + // +kubebuilder:default=1 + Count int32 `json:"count"` + // +kubebuilder:default=nginx + IngressClassName string `json:"ingressClassName"` +} + +type DiskConfig struct { + // +kubebuilder:validation:Enum=virtio;sata;scsi + // +kubebuilder:default=virtio + Bus kubevirtv1.DiskBus `json:"driver"` + Size resource.Quantity `json:"size"` + StorageClass string `json:"storageClass"` +} + +// NetworkConfig allows users to define VMNetworks to be used with nic interfaces in +// the underlying kubevirt vm +type NetworkConfig struct { + VMNetwork string `json:"vmNetwork"` + // +kubebuilder:validation:Enum=e1000;e1000e;igb;ne2k_pci;pcnet;rtl8139;virtio + // +kubebuilder:default=virtio + NICModel string `json:"nicModel"` +} + +type InventoryTemplateProvisioningStatus string + +type InventoryTemplateStatus struct { + Status InventoryTemplateProvisioningStatus `json:"status,omitempty"` + Message string `json:"message,omitempty"` +} + +//+kubebuilder:object:root=true +//+kubebuilder:subresource:status +//+kubebuilder:printcolumn:name="InventoryTemplateStatus",type="string",JSONPath=`.status.status` +//+kubebuilder:printcolumn:name="Reason",type="string",JSONPath=`.status.message` + +// InventoryTemplate is the Schema for the InventoryTemplate API +type InventoryTemplate struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec InventoryTemplateSpec `json:"spec,omitempty"` + Status InventoryTemplateStatus `json:"status,omitempty"` +} + +//+kubebuilder:object:root=true + +// InventoryTemplateList contains a list of InventoryTemplate +type InventoryTemplateList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []InventoryTemplate `json:"items"` +} + +func init() { + SchemeBuilder.Register(&InventoryTemplate{}, &InventoryTemplateList{}) +} diff --git a/pkg/api/v1alpha1/nested_cluster_types.go b/pkg/api/v1alpha1/nested_cluster_types.go new file mode 100644 index 0000000..1b1e79b --- /dev/null +++ b/pkg/api/v1alpha1/nested_cluster_types.go @@ -0,0 +1,55 @@ +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +const ( + NestedClusterFinalizer = "metal.harvesterhci.io/nestedcluster" + NestedClusterUIDLabelKey = "nestedcluster.harvesterhci.io/uuid" +) + +// NestedClusterSpec defines the state of underlying Cluster object +// generted by the nested cluster controller +type NestedClusterSpec struct { + HarvesterVersion string `json:"version"` + ImageURL string `json:"imageURL"` + InventoryTemplateConfig []InventoryTemplateConfig `json:"inventoryTemplateConfig"` + VIPConfig `json:"vipConfig"` + ClusterConfig `json:"clusterConfig"` +} + +// InventoryTemplateConfig defines the inventory template +// and eventually geenerates the inventory objects and configures a cluster +// using the generated inventory and address pool references +type InventoryTemplateConfig struct { + Name string `json:"name"` + InventoryTemplateSpec InventoryTemplateSpec `json:"inventoryTemplateSpec"` + AddressPoolReference ObjectReference `json:"addressPoolReference"` +} + +//+kubebuilder:object:root=true +//+kubebuilder:subresource:status +//+kubebuilder:printcolumn:name="ClusterStatus",type="string",JSONPath=`.status.status` +//+kubebuilder:printcolumn:name="ClusterToken",type="string",JSONPath=`.status.token` +//+kubebuilder:printcolumn:name="ClusterAddress",type="string",JSONPath=`.status.clusterAddress` + +// Cluster is the Schema for the clusters API +type NestedCluster struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec NestedClusterSpec `json:"spec,omitempty"` + Status ClusterStatus `json:"status,omitempty"` +} + +//+kubebuilder:object:root=true + +// ClusterList contains a list of Cluster +type NestedClusterList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []NestedCluster `json:"items"` +} + +func init() { + SchemeBuilder.Register(&NestedCluster{}, &NestedClusterList{}) +} diff --git a/pkg/api/v1alpha1/zz_generated.deepcopy.go b/pkg/api/v1alpha1/zz_generated.deepcopy.go index 01cabe6..27fe751 100644 --- a/pkg/api/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/api/v1alpha1/zz_generated.deepcopy.go @@ -21,6 +21,7 @@ limitations under the License. package v1alpha1 import ( + "k8s.io/api/core/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -283,6 +284,22 @@ func (in *Conditions) DeepCopy() *Conditions { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DiskConfig) DeepCopyInto(out *DiskConfig) { + *out = *in + out.Size = in.Size.DeepCopy() +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DiskConfig. +func (in *DiskConfig) DeepCopy() *DiskConfig { + if in == nil { + return nil + } + out := new(DiskConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Events) DeepCopyInto(out *Events) { *out = *in @@ -397,6 +414,216 @@ func (in *InventoryStatus) DeepCopy() *InventoryStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InventoryTemplate) DeepCopyInto(out *InventoryTemplate) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InventoryTemplate. +func (in *InventoryTemplate) DeepCopy() *InventoryTemplate { + if in == nil { + return nil + } + out := new(InventoryTemplate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *InventoryTemplate) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InventoryTemplateConfig) DeepCopyInto(out *InventoryTemplateConfig) { + *out = *in + in.InventoryTemplateSpec.DeepCopyInto(&out.InventoryTemplateSpec) + out.AddressPoolReference = in.AddressPoolReference +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InventoryTemplateConfig. +func (in *InventoryTemplateConfig) DeepCopy() *InventoryTemplateConfig { + if in == nil { + return nil + } + out := new(InventoryTemplateConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InventoryTemplateList) DeepCopyInto(out *InventoryTemplateList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]InventoryTemplate, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InventoryTemplateList. +func (in *InventoryTemplateList) DeepCopy() *InventoryTemplateList { + if in == nil { + return nil + } + out := new(InventoryTemplateList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *InventoryTemplateList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InventoryTemplateSpec) DeepCopyInto(out *InventoryTemplateSpec) { + *out = *in + if in.Credentials != nil { + in, out := &in.Credentials, &out.Credentials + *out = new(v1.SecretReference) + **out = **in + } + in.VMSpec.DeepCopyInto(&out.VMSpec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InventoryTemplateSpec. +func (in *InventoryTemplateSpec) DeepCopy() *InventoryTemplateSpec { + if in == nil { + return nil + } + out := new(InventoryTemplateSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InventoryTemplateStatus) DeepCopyInto(out *InventoryTemplateStatus) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InventoryTemplateStatus. +func (in *InventoryTemplateStatus) DeepCopy() *InventoryTemplateStatus { + if in == nil { + return nil + } + out := new(InventoryTemplateStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NestedCluster) DeepCopyInto(out *NestedCluster) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NestedCluster. +func (in *NestedCluster) DeepCopy() *NestedCluster { + if in == nil { + return nil + } + out := new(NestedCluster) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *NestedCluster) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NestedClusterList) DeepCopyInto(out *NestedClusterList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]NestedCluster, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NestedClusterList. +func (in *NestedClusterList) DeepCopy() *NestedClusterList { + if in == nil { + return nil + } + out := new(NestedClusterList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *NestedClusterList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NestedClusterSpec) DeepCopyInto(out *NestedClusterSpec) { + *out = *in + if in.InventoryTemplateConfig != nil { + in, out := &in.InventoryTemplateConfig, &out.InventoryTemplateConfig + *out = make([]InventoryTemplateConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + out.VIPConfig = in.VIPConfig + in.ClusterConfig.DeepCopyInto(&out.ClusterConfig) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NestedClusterSpec. +func (in *NestedClusterSpec) DeepCopy() *NestedClusterSpec { + if in == nil { + return nil + } + out := new(NestedClusterSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkConfig) DeepCopyInto(out *NetworkConfig) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkConfig. +func (in *NetworkConfig) DeepCopy() *NetworkConfig { + if in == nil { + return nil + } + out := new(NetworkConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeConfig) DeepCopyInto(out *NodeConfig) { *out = *in @@ -495,3 +722,31 @@ func (in *VIPConfig) DeepCopy() *VIPConfig { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VMSpec) DeepCopyInto(out *VMSpec) { + *out = *in + out.Memory = in.Memory.DeepCopy() + if in.Disks != nil { + in, out := &in.Disks, &out.Disks + *out = make([]DiskConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Networks != nil { + in, out := &in.Networks, &out.Networks + *out = make([]NetworkConfig, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VMSpec. +func (in *VMSpec) DeepCopy() *VMSpec { + if in == nil { + return nil + } + out := new(VMSpec) + in.DeepCopyInto(out) + return out +} diff --git a/pkg/controllers/crds/kubevirtbmc.yaml b/pkg/controllers/crds/kubevirtbmc.yaml new file mode 100644 index 0000000..5379d80 --- /dev/null +++ b/pkg/controllers/crds/kubevirtbmc.yaml @@ -0,0 +1,75 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + name: virtualmachinebmcs.virtualmachine.kubevirt.io +spec: + group: virtualmachine.kubevirt.io + names: + kind: VirtualMachineBMC + listKind: VirtualMachineBMCList + plural: virtualmachinebmcs + singular: virtualmachinebmc + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: VirtualMachineBMC is the Schema for the virtualmachinebmcs API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: VirtualMachineBMCSpec defines the desired state of VirtualMachineBMC + properties: + password: + description: The credential part of the IPMI service + type: string + username: + description: To authenticate who the user is. + type: string + vmName: + description: The actual virtual machine that this BMC controls + type: string + vmNamespace: + description: The namespace where the virtual machine is in + type: string + required: + - vmName + - vmNamespace + type: object + status: + description: VirtualMachineBMCStatus defines the observed state of VirtualMachineBMC + properties: + ready: + description: The indicator that shows the readiness of the IPMI service + for the virtual machine + type: boolean + serviceIP: + description: The listen IP address for the IPMI service. + type: string + required: + - ready + - serviceIP + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/controllers/crds/nad.yaml b/pkg/controllers/crds/nad.yaml new file mode 100644 index 0000000..2bf133c --- /dev/null +++ b/pkg/controllers/crds/nad.yaml @@ -0,0 +1,29 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: network-attachment-definitions.k8s.cni.cncf.io +spec: + conversion: + strategy: None + group: k8s.cni.cncf.io + names: + kind: NetworkAttachmentDefinition + listKind: NetworkAttachmentDefinitionList + plural: network-attachment-definitions + shortNames: + - net-attach-def + singular: network-attachment-definition + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + config: + type: string + type: object + type: object + served: true + storage: true diff --git a/pkg/controllers/crds/vm.yaml b/pkg/controllers/crds/vm.yaml new file mode 100644 index 0000000..00f24fa --- /dev/null +++ b/pkg/controllers/crds/vm.yaml @@ -0,0 +1,9805 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: virtualmachines.kubevirt.io +spec: + conversion: + strategy: None + group: kubevirt.io + names: + categories: + - all + kind: VirtualMachine + listKind: VirtualMachineList + plural: virtualmachines + shortNames: + - vm + - vms + singular: virtualmachine + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Human Readable Status + jsonPath: .status.printableStatus + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + name: v1 + schema: + openAPIV3Schema: + description: |- + VirtualMachine handles the VirtualMachines that are not running + or are in a stopped state + The VirtualMachine contains the template to create the + VirtualMachineInstance. It also mirrors the running state of the created + VirtualMachineInstance in its status. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec contains the specification of VirtualMachineInstance + created + properties: + dataVolumeTemplates: + description: |- + dataVolumeTemplates is a list of dataVolumes that the VirtualMachineInstance template can reference. + DataVolumes in this list are dynamically created for the VirtualMachine and are tied to the VirtualMachine's life-cycle. + items: + nullable: true + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + spec: + description: DataVolumeSpec contains the DataVolume specification. + properties: + checkpoints: + description: Checkpoints is a list of DataVolumeCheckpoints, + representing stages in a multistage import. + items: + description: DataVolumeCheckpoint defines a stage in a + warm migration. + properties: + current: + description: Current is the identifier of the snapshot + created for this checkpoint. + type: string + previous: + description: Previous is the identifier of the snapshot + from the previous checkpoint. + type: string + required: + - current + - previous + type: object + type: array + contentType: + description: 'DataVolumeContentType options: "kubevirt", + "archive"' + enum: + - kubevirt + - archive + type: string + finalCheckpoint: + description: FinalCheckpoint indicates whether the current + DataVolumeCheckpoint is the final checkpoint. + type: boolean + preallocation: + description: Preallocation controls whether storage for + DataVolumes should be allocated in advance. + type: boolean + priorityClassName: + description: PriorityClassName for Importer, Cloner and + Uploader pod + type: string + pvc: + description: PVC is the PVC specification + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + source: + description: Source is the src of the data for the requested + DataVolume + properties: + blank: + description: DataVolumeBlankImage provides the parameters + to create a new raw blank image for the PVC + type: object + gcs: + description: DataVolumeSourceGCS provides the parameters + to create a Data Volume from an GCS source + properties: + secretRef: + description: SecretRef provides the secret reference + needed to access the GCS source + type: string + url: + description: URL is the url of the GCS source + type: string + required: + - url + type: object + http: + description: DataVolumeSourceHTTP can be either an http + or https endpoint, with an optional basic auth user + name and password, and an optional configmap containing + additional CAs + properties: + certConfigMap: + description: CertConfigMap is a configmap reference, + containing a Certificate Authority(CA) public + key, and a base64 encoded pem certificate + type: string + extraHeaders: + description: ExtraHeaders is a list of strings containing + extra headers to include with HTTP transfer requests + items: + type: string + type: array + secretExtraHeaders: + description: SecretExtraHeaders is a list of Secret + references, each containing an extra HTTP header + that may include sensitive information + items: + type: string + type: array + secretRef: + description: SecretRef A Secret reference, the secret + should contain accessKeyId (user name) base64 + encoded, and secretKey (password) also base64 + encoded + type: string + url: + description: URL is the URL of the http(s) endpoint + type: string + required: + - url + type: object + imageio: + description: DataVolumeSourceImageIO provides the parameters + to create a Data Volume from an imageio source + properties: + certConfigMap: + description: CertConfigMap provides a reference + to the CA cert + type: string + diskId: + description: DiskID provides id of a disk to be + imported + type: string + secretRef: + description: SecretRef provides the secret reference + needed to access the ovirt-engine + type: string + url: + description: URL is the URL of the ovirt-engine + type: string + required: + - diskId + - url + type: object + pvc: + description: DataVolumeSourcePVC provides the parameters + to create a Data Volume from an existing PVC + properties: + name: + description: The name of the source PVC + type: string + namespace: + description: The namespace of the source PVC + type: string + required: + - name + - namespace + type: object + registry: + description: DataVolumeSourceRegistry provides the parameters + to create a Data Volume from an registry source + properties: + certConfigMap: + description: CertConfigMap provides a reference + to the Registry certs + type: string + imageStream: + description: ImageStream is the name of image stream + for import + type: string + pullMethod: + description: PullMethod can be either "pod" (default + import), or "node" (node docker cache based import) + type: string + secretRef: + description: SecretRef provides the secret reference + needed to access the Registry source + type: string + url: + description: 'URL is the url of the registry source + (starting with the scheme: docker, oci-archive)' + type: string + type: object + s3: + description: DataVolumeSourceS3 provides the parameters + to create a Data Volume from an S3 source + properties: + certConfigMap: + description: CertConfigMap is a configmap reference, + containing a Certificate Authority(CA) public + key, and a base64 encoded pem certificate + type: string + secretRef: + description: SecretRef provides the secret reference + needed to access the S3 source + type: string + url: + description: URL is the url of the S3 source + type: string + required: + - url + type: object + snapshot: + description: DataVolumeSourceSnapshot provides the parameters + to create a Data Volume from an existing VolumeSnapshot + properties: + name: + description: The name of the source VolumeSnapshot + type: string + namespace: + description: The namespace of the source VolumeSnapshot + type: string + required: + - name + - namespace + type: object + upload: + description: DataVolumeSourceUpload provides the parameters + to create a Data Volume by uploading the source + type: object + vddk: + description: DataVolumeSourceVDDK provides the parameters + to create a Data Volume from a Vmware source + properties: + backingFile: + description: BackingFile is the path to the virtual + hard disk to migrate from vCenter/ESXi + type: string + initImageURL: + description: InitImageURL is an optional URL to + an image containing an extracted VDDK library, + overrides v2v-vmware config map + type: string + secretRef: + description: SecretRef provides a reference to a + secret containing the username and password needed + to access the vCenter or ESXi host + type: string + thumbprint: + description: Thumbprint is the certificate thumbprint + of the vCenter or ESXi host + type: string + url: + description: URL is the URL of the vCenter or ESXi + host with the VM to migrate + type: string + uuid: + description: UUID is the UUID of the virtual machine + that the backing file is attached to in vCenter/ESXi + type: string + type: object + type: object + sourceRef: + description: SourceRef is an indirect reference to the source + of data for the requested DataVolume + properties: + kind: + description: The kind of the source reference, currently + only "DataSource" is supported + type: string + name: + description: The name of the source reference + type: string + namespace: + description: The namespace of the source reference, + defaults to the DataVolume namespace + type: string + required: + - kind + - name + type: object + storage: + description: Storage is the requested storage specification + properties: + accessModes: + description: |- + AccessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. + If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. + This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. + There are two important differences between DataSource and DataSourceRef: + * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. + * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + Resources represents the minimum resources the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: A label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + type: object + status: + description: |- + DataVolumeTemplateDummyStatus is here simply for backwards compatibility with + a previous API. + nullable: true + type: object + required: + - spec + type: object + type: array + instancetype: + description: InstancetypeMatcher references a instancetype that is + used to fill fields in Template + properties: + inferFromVolume: + description: |- + InferFromVolume lists the name of a volume that should be used to infer or discover the instancetype + to be used through known annotations on the underlying resource. Once applied to the InstancetypeMatcher + this field is removed. + type: string + inferFromVolumeFailurePolicy: + description: |- + InferFromVolumeFailurePolicy controls what should happen on failure when inferring the instancetype. + Allowed values are: "RejectInferFromVolumeFailure" and "IgnoreInferFromVolumeFailure". + If not specified, "RejectInferFromVolumeFailure" is used by default. + type: string + kind: + description: |- + Kind specifies which instancetype resource is referenced. + Allowed values are: "VirtualMachineInstancetype" and "VirtualMachineClusterInstancetype". + If not specified, "VirtualMachineClusterInstancetype" is used by default. + type: string + name: + description: Name is the name of the VirtualMachineInstancetype + or VirtualMachineClusterInstancetype + type: string + revisionName: + description: |- + RevisionName specifies a ControllerRevision containing a specific copy of the + VirtualMachineInstancetype or VirtualMachineClusterInstancetype to be used. This is initially + captured the first time the instancetype is applied to the VirtualMachineInstance. + type: string + type: object + preference: + description: PreferenceMatcher references a set of preference that + is used to fill fields in Template + properties: + inferFromVolume: + description: |- + InferFromVolume lists the name of a volume that should be used to infer or discover the preference + to be used through known annotations on the underlying resource. Once applied to the PreferenceMatcher + this field is removed. + type: string + inferFromVolumeFailurePolicy: + description: |- + InferFromVolumeFailurePolicy controls what should happen on failure when preference the instancetype. + Allowed values are: "RejectInferFromVolumeFailure" and "IgnoreInferFromVolumeFailure". + If not specified, "RejectInferFromVolumeFailure" is used by default. + type: string + kind: + description: |- + Kind specifies which preference resource is referenced. + Allowed values are: "VirtualMachinePreference" and "VirtualMachineClusterPreference". + If not specified, "VirtualMachineClusterPreference" is used by default. + type: string + name: + description: Name is the name of the VirtualMachinePreference + or VirtualMachineClusterPreference + type: string + revisionName: + description: |- + RevisionName specifies a ControllerRevision containing a specific copy of the + VirtualMachinePreference or VirtualMachineClusterPreference to be used. This is + initially captured the first time the instancetype is applied to the VirtualMachineInstance. + type: string + type: object + runStrategy: + description: |- + Running state indicates the requested running state of the VirtualMachineInstance + mutually exclusive with Running + type: string + running: + description: |- + Running controls whether the associatied VirtualMachineInstance is created or not + Mutually exclusive with RunStrategy + Deprecated: VirtualMachineInstance field "Running" is now deprecated, please use RunStrategy instead. + type: boolean + template: + description: Template is the direct specification of VirtualMachineInstance + properties: + metadata: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + spec: + description: VirtualMachineInstance Spec contains the VirtualMachineInstance + specification. + properties: + accessCredentials: + description: Specifies a set of public keys to inject into + the vm guest + items: + description: |- + AccessCredential represents a credential source that can be used to + authorize remote access to the vm guest + Only one of its members may be specified. + properties: + sshPublicKey: + description: |- + SSHPublicKey represents the source and method of applying a ssh public + key into a guest virtual machine. + properties: + propagationMethod: + description: PropagationMethod represents how the + public key is injected into the vm guest. + properties: + configDrive: + description: |- + ConfigDrivePropagation means that the ssh public keys are injected + into the VM using metadata using the configDrive cloud-init provider + type: object + noCloud: + description: |- + NoCloudPropagation means that the ssh public keys are injected + into the VM using metadata using the noCloud cloud-init provider + type: object + qemuGuestAgent: + description: |- + QemuGuestAgentAccessCredentailPropagation means ssh public keys are + dynamically injected into the vm at runtime via the qemu guest agent. + This feature requires the qemu guest agent to be running within the guest. + properties: + users: + description: |- + Users represents a list of guest users that should have the ssh public keys + added to their authorized_keys file. + items: + type: string + type: array + x-kubernetes-list-type: set + required: + - users + type: object + type: object + source: + description: Source represents where the public + keys are pulled from + properties: + secret: + description: Secret means that the access credential + is pulled from a kubernetes secret + properties: + secretName: + description: SecretName represents the name + of the secret in the VMI's namespace + type: string + required: + - secretName + type: object + type: object + required: + - propagationMethod + - source + type: object + userPassword: + description: |- + UserPassword represents the source and method for applying a guest user's + password + properties: + propagationMethod: + description: propagationMethod represents how the + user passwords are injected into the vm guest. + properties: + qemuGuestAgent: + description: |- + QemuGuestAgentAccessCredentailPropagation means passwords are + dynamically injected into the vm at runtime via the qemu guest agent. + This feature requires the qemu guest agent to be running within the guest. + type: object + type: object + source: + description: Source represents where the user passwords + are pulled from + properties: + secret: + description: Secret means that the access credential + is pulled from a kubernetes secret + properties: + secretName: + description: SecretName represents the name + of the secret in the VMI's namespace + type: string + required: + - secretName + type: object + type: object + required: + - propagationMethod + - source + type: object + type: object + maxItems: 256 + type: array + x-kubernetes-list-type: atomic + affinity: + description: If affinity is specifies, obey all the affinity + rules + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + architecture: + description: Specifies the architecture of the vm guest you + are attempting to run. Defaults to the compiled architecture + of the KubeVirt components + type: string + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: |- + Name is this DNS resolver option's name. + Required. + type: string + value: + description: Value is this DNS resolver option's + value. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + domain: + description: Specification of the desired behavior of the + VirtualMachineInstance on the host. + properties: + chassis: + description: Chassis specifies the chassis info passed + to the domain. + properties: + asset: + type: string + manufacturer: + type: string + serial: + type: string + sku: + type: string + version: + type: string + type: object + clock: + description: Clock sets the clock and timers of the vmi. + properties: + timer: + description: Timer specifies whih timers are attached + to the vmi. + properties: + hpet: + description: HPET (High Precision Event Timer) + - multiple timers with periodic interrupts. + properties: + present: + description: |- + Enabled set to false makes sure that the machine type or a preset can't add the timer. + Defaults to true. + type: boolean + tickPolicy: + description: |- + TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest. + One of "delay", "catchup", "merge", "discard". + type: string + type: object + hyperv: + description: Hyperv (Hypervclock) - lets guests + read the host’s wall clock time (paravirtualized). + For windows guests. + properties: + present: + description: |- + Enabled set to false makes sure that the machine type or a preset can't add the timer. + Defaults to true. + type: boolean + type: object + kvm: + description: "KVM \t(KVM clock) - lets guests + read the host’s wall clock time (paravirtualized). + For linux guests." + properties: + present: + description: |- + Enabled set to false makes sure that the machine type or a preset can't add the timer. + Defaults to true. + type: boolean + type: object + pit: + description: PIT (Programmable Interval Timer) + - a timer with periodic interrupts. + properties: + present: + description: |- + Enabled set to false makes sure that the machine type or a preset can't add the timer. + Defaults to true. + type: boolean + tickPolicy: + description: |- + TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest. + One of "delay", "catchup", "discard". + type: string + type: object + rtc: + description: RTC (Real Time Clock) - a continuously + running timer with periodic interrupts. + properties: + present: + description: |- + Enabled set to false makes sure that the machine type or a preset can't add the timer. + Defaults to true. + type: boolean + tickPolicy: + description: |- + TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest. + One of "delay", "catchup". + type: string + track: + description: Track the guest or the wall clock. + type: string + type: object + type: object + timezone: + description: |- + Timezone sets the guest clock to the specified timezone. + Zone name follows the TZ environment variable format (e.g. 'America/New_York'). + type: string + utc: + description: |- + UTC sets the guest clock to UTC on each boot. If an offset is specified, + guest changes to the clock will be kept during reboots and are not reset. + properties: + offsetSeconds: + description: |- + OffsetSeconds specifies an offset in seconds, relative to UTC. If set, + guest changes to the clock will be kept during reboots and not reset. + type: integer + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + cpu: + description: CPU allow specified the detailed CPU topology + inside the vmi. + properties: + cores: + description: |- + Cores specifies the number of cores inside the vmi. + Must be a value greater or equal 1. + format: int32 + type: integer + dedicatedCpuPlacement: + description: |- + DedicatedCPUPlacement requests the scheduler to place the VirtualMachineInstance on a node + with enough dedicated pCPUs and pin the vCPUs to it. + type: boolean + features: + description: Features specifies the CPU features list + inside the VMI. + items: + description: CPUFeature allows specifying a CPU + feature. + properties: + name: + description: Name of the CPU feature + type: string + policy: + description: |- + Policy is the CPU feature attribute which can have the following attributes: + force - The virtual CPU will claim the feature is supported regardless of it being supported by host CPU. + require - Guest creation will fail unless the feature is supported by the host CPU or the hypervisor is able to emulate it. + optional - The feature will be supported by virtual CPU if and only if it is supported by host CPU. + disable - The feature will not be supported by virtual CPU. + forbid - Guest creation will fail if the feature is supported by host CPU. + Defaults to require + type: string + required: + - name + type: object + type: array + isolateEmulatorThread: + description: |- + IsolateEmulatorThread requests one more dedicated pCPU to be allocated for the VMI to place + the emulator thread on it. + type: boolean + maxSockets: + description: |- + MaxSockets specifies the maximum amount of sockets that can + be hotplugged + format: int32 + type: integer + model: + description: |- + Model specifies the CPU model inside the VMI. + List of available models https://github.com/libvirt/libvirt/tree/master/src/cpu_map. + It is possible to specify special cases like "host-passthrough" to get the same CPU as the node + and "host-model" to get CPU closest to the node one. + Defaults to host-model. + type: string + numa: + description: NUMA allows specifying settings for the + guest NUMA topology + properties: + guestMappingPassthrough: + description: |- + GuestMappingPassthrough will create an efficient guest topology based on host CPUs exclusively assigned to a pod. + The created topology ensures that memory and CPUs on the virtual numa nodes never cross boundaries of host numa nodes. + type: object + type: object + realtime: + description: Realtime instructs the virt-launcher + to tune the VMI for lower latency, optional for + real time workloads + properties: + mask: + description: |- + Mask defines the vcpu mask expression that defines which vcpus are used for realtime. Format matches libvirt's expressions. + Example: "0-3,^1","0,2,3","2-3" + type: string + type: object + sockets: + description: |- + Sockets specifies the number of sockets inside the vmi. + Must be a value greater or equal 1. + format: int32 + type: integer + threads: + description: |- + Threads specifies the number of threads inside the vmi. + Must be a value greater or equal 1. + format: int32 + type: integer + type: object + devices: + description: Devices allows adding disks, network interfaces, + and others + properties: + autoattachGraphicsDevice: + description: |- + Whether to attach the default graphics device or not. + VNC will not be available if set to false. Defaults to true. + type: boolean + autoattachInputDevice: + description: |- + Whether to attach an Input Device. + Defaults to false. + type: boolean + autoattachMemBalloon: + description: |- + Whether to attach the Memory balloon device with default period. + Period can be adjusted in virt-config. + Defaults to true. + type: boolean + autoattachPodInterface: + description: Whether to attach a pod network interface. + Defaults to true. + type: boolean + autoattachSerialConsole: + description: |- + Whether to attach the default virtio-serial console or not. + Serial console access will not be available if set to false. Defaults to true. + type: boolean + autoattachVSOCK: + description: |- + Whether to attach the VSOCK CID to the VM or not. + VSOCK access will be available if set to true. Defaults to false. + type: boolean + blockMultiQueue: + description: |- + Whether or not to enable virtio multi-queue for block devices. + Defaults to false. + type: boolean + clientPassthrough: + description: To configure and access client devices + such as redirecting USB + type: object + disableHotplug: + description: DisableHotplug disabled the ability to + hotplug disks. + type: boolean + disks: + description: Disks describes disks, cdroms and luns + which are connected to the vmi. + items: + properties: + blockSize: + description: If specified, the virtual disk + will be presented with the given block sizes. + properties: + custom: + description: CustomBlockSize represents + the desired logical and physical block + size for a VM disk. + properties: + logical: + type: integer + physical: + type: integer + required: + - logical + - physical + type: object + matchVolume: + description: Represents if a feature is + enabled or disabled. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + type: object + bootOrder: + description: |- + BootOrder is an integer value > 0, used to determine ordering of boot devices. + Lower values take precedence. + Each disk or interface that has a boot order must have a unique value. + Disks without a boot order are not tried if a disk with a boot order exists. + type: integer + cache: + description: |- + Cache specifies which kvm disk cache mode should be used. + Supported values are: + none: Guest I/O not cached on the host, but may be kept in a disk cache. + writethrough: Guest I/O cached on the host but written through to the physical medium. Slowest but with most guarantees. + writeback: Guest I/O cached on the host. + Defaults to none if the storage supports O_DIRECT, otherwise writethrough. + type: string + cdrom: + description: Attach a volume as a cdrom to the + vmi. + properties: + bus: + description: |- + Bus indicates the type of disk device to emulate. + supported values: virtio, sata, scsi. + type: string + readonly: + description: |- + ReadOnly. + Defaults to true. + type: boolean + tray: + description: |- + Tray indicates if the tray of the device is open or closed. + Allowed values are "open" and "closed". + Defaults to closed. + type: string + type: object + dedicatedIOThread: + description: |- + dedicatedIOThread indicates this disk should have an exclusive IO Thread. + Enabling this implies useIOThreads = true. + Defaults to false. + type: boolean + disk: + description: Attach a volume as a disk to the + vmi. + properties: + bus: + description: |- + Bus indicates the type of disk device to emulate. + supported values: virtio, sata, scsi, usb. + type: string + pciAddress: + description: 'If specified, the virtual + disk will be placed on the guests pci + address with the specified PCI address. + For example: 0000:81:01.10' + type: string + readonly: + description: |- + ReadOnly. + Defaults to false. + type: boolean + type: object + errorPolicy: + description: If specified, it can change the + default error policy (stop) for the disk + type: string + io: + description: |- + IO specifies which QEMU disk IO mode should be used. + Supported values are: native, default, threads. + type: string + lun: + description: Attach a volume as a LUN to the + vmi. + properties: + bus: + description: |- + Bus indicates the type of disk device to emulate. + supported values: virtio, sata, scsi. + type: string + readonly: + description: |- + ReadOnly. + Defaults to false. + type: boolean + reservation: + description: Reservation indicates if the + disk needs to support the persistent reservation + for the SCSI disk + type: boolean + type: object + name: + description: Name is the device name + type: string + serial: + description: Serial provides the ability to + specify a serial number for the disk device. + type: string + shareable: + description: If specified the disk is made sharable + and multiple write from different VMs are + permitted + type: boolean + tag: + description: If specified, disk address and + its tag will be provided to the guest via + config drive metadata + type: string + required: + - name + type: object + maxItems: 256 + type: array + downwardMetrics: + description: DownwardMetrics creates a virtio serials + for exposing the downward metrics to the vmi. + type: object + filesystems: + description: Filesystems describes filesystem which + is connected to the vmi. + items: + properties: + name: + description: Name is the device name + type: string + virtiofs: + description: Virtiofs is supported + type: object + required: + - name + - virtiofs + type: object + type: array + x-kubernetes-list-type: atomic + gpus: + description: Whether to attach a GPU device to the + vmi. + items: + properties: + claimName: + description: |- + ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this + device is allocated + type: string + deviceName: + description: DeviceName is the name of the device + provisioned by device-plugins + type: string + name: + description: Name of the GPU device as exposed + by a device plugin + type: string + requestName: + description: |- + RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this + device is requested + type: string + tag: + description: If specified, the virtual network + interface address and its tag will be provided + to the guest via config drive + type: string + virtualGPUOptions: + properties: + display: + properties: + enabled: + description: |- + Enabled determines if a display addapter backed by a vGPU should be enabled or disabled on the guest. + Defaults to true. + type: boolean + ramFB: + description: |- + Enables a boot framebuffer, until the guest OS loads a real GPU driver + Defaults to true. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-type: atomic + hostDevices: + description: Whether to attach a host device to the + vmi. + items: + properties: + claimName: + description: |- + ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this + device is allocated + type: string + deviceName: + description: DeviceName is the name of the device + provisioned by device-plugins + type: string + name: + type: string + requestName: + description: |- + RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this + device is requested + type: string + tag: + description: If specified, the virtual network + interface address and its tag will be provided + to the guest via config drive + type: string + required: + - name + type: object + type: array + x-kubernetes-list-type: atomic + inputs: + description: Inputs describe input devices + items: + properties: + bus: + description: |- + Bus indicates the bus of input device to emulate. + Supported values: virtio, usb. + type: string + name: + description: Name is the device name + type: string + type: + description: |- + Type indicated the type of input device. + Supported values: tablet. + type: string + required: + - name + - type + type: object + type: array + interfaces: + description: Interfaces describe network interfaces + which are added to the vmi. + items: + properties: + acpiIndex: + description: |- + If specified, the ACPI index is used to provide network interface device naming, that is stable across changes + in PCI addresses assigned to the device. + This value is required to be unique across all devices and be between 1 and (16*1024-1). + type: integer + binding: + description: |- + Binding specifies the binding plugin that will be used to connect the interface to the guest. + It provides an alternative to InterfaceBindingMethod. + version: 1alphav1 + properties: + name: + description: |- + Name references to the binding name as denined in the kubevirt CR. + version: 1alphav1 + type: string + required: + - name + type: object + bootOrder: + description: |- + BootOrder is an integer value > 0, used to determine ordering of boot devices. + Lower values take precedence. + Each interface or disk that has a boot order must have a unique value. + Interfaces without a boot order are not tried. + type: integer + bridge: + description: InterfaceBridge connects to a given + network via a linux bridge. + type: object + dhcpOptions: + description: If specified the network interface + will pass additional DHCP options to the VMI + properties: + bootFileName: + description: If specified will pass option + 67 to interface's DHCP server + type: string + ntpServers: + description: If specified will pass the + configured NTP server to the VM via DHCP + option 042. + items: + type: string + type: array + privateOptions: + description: 'If specified will pass extra + DHCP options for private use, range: 224-254' + items: + description: DHCPExtraOptions defines + Extra DHCP options for a VM. + properties: + option: + description: |- + Option is an Integer value from 224-254 + Required. + type: integer + value: + description: |- + Value is a String value for the Option provided + Required. + type: string + required: + - option + - value + type: object + type: array + tftpServerName: + description: If specified will pass option + 66 to interface's DHCP server + type: string + type: object + macAddress: + description: 'Interface MAC address. For example: + de:ad:00:00:be:af or DE-AD-00-00-BE-AF.' + type: string + macvtap: + description: |- + DeprecatedMacvtap is an alias to the deprecated Macvtap interface, + please refer to Kubevirt user guide for alternatives. + Deprecated: Removed in v1.3 + type: object + masquerade: + description: InterfaceMasquerade connects to + a given network using netfilter rules to nat + the traffic. + type: object + model: + description: |- + Interface model. + One of: e1000, e1000e, igb, ne2k_pci, pcnet, rtl8139, virtio. + Defaults to virtio. + type: string + name: + description: |- + Logical name of the interface as well as a reference to the associated networks. + Must match the Name of a Network. + type: string + passt: + description: |- + DeprecatedPasst is an alias to the deprecated Passt interface, + please refer to Kubevirt user guide for alternatives. + Deprecated: Removed in v1.3 + type: object + pciAddress: + description: 'If specified, the virtual network + interface will be placed on the guests pci + address with the specified PCI address. For + example: 0000:81:01.10' + type: string + ports: + description: List of ports to be forwarded to + the virtual machine. + items: + description: |- + Port represents a port to expose from the virtual machine. + Default protocol TCP. + The port field is mandatory + properties: + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + port: + description: |- + Number of port to expose for the virtual machine. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + protocol: + description: |- + Protocol for port. Must be UDP or TCP. + Defaults to "TCP". + type: string + required: + - port + type: object + type: array + slirp: + description: |- + DeprecatedSlirp is an alias to the deprecated Slirp interface + Deprecated: Removed in v1.3 + type: object + sriov: + description: InterfaceSRIOV connects to a given + network by passing-through an SR-IOV PCI device + via vfio. + type: object + state: + description: |- + State represents the requested operational state of the interface. + The supported values are: + 'absent', expressing a request to remove the interface. + 'down', expressing a request to set the link down. + 'up', expressing a request to set the link up. + Empty value functions as 'up'. + type: string + tag: + description: If specified, the virtual network + interface address and its tag will be provided + to the guest via config drive + type: string + required: + - name + type: object + maxItems: 256 + type: array + logSerialConsole: + description: |- + Whether to log the auto-attached default serial console or not. + Serial console logs will be collect to a file and then streamed from a named 'guest-console-log'. + Not relevant if autoattachSerialConsole is disabled. + Defaults to cluster wide setting on VirtualMachineOptions. + type: boolean + networkInterfaceMultiqueue: + description: If specified, virtual network interfaces + configured with a virtio bus will also enable the + vhost multiqueue feature for network devices. The + number of queues created depends on additional factors + of the VirtualMachineInstance, like the number of + guest CPUs. + type: boolean + panicDevices: + description: PanicDevices provides additional crash + information when a guest crashes. + items: + properties: + model: + description: |- + Model specifies what type of panic device is provided. + The panic model used when this attribute is missing depends on the hypervisor and guest arch. + One of: isa, hyperv, pvpanic. + type: string + type: object + type: array + rng: + description: Whether to have random number generator + from host + type: object + sound: + description: Whether to emulate a sound device. + properties: + model: + description: |- + We only support ich9 or ac97. + If SoundDevice is not set: No sound card is emulated. + If SoundDevice is set but Model is not: ich9 + type: string + name: + description: User's defined name for this sound + device + type: string + required: + - name + type: object + tpm: + description: Whether to emulate a TPM device. + properties: + enabled: + description: |- + Enabled allows a user to explicitly disable the vTPM even when one is enabled by a preference referenced by the VirtualMachine + Defaults to True + type: boolean + persistent: + description: |- + Persistent indicates the state of the TPM device should be kept accross reboots + Defaults to false + type: boolean + type: object + useVirtioTransitional: + description: |- + Fall back to legacy virtio 0.9 support if virtio bus is selected on devices. + This is helpful for old machines like CentOS6 or RHEL6 which + do not understand virtio_non_transitional (virtio 1.0). + type: boolean + video: + description: Video describes the video device configuration + for the vmi. + properties: + type: + description: |- + Type specifies the video device type (e.g., virtio, vga, bochs, ramfb). + If not specified, the default is architecture-dependent (VGA for BIOS-based VMs, Bochs for EFI-based VMs on AMD64; virtio for Arm and s390x). + type: string + type: object + watchdog: + description: Watchdog describes a watchdog device + which can be added to the vmi. + properties: + diag288: + description: diag288 watchdog device (specific + to s390x architecture). + properties: + action: + description: |- + The action to take. Valid values are poweroff, reset, shutdown. + Defaults to reset. + type: string + type: object + i6300esb: + description: i6300esb watchdog device. + properties: + action: + description: |- + The action to take. Valid values are poweroff, reset, shutdown. + Defaults to reset. + type: string + type: object + name: + description: Name of the watchdog. + type: string + required: + - name + type: object + type: object + features: + description: Features like acpi, apic, hyperv, smm. + properties: + acpi: + description: |- + ACPI enables/disables ACPI inside the guest. + Defaults to enabled. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + apic: + description: Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + endOfInterrupt: + description: |- + EndOfInterrupt enables the end of interrupt notification in the guest. + Defaults to false. + type: boolean + type: object + hyperv: + description: Defaults to the machine type setting. + properties: + evmcs: + description: |- + EVMCS Speeds up L2 vmexits, but disables other virtualization features. Requires vapic. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + frequencies: + description: |- + Frequencies improves the TSC clock source handling for Hyper-V on KVM. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + ipi: + description: |- + IPI improves performances in overcommited environments. Requires vpindex. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + reenlightenment: + description: |- + Reenlightenment enables the notifications on TSC frequency changes. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + relaxed: + description: |- + Relaxed instructs the guest OS to disable watchdog timeouts. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + reset: + description: |- + Reset enables Hyperv reboot/reset for the vmi. Requires synic. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + runtime: + description: |- + Runtime improves the time accounting to improve scheduling in the guest. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + spinlocks: + description: Spinlocks allows to configure the + spinlock retry attempts. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + spinlocks: + description: |- + Retries indicates the number of retries. + Must be a value greater or equal 4096. + Defaults to 4096. + format: int32 + type: integer + type: object + synic: + description: |- + SyNIC enables the Synthetic Interrupt Controller. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + synictimer: + description: |- + SyNICTimer enables Synthetic Interrupt Controller Timers, reducing CPU load. + Defaults to the machine type setting. + properties: + direct: + description: Represents if a feature is enabled + or disabled. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + enabled: + type: boolean + type: object + tlbflush: + description: |- + TLBFlush improves performances in overcommited environments. Requires vpindex. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + vapic: + description: |- + VAPIC improves the paravirtualized handling of interrupts. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + vendorid: + description: |- + VendorID allows setting the hypervisor vendor id. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + vendorid: + description: |- + VendorID sets the hypervisor vendor id, visible to the vmi. + String up to twelve characters. + type: string + type: object + vpindex: + description: |- + VPIndex enables the Virtual Processor Index to help windows identifying virtual processors. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + type: object + hypervPassthrough: + description: |- + This enables all supported hyperv flags automatically. + Bear in mind that if this enabled hyperV features cannot + be enabled explicitly. In addition, a Virtual Machine + using it will be non-migratable. + properties: + enabled: + type: boolean + type: object + kvm: + description: Configure how KVM presence is exposed + to the guest. + properties: + hidden: + description: |- + Hide the KVM hypervisor from standard MSR based discovery. + Defaults to false + type: boolean + type: object + pvspinlock: + description: |- + Notify the guest that the host supports paravirtual spinlocks. + For older kernels this feature should be explicitly disabled. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + smm: + description: |- + SMM enables/disables System Management Mode. + TSEG not yet implemented. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + type: object + firmware: + description: Firmware. + properties: + acpi: + description: Information that can be set in the ACPI + table + properties: + msdmNameRef: + description: |- + Similar to SlicNameRef, another ACPI entry that is used in more recent Windows versions. + The above points to the spec of MSDM too. + type: string + slicNameRef: + description: |- + SlicNameRef should match the volume name of a secret object. The data in the secret should + be a binary blob that follows the ACPI SLIC standard, see: + https://learn.microsoft.com/en-us/previous-versions/windows/hardware/design/dn653305(v=vs.85) + type: string + type: object + bootloader: + description: Settings to control the bootloader that + is used. + properties: + bios: + description: If set (default), BIOS will be used. + properties: + useSerial: + description: If set, the BIOS output will + be transmitted over serial + type: boolean + type: object + efi: + description: If set, EFI will be used instead + of BIOS. + properties: + persistent: + description: |- + If set to true, Persistent will persist the EFI NVRAM across reboots. + Defaults to false + type: boolean + secureBoot: + description: |- + If set, SecureBoot will be enabled and the OVMF roms will be swapped for + SecureBoot-enabled ones. + Requires SMM to be enabled. + Defaults to true + type: boolean + type: object + type: object + kernelBoot: + description: Settings to set the kernel for booting. + properties: + container: + description: Container defines the container that + containes kernel artifacts + properties: + image: + description: Image that contains initrd / + kernel files. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + imagePullSecret: + description: ImagePullSecret is the name of + the Docker registry secret required to pull + the image. The secret must already exist. + type: string + initrdPath: + description: the fully-qualified path to the + ramdisk image in the host OS + type: string + kernelPath: + description: The fully-qualified path to the + kernel image in the host OS + type: string + required: + - image + type: object + kernelArgs: + description: Arguments to be passed to the kernel + at boot time + type: string + type: object + serial: + description: The system-serial-number in SMBIOS + type: string + uuid: + description: |- + UUID reported by the vmi bios. + Defaults to a random generated uid. + type: string + type: object + ioThreads: + description: IOThreads specifies the IOThreads options. + properties: + supplementalPoolThreadCount: + description: SupplementalPoolThreadCount specifies + how many iothreads are allocated for the supplementalPool + policy. + format: int32 + type: integer + type: object + ioThreadsPolicy: + description: |- + Controls whether or not disks will share IOThreads. + Omitting IOThreadsPolicy disables use of IOThreads. + One of: shared, auto, supplementalPool + type: string + launchSecurity: + description: Launch Security setting of the vmi. + properties: + sev: + description: AMD Secure Encrypted Virtualization (SEV). + properties: + attestation: + description: If specified, run the attestation + process for a vmi. + type: object + dhCert: + description: Base64 encoded guest owner's Diffie-Hellman + key. + type: string + policy: + description: |- + Guest policy flags as defined in AMD SEV API specification. + Note: due to security reasons it is not allowed to enable guest debugging. Therefore NoDebug flag is not exposed to users and is always true. + properties: + encryptedState: + description: |- + SEV-ES is required. + Defaults to false. + type: boolean + type: object + session: + description: Base64 encoded session blob. + type: string + type: object + type: object + machine: + description: Machine type. + properties: + type: + description: QEMU machine type is the actual chipset + of the VirtualMachineInstance. + type: string + type: object + memory: + description: Memory allow specifying the VMI memory features. + properties: + guest: + anyOf: + - type: integer + - type: string + description: |- + Guest allows to specifying the amount of memory which is visible inside the Guest OS. + The Guest must lie between Requests and Limits from the resources section. + Defaults to the requested memory in the resources section if not specified. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + hugepages: + description: Hugepages allow to use hugepages for + the VirtualMachineInstance instead of regular memory. + properties: + pageSize: + description: PageSize specifies the hugepage size, + for x86_64 architecture valid values are 1Gi + and 2Mi. + type: string + type: object + maxGuest: + anyOf: + - type: integer + - type: string + description: |- + MaxGuest allows to specify the maximum amount of memory which is visible inside the Guest OS. + The delta between MaxGuest and Guest is the amount of memory that can be hot(un)plugged. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + resources: + description: Resources describes the Compute Resources + required by this vmi. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + Valid resource keys are "memory" and "cpu". + type: object + overcommitGuestOverhead: + description: |- + Don't ask the scheduler to take the guest-management overhead into account. Instead + put the overhead only into the container's memory limit. This can lead to crashes if + all memory is in use on a node. Defaults to false. + type: boolean + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests is a description of the initial vmi resources. + Valid resource keys are "memory" and "cpu". + type: object + type: object + required: + - devices + type: object + evictionStrategy: + description: |- + EvictionStrategy describes the strategy to follow when a node drain occurs. + The possible options are: + - "None": No action will be taken, according to the specified 'RunStrategy' the VirtualMachine will be restarted or shutdown. + - "LiveMigrate": the VirtualMachineInstance will be migrated instead of being shutdown. + - "LiveMigrateIfPossible": the same as "LiveMigrate" but only if the VirtualMachine is Live-Migratable, otherwise it will behave as "None". + - "External": the VirtualMachineInstance will be protected and 'vmi.Status.EvacuationNodeName' will be set on eviction. This is mainly useful for cluster-api-provider-kubevirt (capk) which needs a way for VMI's to be blocked from eviction, yet signal capk that eviction has been called on the VMI so the capk controller can handle tearing the VMI down. Details can be found in the commit description https://github.com/kubevirt/kubevirt/commit/c1d77face705c8b126696bac9a3ee3825f27f1fa. + type: string + hostname: + description: |- + Specifies the hostname of the vmi + If not specified, the hostname will be set to the name of the vmi, if dhcp or cloud-init is configured properly. + type: string + livenessProbe: + description: |- + Periodic probe of VirtualMachineInstance liveness. + VirtualmachineInstances will be stopped if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: |- + One and only one of the following should be specified. + Exec specifies the action to take, it will be executed on the guest through the qemu-guest-agent. + If the guest agent is not available, this probe will fail. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + guestAgentPing: + description: GuestAgentPing contacts the qemu-guest-agent + for availability checks. + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: |- + TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + For exec probes the timeout fails the probe but does not terminate the command running on the guest. + This means a blocking command can result in an increasing load on the guest. + A small buffer will be added to the resulting workload exec probe to compensate for delays + caused by the qemu guest exec mechanism. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + networks: + description: List of networks that can be attached to a vm's + virtual interface. + items: + description: Network represents a network type and a resource + that should be connected to the vm. + properties: + multus: + description: Represents the multus cni network. + properties: + default: + description: |- + Select the default network and add it to the + multus-cni.io/default-network annotation. + type: boolean + networkName: + description: |- + References to a NetworkAttachmentDefinition CRD object. Format: + , /. If namespace is not + specified, VMI namespace is assumed. + type: string + required: + - networkName + type: object + name: + description: |- + Network name. + Must be a DNS_LABEL and unique within the vm. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + pod: + description: Represents the stock pod network interface. + properties: + vmIPv6NetworkCIDR: + description: |- + IPv6 CIDR for the vm network. + Defaults to fd10:0:2::/120 if not specified. + type: string + vmNetworkCIDR: + description: |- + CIDR for vm network. + Default 10.0.2.0/24 if not specified. + type: string + type: object + required: + - name + type: object + maxItems: 256 + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the vmi to fit on a node. + Selector which must match a node's labels for the vmi to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + priorityClassName: + description: |- + If specified, indicates the pod's priority. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + readinessProbe: + description: |- + Periodic probe of VirtualMachineInstance service readiness. + VirtualmachineInstances will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: |- + One and only one of the following should be specified. + Exec specifies the action to take, it will be executed on the guest through the qemu-guest-agent. + If the guest agent is not available, this probe will fail. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + guestAgentPing: + description: GuestAgentPing contacts the qemu-guest-agent + for availability checks. + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: |- + TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + For exec probes the timeout fails the probe but does not terminate the command running on the guest. + This means a blocking command can result in an increasing load on the guest. + A small buffer will be added to the resulting workload exec probe to compensate for delays + caused by the qemu guest exec mechanism. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resourceClaims: + description: |- + ResourceClaims define which ResourceClaims must be allocated + and reserved before the VMI, hence virt-launcher pod is allowed to start. The resources + will be made available to the domain which consumes them + by name. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate in kubernetes + https://kubernetes.io/docs/concepts/scheduling-eviction/dynamic-resource-allocation/ + This field should only be configured if one of the feature-gates GPUsWithDRA or HostDevicesWithDRA is enabled. + This feature is in alpha. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim, either directly + or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim + for the pod. + + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + + Exactly one of ResourceClaimName and ResourceClaimTemplateName must + be set. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. The pod name and resource name, along with a + generated component, will be used to form a unique name for the + ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. + + This field is immutable and no changes will be made to the + corresponding ResourceClaim by the control plane after creating the + ResourceClaim. + + Exactly one of ResourceClaimName and ResourceClaimTemplateName must + be set. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + schedulerName: + description: |- + If specified, the VMI will be dispatched by specified scheduler. + If not specified, the VMI will be dispatched by default scheduler. + type: string + startStrategy: + description: StartStrategy can be set to "Paused" if Virtual + Machine should be started in paused state. + type: string + subdomain: + description: |- + If specified, the fully qualified vmi hostname will be "...svc.". + If not specified, the vmi will not have a domainname at all. The DNS entry will resolve to the vmi, + no matter if the vmi itself can pick up a hostname. + type: string + terminationGracePeriodSeconds: + description: Grace period observed after signalling a VirtualMachineInstance + to stop after which the VirtualMachineInstance is force + terminated. + format: int64 + type: integer + tolerations: + description: If toleration is specified, obey all the toleration + rules. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of VMIs will be spread across a given topology + domains. K8s scheduler will schedule VMI pods in a way which abides by the constraints. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When 'whenUnsatisfiable=DoNotSchedule', it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When 'whenUnsatisfiable=ScheduleAnyway', it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: List of volumes that can be mounted by disks + belonging to the vmi. + items: + description: Volume represents a named volume in a vmi. + properties: + cloudInitConfigDrive: + description: |- + CloudInitConfigDrive represents a cloud-init Config Drive user-data source. + The Config Drive data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest. + More info: https://cloudinit.readthedocs.io/en/latest/topics/datasources/configdrive.html + properties: + networkData: + description: NetworkData contains config drive inline + cloud-init networkdata. + type: string + networkDataBase64: + description: NetworkDataBase64 contains config drive + cloud-init networkdata as a base64 encoded string. + type: string + networkDataSecretRef: + description: NetworkDataSecretRef references a k8s + secret that contains config drive networkdata. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + secretRef: + description: UserDataSecretRef references a k8s + secret that contains config drive userdata. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + userData: + description: UserData contains config drive inline + cloud-init userdata. + type: string + userDataBase64: + description: UserDataBase64 contains config drive + cloud-init userdata as a base64 encoded string. + type: string + type: object + cloudInitNoCloud: + description: |- + CloudInitNoCloud represents a cloud-init NoCloud user-data source. + The NoCloud data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest. + More info: http://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html + properties: + networkData: + description: NetworkData contains NoCloud inline + cloud-init networkdata. + type: string + networkDataBase64: + description: NetworkDataBase64 contains NoCloud + cloud-init networkdata as a base64 encoded string. + type: string + networkDataSecretRef: + description: NetworkDataSecretRef references a k8s + secret that contains NoCloud networkdata. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + secretRef: + description: UserDataSecretRef references a k8s + secret that contains NoCloud userdata. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + userData: + description: UserData contains NoCloud inline cloud-init + userdata. + type: string + userDataBase64: + description: UserDataBase64 contains NoCloud cloud-init + userdata as a base64 encoded string. + type: string + type: object + configMap: + description: |- + ConfigMapSource represents a reference to a ConfigMap in the same namespace. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/ + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or it's + keys must be defined + type: boolean + volumeLabel: + description: |- + The volume label of the resulting disk inside the VMI. + Different bootstrapping mechanisms require different values. + Typical values are "cidata" (cloud-init), "config-2" (cloud-init) or "OEMDRV" (kickstart). + type: string + type: object + x-kubernetes-map-type: atomic + containerDisk: + description: |- + ContainerDisk references a docker image, embedding a qcow or raw disk. + More info: https://kubevirt.gitbooks.io/user-guide/registry-disk.html + properties: + image: + description: Image is the name of the image with + the embedded disk. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + imagePullSecret: + description: ImagePullSecret is the name of the + Docker registry secret required to pull the image. + The secret must already exist. + type: string + path: + description: Path defines the path to disk file + in the container + type: string + required: + - image + type: object + dataVolume: + description: |- + DataVolume represents the dynamic creation a PVC for this volume as well as + the process of populating that PVC with a disk image. + properties: + hotpluggable: + description: Hotpluggable indicates whether the + volume can be hotplugged and hotunplugged. + type: boolean + name: + description: Name of both the DataVolume and the + PVC in the same namespace. + type: string + required: + - name + type: object + downwardAPI: + description: DownwardAPI represents downward API about + the pod that should populate this volume + properties: + fields: + description: Fields is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + volumeLabel: + description: |- + The volume label of the resulting disk inside the VMI. + Different bootstrapping mechanisms require different values. + Typical values are "cidata" (cloud-init), "config-2" (cloud-init) or "OEMDRV" (kickstart). + type: string + type: object + downwardMetrics: + description: |- + DownwardMetrics adds a very small disk to VMIs which contains a limited view of host and guest + metrics. The disk content is compatible with vhostmd (https://github.com/vhostmd/vhostmd) and vm-dump-metrics. + type: object + emptyDisk: + description: |- + EmptyDisk represents a temporary disk which shares the vmis lifecycle. + More info: https://kubevirt.gitbooks.io/user-guide/disks-and-volumes.html + properties: + capacity: + anyOf: + - type: integer + - type: string + description: Capacity of the sparse disk. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - capacity + type: object + ephemeral: + description: Ephemeral is a special volume source that + "wraps" specified source and provides copy-on-write + image on top of it. + properties: + persistentVolumeClaim: + description: |- + PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. + Directly attached to the vmi via qemu. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + type: object + hostDisk: + description: HostDisk represents a disk created on the + cluster level + properties: + capacity: + anyOf: + - type: integer + - type: string + description: Capacity of the sparse disk + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + path: + description: The path to HostDisk image located + on the cluster + type: string + shared: + description: Shared indicate whether the path is + shared between nodes + type: boolean + type: + description: |- + Contains information if disk.img exists or should be created + allowed options are 'Disk' and 'DiskOrCreate' + type: string + required: + - path + - type + type: object + memoryDump: + description: MemoryDump is attached to the virt launcher + and is populated with a memory dump of the vmi + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + hotpluggable: + description: Hotpluggable indicates whether the + volume can be hotplugged and hotunplugged. + type: boolean + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + name: + description: |- + Volume's name. + Must be a DNS_LABEL and unique within the vmi. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + persistentVolumeClaim: + description: |- + PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. + Directly attached to the vmi via qemu. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + hotpluggable: + description: Hotpluggable indicates whether the + volume can be hotplugged and hotunplugged. + type: boolean + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + secret: + description: |- + SecretVolumeSource represents a reference to a secret data in the same namespace. + More info: https://kubernetes.io/docs/concepts/configuration/secret/ + properties: + optional: + description: Specify whether the Secret or it's + keys must be defined + type: boolean + secretName: + description: |- + Name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + volumeLabel: + description: |- + The volume label of the resulting disk inside the VMI. + Different bootstrapping mechanisms require different values. + Typical values are "cidata" (cloud-init), "config-2" (cloud-init) or "OEMDRV" (kickstart). + type: string + type: object + serviceAccount: + description: |- + ServiceAccountVolumeSource represents a reference to a service account. + There can only be one volume of this type! + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + properties: + serviceAccountName: + description: |- + Name of the service account in the pod's namespace to use. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + type: object + sysprep: + description: Represents a Sysprep volume source. + properties: + configMap: + description: ConfigMap references a ConfigMap that + contains Sysprep answer file named autounattend.xml + that should be attached as disk of CDROM type. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret references a k8s Secret that + contains Sysprep answer file named autounattend.xml + that should be attached as disk of CDROM type. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 256 + type: array + required: + - domain + type: object + type: object + updateVolumesStrategy: + description: UpdateVolumesStrategy is the strategy to apply on volumes + updates + type: string + required: + - template + type: object + status: + description: |- + Status holds the current state of the controller and brief information + about its associated VirtualMachineInstance + properties: + conditions: + description: Hold the state information of the VirtualMachine and + its VirtualMachineInstance + items: + description: VirtualMachineCondition represents the state of VirtualMachine + properties: + lastProbeTime: + format: date-time + nullable: true + type: string + lastTransitionTime: + format: date-time + nullable: true + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + created: + description: Created indicates if the virtual machine is created in + the cluster + type: boolean + desiredGeneration: + description: |- + DesiredGeneration is the generation which is desired for the VMI. + This will be used in comparisons with ObservedGeneration to understand when + the VMI is out of sync. This will be changed at the same time as + ObservedGeneration to remove errors which could occur if Generation is + updated through an Update() before ObservedGeneration in Status. + format: int64 + type: integer + instancetypeRef: + description: InstancetypeRef captures the state of any referenced + instance type from the VirtualMachine + nullable: true + properties: + controllerRevisionRef: + description: |- + ControllerRef specifies the ControllerRevision storing a copy of the object captured + when it is first seen by the VirtualMachine controller + properties: + name: + description: Name of the ControllerRevision + type: string + type: object + inferFromVolume: + description: InferFromVolume lists the name of a volume that should + be used to infer or discover the resource + type: string + inferFromVolumeFailurePolicy: + description: InferFromVolumeFailurePolicy controls what should + happen on failure when inferring the resource + type: string + kind: + description: Kind specifies the kind of resource + type: string + name: + description: Name is the name of resource + type: string + type: object + memoryDumpRequest: + description: |- + MemoryDumpRequest tracks memory dump request phase and info of getting a memory + dump to the given pvc + nullable: true + properties: + claimName: + description: ClaimName is the name of the pvc that will contain + the memory dump + type: string + endTimestamp: + description: EndTimestamp represents the time the memory dump + was completed + format: date-time + type: string + fileName: + description: FileName represents the name of the output file + type: string + message: + description: Message is a detailed message about failure of the + memory dump + type: string + phase: + description: Phase represents the memory dump phase + type: string + remove: + description: Remove represents request of dissociating the memory + dump pvc + type: boolean + startTimestamp: + description: StartTimestamp represents the time the memory dump + started + format: date-time + type: string + required: + - claimName + - phase + type: object + observedGeneration: + description: ObservedGeneration is the generation observed by the + vmi when started. + format: int64 + type: integer + preferenceRef: + description: PreferenceRef captures the state of any referenced preference + from the VirtualMachine + nullable: true + properties: + controllerRevisionRef: + description: |- + ControllerRef specifies the ControllerRevision storing a copy of the object captured + when it is first seen by the VirtualMachine controller + properties: + name: + description: Name of the ControllerRevision + type: string + type: object + inferFromVolume: + description: InferFromVolume lists the name of a volume that should + be used to infer or discover the resource + type: string + inferFromVolumeFailurePolicy: + description: InferFromVolumeFailurePolicy controls what should + happen on failure when inferring the resource + type: string + kind: + description: Kind specifies the kind of resource + type: string + name: + description: Name is the name of resource + type: string + type: object + printableStatus: + default: Stopped + description: PrintableStatus is a human readable, high-level representation + of the status of the virtual machine + type: string + ready: + description: Ready indicates if the virtual machine is running and + ready + type: boolean + restoreInProgress: + description: RestoreInProgress is the name of the VirtualMachineRestore + currently executing + type: string + runStrategy: + description: |- + RunStrategy tracks the last recorded RunStrategy used by the VM. + This is needed to correctly process the next strategy (for now only the RerunOnFailure) + type: string + snapshotInProgress: + description: SnapshotInProgress is the name of the VirtualMachineSnapshot + currently executing + type: string + startFailure: + description: |- + StartFailure tracks consecutive VMI startup failures for the purposes of + crash loop backoffs + nullable: true + properties: + consecutiveFailCount: + type: integer + lastFailedVMIUID: + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. + type: string + retryAfterTimestamp: + format: date-time + type: string + type: object + stateChangeRequests: + description: |- + StateChangeRequests indicates a list of actions that should be taken on a VMI + e.g. stop a specific VMI then start a new one. + items: + properties: + action: + description: Indicates the type of action that is requested. + e.g. Start or Stop + type: string + data: + additionalProperties: + type: string + description: Provides additional data in order to perform the + Action + type: object + uid: + description: Indicates the UUID of an existing Virtual Machine + Instance that this change request applies to -- if applicable + type: string + required: + - action + type: object + type: array + volumeRequests: + description: |- + VolumeRequests indicates a list of volumes add or remove from the VMI template and + hotplug on an active running VMI. + items: + properties: + addVolumeOptions: + description: |- + AddVolumeOptions when set indicates a volume should be added. The details + within this field specify how to add the volume + properties: + disk: + description: Disk represents the hotplug disk that will + be plugged into the running VMI + properties: + blockSize: + description: If specified, the virtual disk will be + presented with the given block sizes. + properties: + custom: + description: CustomBlockSize represents the desired + logical and physical block size for a VM disk. + properties: + logical: + type: integer + physical: + type: integer + required: + - logical + - physical + type: object + matchVolume: + description: Represents if a feature is enabled + or disabled. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + type: object + bootOrder: + description: |- + BootOrder is an integer value > 0, used to determine ordering of boot devices. + Lower values take precedence. + Each disk or interface that has a boot order must have a unique value. + Disks without a boot order are not tried if a disk with a boot order exists. + type: integer + cache: + description: |- + Cache specifies which kvm disk cache mode should be used. + Supported values are: + none: Guest I/O not cached on the host, but may be kept in a disk cache. + writethrough: Guest I/O cached on the host but written through to the physical medium. Slowest but with most guarantees. + writeback: Guest I/O cached on the host. + Defaults to none if the storage supports O_DIRECT, otherwise writethrough. + type: string + cdrom: + description: Attach a volume as a cdrom to the vmi. + properties: + bus: + description: |- + Bus indicates the type of disk device to emulate. + supported values: virtio, sata, scsi. + type: string + readonly: + description: |- + ReadOnly. + Defaults to true. + type: boolean + tray: + description: |- + Tray indicates if the tray of the device is open or closed. + Allowed values are "open" and "closed". + Defaults to closed. + type: string + type: object + dedicatedIOThread: + description: |- + dedicatedIOThread indicates this disk should have an exclusive IO Thread. + Enabling this implies useIOThreads = true. + Defaults to false. + type: boolean + disk: + description: Attach a volume as a disk to the vmi. + properties: + bus: + description: |- + Bus indicates the type of disk device to emulate. + supported values: virtio, sata, scsi, usb. + type: string + pciAddress: + description: 'If specified, the virtual disk will + be placed on the guests pci address with the specified + PCI address. For example: 0000:81:01.10' + type: string + readonly: + description: |- + ReadOnly. + Defaults to false. + type: boolean + type: object + errorPolicy: + description: If specified, it can change the default + error policy (stop) for the disk + type: string + io: + description: |- + IO specifies which QEMU disk IO mode should be used. + Supported values are: native, default, threads. + type: string + lun: + description: Attach a volume as a LUN to the vmi. + properties: + bus: + description: |- + Bus indicates the type of disk device to emulate. + supported values: virtio, sata, scsi. + type: string + readonly: + description: |- + ReadOnly. + Defaults to false. + type: boolean + reservation: + description: Reservation indicates if the disk needs + to support the persistent reservation for the + SCSI disk + type: boolean + type: object + name: + description: Name is the device name + type: string + serial: + description: Serial provides the ability to specify + a serial number for the disk device. + type: string + shareable: + description: If specified the disk is made sharable + and multiple write from different VMs are permitted + type: boolean + tag: + description: If specified, disk address and its tag + will be provided to the guest via config drive metadata + type: string + required: + - name + type: object + dryRun: + description: |- + When present, indicates that modifications should not be + persisted. An invalid or unrecognized dryRun directive will + result in an error response and no further processing of the + request. Valid values are: + - All: all dry run stages will be processed + items: + type: string + type: array + x-kubernetes-list-type: atomic + name: + description: |- + Name represents the name that will be used to map the + disk to the corresponding volume. This overrides any name + set inside the Disk struct itself. + type: string + volumeSource: + description: VolumeSource represents the source of the volume + to map to the disk. + properties: + dataVolume: + description: |- + DataVolume represents the dynamic creation a PVC for this volume as well as + the process of populating that PVC with a disk image. + properties: + hotpluggable: + description: Hotpluggable indicates whether the + volume can be hotplugged and hotunplugged. + type: boolean + name: + description: Name of both the DataVolume and the + PVC in the same namespace. + type: string + required: + - name + type: object + persistentVolumeClaim: + description: |- + PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. + Directly attached to the vmi via qemu. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + hotpluggable: + description: Hotpluggable indicates whether the + volume can be hotplugged and hotunplugged. + type: boolean + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + type: object + required: + - disk + - name + - volumeSource + type: object + removeVolumeOptions: + description: |- + RemoveVolumeOptions when set indicates a volume should be removed. The details + within this field specify how to add the volume + properties: + dryRun: + description: |- + When present, indicates that modifications should not be + persisted. An invalid or unrecognized dryRun directive will + result in an error response and no further processing of the + request. Valid values are: + - All: all dry run stages will be processed + items: + type: string + type: array + x-kubernetes-list-type: atomic + name: + description: |- + Name represents the name that maps to both the disk and volume that + should be removed + type: string + required: + - name + type: object + type: object + type: array + x-kubernetes-list-type: atomic + volumeSnapshotStatuses: + description: |- + VolumeSnapshotStatuses indicates a list of statuses whether snapshotting is + supported by each volume. + items: + properties: + enabled: + description: True if the volume supports snapshotting + type: boolean + name: + description: Volume name + type: string + reason: + description: Empty if snapshotting is enabled, contains reason + otherwise + type: string + required: + - enabled + - name + type: object + type: array + volumeUpdateState: + description: |- + VolumeUpdateState contains the information about the volumes set + updates related to the volumeUpdateStrategy + properties: + volumeMigrationState: + description: VolumeMigrationState tracks the information related + to the volume migration + properties: + migratedVolumes: + description: MigratedVolumes lists the source and destination + volumes during the volume migration + items: + description: StorageMigratedVolumeInfo tracks the information + about the source and destination volumes during the volume + migration + properties: + destinationPVCInfo: + description: DestinationPVCInfo contains the information + about the destination PVC + properties: + accessModes: + description: |- + AccessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Capacity represents the capacity set + on the corresponding PVC status + type: object + claimName: + description: ClaimName is the name of the PVC + type: string + filesystemOverhead: + description: Percentage of filesystem's size to + be reserved when resizing the PVC + pattern: ^(0(?:\.\d{1,3})?|1)$ + type: string + preallocated: + description: Preallocated indicates if the PVC's + storage is preallocated or not + type: boolean + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests represents the resources requested + by the corresponding PVC spec + type: object + volumeMode: + description: |- + VolumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + type: object + sourcePVCInfo: + description: SourcePVCInfo contains the information + about the source PVC + properties: + accessModes: + description: |- + AccessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Capacity represents the capacity set + on the corresponding PVC status + type: object + claimName: + description: ClaimName is the name of the PVC + type: string + filesystemOverhead: + description: Percentage of filesystem's size to + be reserved when resizing the PVC + pattern: ^(0(?:\.\d{1,3})?|1)$ + type: string + preallocated: + description: Preallocated indicates if the PVC's + storage is preallocated or not + type: boolean + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests represents the resources requested + by the corresponding PVC spec + type: object + volumeMode: + description: |- + VolumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + type: object + volumeName: + description: VolumeName is the name of the volume that + is being migrated + type: string + required: + - volumeName + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Human Readable Status + jsonPath: .status.printableStatus + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + deprecated: true + deprecationWarning: kubevirt.io/v1alpha3 is now deprecated and will be removed + in a future release. + name: v1alpha3 + schema: + openAPIV3Schema: + description: |- + VirtualMachine handles the VirtualMachines that are not running + or are in a stopped state + The VirtualMachine contains the template to create the + VirtualMachineInstance. It also mirrors the running state of the created + VirtualMachineInstance in its status. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec contains the specification of VirtualMachineInstance + created + properties: + dataVolumeTemplates: + description: |- + dataVolumeTemplates is a list of dataVolumes that the VirtualMachineInstance template can reference. + DataVolumes in this list are dynamically created for the VirtualMachine and are tied to the VirtualMachine's life-cycle. + items: + nullable: true + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + spec: + description: DataVolumeSpec contains the DataVolume specification. + properties: + checkpoints: + description: Checkpoints is a list of DataVolumeCheckpoints, + representing stages in a multistage import. + items: + description: DataVolumeCheckpoint defines a stage in a + warm migration. + properties: + current: + description: Current is the identifier of the snapshot + created for this checkpoint. + type: string + previous: + description: Previous is the identifier of the snapshot + from the previous checkpoint. + type: string + required: + - current + - previous + type: object + type: array + contentType: + description: 'DataVolumeContentType options: "kubevirt", + "archive"' + enum: + - kubevirt + - archive + type: string + finalCheckpoint: + description: FinalCheckpoint indicates whether the current + DataVolumeCheckpoint is the final checkpoint. + type: boolean + preallocation: + description: Preallocation controls whether storage for + DataVolumes should be allocated in advance. + type: boolean + priorityClassName: + description: PriorityClassName for Importer, Cloner and + Uploader pod + type: string + pvc: + description: PVC is the PVC specification + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + source: + description: Source is the src of the data for the requested + DataVolume + properties: + blank: + description: DataVolumeBlankImage provides the parameters + to create a new raw blank image for the PVC + type: object + gcs: + description: DataVolumeSourceGCS provides the parameters + to create a Data Volume from an GCS source + properties: + secretRef: + description: SecretRef provides the secret reference + needed to access the GCS source + type: string + url: + description: URL is the url of the GCS source + type: string + required: + - url + type: object + http: + description: DataVolumeSourceHTTP can be either an http + or https endpoint, with an optional basic auth user + name and password, and an optional configmap containing + additional CAs + properties: + certConfigMap: + description: CertConfigMap is a configmap reference, + containing a Certificate Authority(CA) public + key, and a base64 encoded pem certificate + type: string + extraHeaders: + description: ExtraHeaders is a list of strings containing + extra headers to include with HTTP transfer requests + items: + type: string + type: array + secretExtraHeaders: + description: SecretExtraHeaders is a list of Secret + references, each containing an extra HTTP header + that may include sensitive information + items: + type: string + type: array + secretRef: + description: SecretRef A Secret reference, the secret + should contain accessKeyId (user name) base64 + encoded, and secretKey (password) also base64 + encoded + type: string + url: + description: URL is the URL of the http(s) endpoint + type: string + required: + - url + type: object + imageio: + description: DataVolumeSourceImageIO provides the parameters + to create a Data Volume from an imageio source + properties: + certConfigMap: + description: CertConfigMap provides a reference + to the CA cert + type: string + diskId: + description: DiskID provides id of a disk to be + imported + type: string + secretRef: + description: SecretRef provides the secret reference + needed to access the ovirt-engine + type: string + url: + description: URL is the URL of the ovirt-engine + type: string + required: + - diskId + - url + type: object + pvc: + description: DataVolumeSourcePVC provides the parameters + to create a Data Volume from an existing PVC + properties: + name: + description: The name of the source PVC + type: string + namespace: + description: The namespace of the source PVC + type: string + required: + - name + - namespace + type: object + registry: + description: DataVolumeSourceRegistry provides the parameters + to create a Data Volume from an registry source + properties: + certConfigMap: + description: CertConfigMap provides a reference + to the Registry certs + type: string + imageStream: + description: ImageStream is the name of image stream + for import + type: string + pullMethod: + description: PullMethod can be either "pod" (default + import), or "node" (node docker cache based import) + type: string + secretRef: + description: SecretRef provides the secret reference + needed to access the Registry source + type: string + url: + description: 'URL is the url of the registry source + (starting with the scheme: docker, oci-archive)' + type: string + type: object + s3: + description: DataVolumeSourceS3 provides the parameters + to create a Data Volume from an S3 source + properties: + certConfigMap: + description: CertConfigMap is a configmap reference, + containing a Certificate Authority(CA) public + key, and a base64 encoded pem certificate + type: string + secretRef: + description: SecretRef provides the secret reference + needed to access the S3 source + type: string + url: + description: URL is the url of the S3 source + type: string + required: + - url + type: object + snapshot: + description: DataVolumeSourceSnapshot provides the parameters + to create a Data Volume from an existing VolumeSnapshot + properties: + name: + description: The name of the source VolumeSnapshot + type: string + namespace: + description: The namespace of the source VolumeSnapshot + type: string + required: + - name + - namespace + type: object + upload: + description: DataVolumeSourceUpload provides the parameters + to create a Data Volume by uploading the source + type: object + vddk: + description: DataVolumeSourceVDDK provides the parameters + to create a Data Volume from a Vmware source + properties: + backingFile: + description: BackingFile is the path to the virtual + hard disk to migrate from vCenter/ESXi + type: string + initImageURL: + description: InitImageURL is an optional URL to + an image containing an extracted VDDK library, + overrides v2v-vmware config map + type: string + secretRef: + description: SecretRef provides a reference to a + secret containing the username and password needed + to access the vCenter or ESXi host + type: string + thumbprint: + description: Thumbprint is the certificate thumbprint + of the vCenter or ESXi host + type: string + url: + description: URL is the URL of the vCenter or ESXi + host with the VM to migrate + type: string + uuid: + description: UUID is the UUID of the virtual machine + that the backing file is attached to in vCenter/ESXi + type: string + type: object + type: object + sourceRef: + description: SourceRef is an indirect reference to the source + of data for the requested DataVolume + properties: + kind: + description: The kind of the source reference, currently + only "DataSource" is supported + type: string + name: + description: The name of the source reference + type: string + namespace: + description: The namespace of the source reference, + defaults to the DataVolume namespace + type: string + required: + - kind + - name + type: object + storage: + description: Storage is the requested storage specification + properties: + accessModes: + description: |- + AccessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. + If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. + This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. + There are two important differences between DataSource and DataSourceRef: + * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. + * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + Resources represents the minimum resources the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: A label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + type: object + status: + description: |- + DataVolumeTemplateDummyStatus is here simply for backwards compatibility with + a previous API. + nullable: true + type: object + required: + - spec + type: object + type: array + instancetype: + description: InstancetypeMatcher references a instancetype that is + used to fill fields in Template + properties: + inferFromVolume: + description: |- + InferFromVolume lists the name of a volume that should be used to infer or discover the instancetype + to be used through known annotations on the underlying resource. Once applied to the InstancetypeMatcher + this field is removed. + type: string + inferFromVolumeFailurePolicy: + description: |- + InferFromVolumeFailurePolicy controls what should happen on failure when inferring the instancetype. + Allowed values are: "RejectInferFromVolumeFailure" and "IgnoreInferFromVolumeFailure". + If not specified, "RejectInferFromVolumeFailure" is used by default. + type: string + kind: + description: |- + Kind specifies which instancetype resource is referenced. + Allowed values are: "VirtualMachineInstancetype" and "VirtualMachineClusterInstancetype". + If not specified, "VirtualMachineClusterInstancetype" is used by default. + type: string + name: + description: Name is the name of the VirtualMachineInstancetype + or VirtualMachineClusterInstancetype + type: string + revisionName: + description: |- + RevisionName specifies a ControllerRevision containing a specific copy of the + VirtualMachineInstancetype or VirtualMachineClusterInstancetype to be used. This is initially + captured the first time the instancetype is applied to the VirtualMachineInstance. + type: string + type: object + preference: + description: PreferenceMatcher references a set of preference that + is used to fill fields in Template + properties: + inferFromVolume: + description: |- + InferFromVolume lists the name of a volume that should be used to infer or discover the preference + to be used through known annotations on the underlying resource. Once applied to the PreferenceMatcher + this field is removed. + type: string + inferFromVolumeFailurePolicy: + description: |- + InferFromVolumeFailurePolicy controls what should happen on failure when preference the instancetype. + Allowed values are: "RejectInferFromVolumeFailure" and "IgnoreInferFromVolumeFailure". + If not specified, "RejectInferFromVolumeFailure" is used by default. + type: string + kind: + description: |- + Kind specifies which preference resource is referenced. + Allowed values are: "VirtualMachinePreference" and "VirtualMachineClusterPreference". + If not specified, "VirtualMachineClusterPreference" is used by default. + type: string + name: + description: Name is the name of the VirtualMachinePreference + or VirtualMachineClusterPreference + type: string + revisionName: + description: |- + RevisionName specifies a ControllerRevision containing a specific copy of the + VirtualMachinePreference or VirtualMachineClusterPreference to be used. This is + initially captured the first time the instancetype is applied to the VirtualMachineInstance. + type: string + type: object + runStrategy: + description: |- + Running state indicates the requested running state of the VirtualMachineInstance + mutually exclusive with Running + type: string + running: + description: |- + Running controls whether the associatied VirtualMachineInstance is created or not + Mutually exclusive with RunStrategy + Deprecated: VirtualMachineInstance field "Running" is now deprecated, please use RunStrategy instead. + type: boolean + template: + description: Template is the direct specification of VirtualMachineInstance + properties: + metadata: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + spec: + description: VirtualMachineInstance Spec contains the VirtualMachineInstance + specification. + properties: + accessCredentials: + description: Specifies a set of public keys to inject into + the vm guest + items: + description: |- + AccessCredential represents a credential source that can be used to + authorize remote access to the vm guest + Only one of its members may be specified. + properties: + sshPublicKey: + description: |- + SSHPublicKey represents the source and method of applying a ssh public + key into a guest virtual machine. + properties: + propagationMethod: + description: PropagationMethod represents how the + public key is injected into the vm guest. + properties: + configDrive: + description: |- + ConfigDrivePropagation means that the ssh public keys are injected + into the VM using metadata using the configDrive cloud-init provider + type: object + noCloud: + description: |- + NoCloudPropagation means that the ssh public keys are injected + into the VM using metadata using the noCloud cloud-init provider + type: object + qemuGuestAgent: + description: |- + QemuGuestAgentAccessCredentailPropagation means ssh public keys are + dynamically injected into the vm at runtime via the qemu guest agent. + This feature requires the qemu guest agent to be running within the guest. + properties: + users: + description: |- + Users represents a list of guest users that should have the ssh public keys + added to their authorized_keys file. + items: + type: string + type: array + x-kubernetes-list-type: set + required: + - users + type: object + type: object + source: + description: Source represents where the public + keys are pulled from + properties: + secret: + description: Secret means that the access credential + is pulled from a kubernetes secret + properties: + secretName: + description: SecretName represents the name + of the secret in the VMI's namespace + type: string + required: + - secretName + type: object + type: object + required: + - propagationMethod + - source + type: object + userPassword: + description: |- + UserPassword represents the source and method for applying a guest user's + password + properties: + propagationMethod: + description: propagationMethod represents how the + user passwords are injected into the vm guest. + properties: + qemuGuestAgent: + description: |- + QemuGuestAgentAccessCredentailPropagation means passwords are + dynamically injected into the vm at runtime via the qemu guest agent. + This feature requires the qemu guest agent to be running within the guest. + type: object + type: object + source: + description: Source represents where the user passwords + are pulled from + properties: + secret: + description: Secret means that the access credential + is pulled from a kubernetes secret + properties: + secretName: + description: SecretName represents the name + of the secret in the VMI's namespace + type: string + required: + - secretName + type: object + type: object + required: + - propagationMethod + - source + type: object + type: object + maxItems: 256 + type: array + x-kubernetes-list-type: atomic + affinity: + description: If affinity is specifies, obey all the affinity + rules + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + architecture: + description: Specifies the architecture of the vm guest you + are attempting to run. Defaults to the compiled architecture + of the KubeVirt components + type: string + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: |- + Name is this DNS resolver option's name. + Required. + type: string + value: + description: Value is this DNS resolver option's + value. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + domain: + description: Specification of the desired behavior of the + VirtualMachineInstance on the host. + properties: + chassis: + description: Chassis specifies the chassis info passed + to the domain. + properties: + asset: + type: string + manufacturer: + type: string + serial: + type: string + sku: + type: string + version: + type: string + type: object + clock: + description: Clock sets the clock and timers of the vmi. + properties: + timer: + description: Timer specifies whih timers are attached + to the vmi. + properties: + hpet: + description: HPET (High Precision Event Timer) + - multiple timers with periodic interrupts. + properties: + present: + description: |- + Enabled set to false makes sure that the machine type or a preset can't add the timer. + Defaults to true. + type: boolean + tickPolicy: + description: |- + TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest. + One of "delay", "catchup", "merge", "discard". + type: string + type: object + hyperv: + description: Hyperv (Hypervclock) - lets guests + read the host’s wall clock time (paravirtualized). + For windows guests. + properties: + present: + description: |- + Enabled set to false makes sure that the machine type or a preset can't add the timer. + Defaults to true. + type: boolean + type: object + kvm: + description: "KVM \t(KVM clock) - lets guests + read the host’s wall clock time (paravirtualized). + For linux guests." + properties: + present: + description: |- + Enabled set to false makes sure that the machine type or a preset can't add the timer. + Defaults to true. + type: boolean + type: object + pit: + description: PIT (Programmable Interval Timer) + - a timer with periodic interrupts. + properties: + present: + description: |- + Enabled set to false makes sure that the machine type or a preset can't add the timer. + Defaults to true. + type: boolean + tickPolicy: + description: |- + TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest. + One of "delay", "catchup", "discard". + type: string + type: object + rtc: + description: RTC (Real Time Clock) - a continuously + running timer with periodic interrupts. + properties: + present: + description: |- + Enabled set to false makes sure that the machine type or a preset can't add the timer. + Defaults to true. + type: boolean + tickPolicy: + description: |- + TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest. + One of "delay", "catchup". + type: string + track: + description: Track the guest or the wall clock. + type: string + type: object + type: object + timezone: + description: |- + Timezone sets the guest clock to the specified timezone. + Zone name follows the TZ environment variable format (e.g. 'America/New_York'). + type: string + utc: + description: |- + UTC sets the guest clock to UTC on each boot. If an offset is specified, + guest changes to the clock will be kept during reboots and are not reset. + properties: + offsetSeconds: + description: |- + OffsetSeconds specifies an offset in seconds, relative to UTC. If set, + guest changes to the clock will be kept during reboots and not reset. + type: integer + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + cpu: + description: CPU allow specified the detailed CPU topology + inside the vmi. + properties: + cores: + description: |- + Cores specifies the number of cores inside the vmi. + Must be a value greater or equal 1. + format: int32 + type: integer + dedicatedCpuPlacement: + description: |- + DedicatedCPUPlacement requests the scheduler to place the VirtualMachineInstance on a node + with enough dedicated pCPUs and pin the vCPUs to it. + type: boolean + features: + description: Features specifies the CPU features list + inside the VMI. + items: + description: CPUFeature allows specifying a CPU + feature. + properties: + name: + description: Name of the CPU feature + type: string + policy: + description: |- + Policy is the CPU feature attribute which can have the following attributes: + force - The virtual CPU will claim the feature is supported regardless of it being supported by host CPU. + require - Guest creation will fail unless the feature is supported by the host CPU or the hypervisor is able to emulate it. + optional - The feature will be supported by virtual CPU if and only if it is supported by host CPU. + disable - The feature will not be supported by virtual CPU. + forbid - Guest creation will fail if the feature is supported by host CPU. + Defaults to require + type: string + required: + - name + type: object + type: array + isolateEmulatorThread: + description: |- + IsolateEmulatorThread requests one more dedicated pCPU to be allocated for the VMI to place + the emulator thread on it. + type: boolean + maxSockets: + description: |- + MaxSockets specifies the maximum amount of sockets that can + be hotplugged + format: int32 + type: integer + model: + description: |- + Model specifies the CPU model inside the VMI. + List of available models https://github.com/libvirt/libvirt/tree/master/src/cpu_map. + It is possible to specify special cases like "host-passthrough" to get the same CPU as the node + and "host-model" to get CPU closest to the node one. + Defaults to host-model. + type: string + numa: + description: NUMA allows specifying settings for the + guest NUMA topology + properties: + guestMappingPassthrough: + description: |- + GuestMappingPassthrough will create an efficient guest topology based on host CPUs exclusively assigned to a pod. + The created topology ensures that memory and CPUs on the virtual numa nodes never cross boundaries of host numa nodes. + type: object + type: object + realtime: + description: Realtime instructs the virt-launcher + to tune the VMI for lower latency, optional for + real time workloads + properties: + mask: + description: |- + Mask defines the vcpu mask expression that defines which vcpus are used for realtime. Format matches libvirt's expressions. + Example: "0-3,^1","0,2,3","2-3" + type: string + type: object + sockets: + description: |- + Sockets specifies the number of sockets inside the vmi. + Must be a value greater or equal 1. + format: int32 + type: integer + threads: + description: |- + Threads specifies the number of threads inside the vmi. + Must be a value greater or equal 1. + format: int32 + type: integer + type: object + devices: + description: Devices allows adding disks, network interfaces, + and others + properties: + autoattachGraphicsDevice: + description: |- + Whether to attach the default graphics device or not. + VNC will not be available if set to false. Defaults to true. + type: boolean + autoattachInputDevice: + description: |- + Whether to attach an Input Device. + Defaults to false. + type: boolean + autoattachMemBalloon: + description: |- + Whether to attach the Memory balloon device with default period. + Period can be adjusted in virt-config. + Defaults to true. + type: boolean + autoattachPodInterface: + description: Whether to attach a pod network interface. + Defaults to true. + type: boolean + autoattachSerialConsole: + description: |- + Whether to attach the default virtio-serial console or not. + Serial console access will not be available if set to false. Defaults to true. + type: boolean + autoattachVSOCK: + description: |- + Whether to attach the VSOCK CID to the VM or not. + VSOCK access will be available if set to true. Defaults to false. + type: boolean + blockMultiQueue: + description: |- + Whether or not to enable virtio multi-queue for block devices. + Defaults to false. + type: boolean + clientPassthrough: + description: To configure and access client devices + such as redirecting USB + type: object + disableHotplug: + description: DisableHotplug disabled the ability to + hotplug disks. + type: boolean + disks: + description: Disks describes disks, cdroms and luns + which are connected to the vmi. + items: + properties: + blockSize: + description: If specified, the virtual disk + will be presented with the given block sizes. + properties: + custom: + description: CustomBlockSize represents + the desired logical and physical block + size for a VM disk. + properties: + logical: + type: integer + physical: + type: integer + required: + - logical + - physical + type: object + matchVolume: + description: Represents if a feature is + enabled or disabled. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + type: object + bootOrder: + description: |- + BootOrder is an integer value > 0, used to determine ordering of boot devices. + Lower values take precedence. + Each disk or interface that has a boot order must have a unique value. + Disks without a boot order are not tried if a disk with a boot order exists. + type: integer + cache: + description: |- + Cache specifies which kvm disk cache mode should be used. + Supported values are: + none: Guest I/O not cached on the host, but may be kept in a disk cache. + writethrough: Guest I/O cached on the host but written through to the physical medium. Slowest but with most guarantees. + writeback: Guest I/O cached on the host. + Defaults to none if the storage supports O_DIRECT, otherwise writethrough. + type: string + cdrom: + description: Attach a volume as a cdrom to the + vmi. + properties: + bus: + description: |- + Bus indicates the type of disk device to emulate. + supported values: virtio, sata, scsi. + type: string + readonly: + description: |- + ReadOnly. + Defaults to true. + type: boolean + tray: + description: |- + Tray indicates if the tray of the device is open or closed. + Allowed values are "open" and "closed". + Defaults to closed. + type: string + type: object + dedicatedIOThread: + description: |- + dedicatedIOThread indicates this disk should have an exclusive IO Thread. + Enabling this implies useIOThreads = true. + Defaults to false. + type: boolean + disk: + description: Attach a volume as a disk to the + vmi. + properties: + bus: + description: |- + Bus indicates the type of disk device to emulate. + supported values: virtio, sata, scsi, usb. + type: string + pciAddress: + description: 'If specified, the virtual + disk will be placed on the guests pci + address with the specified PCI address. + For example: 0000:81:01.10' + type: string + readonly: + description: |- + ReadOnly. + Defaults to false. + type: boolean + type: object + errorPolicy: + description: If specified, it can change the + default error policy (stop) for the disk + type: string + io: + description: |- + IO specifies which QEMU disk IO mode should be used. + Supported values are: native, default, threads. + type: string + lun: + description: Attach a volume as a LUN to the + vmi. + properties: + bus: + description: |- + Bus indicates the type of disk device to emulate. + supported values: virtio, sata, scsi. + type: string + readonly: + description: |- + ReadOnly. + Defaults to false. + type: boolean + reservation: + description: Reservation indicates if the + disk needs to support the persistent reservation + for the SCSI disk + type: boolean + type: object + name: + description: Name is the device name + type: string + serial: + description: Serial provides the ability to + specify a serial number for the disk device. + type: string + shareable: + description: If specified the disk is made sharable + and multiple write from different VMs are + permitted + type: boolean + tag: + description: If specified, disk address and + its tag will be provided to the guest via + config drive metadata + type: string + required: + - name + type: object + maxItems: 256 + type: array + downwardMetrics: + description: DownwardMetrics creates a virtio serials + for exposing the downward metrics to the vmi. + type: object + filesystems: + description: Filesystems describes filesystem which + is connected to the vmi. + items: + properties: + name: + description: Name is the device name + type: string + virtiofs: + description: Virtiofs is supported + type: object + required: + - name + - virtiofs + type: object + type: array + x-kubernetes-list-type: atomic + gpus: + description: Whether to attach a GPU device to the + vmi. + items: + properties: + claimName: + description: |- + ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this + device is allocated + type: string + deviceName: + description: DeviceName is the name of the device + provisioned by device-plugins + type: string + name: + description: Name of the GPU device as exposed + by a device plugin + type: string + requestName: + description: |- + RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this + device is requested + type: string + tag: + description: If specified, the virtual network + interface address and its tag will be provided + to the guest via config drive + type: string + virtualGPUOptions: + properties: + display: + properties: + enabled: + description: |- + Enabled determines if a display addapter backed by a vGPU should be enabled or disabled on the guest. + Defaults to true. + type: boolean + ramFB: + description: |- + Enables a boot framebuffer, until the guest OS loads a real GPU driver + Defaults to true. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-type: atomic + hostDevices: + description: Whether to attach a host device to the + vmi. + items: + properties: + claimName: + description: |- + ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this + device is allocated + type: string + deviceName: + description: DeviceName is the name of the device + provisioned by device-plugins + type: string + name: + type: string + requestName: + description: |- + RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this + device is requested + type: string + tag: + description: If specified, the virtual network + interface address and its tag will be provided + to the guest via config drive + type: string + required: + - name + type: object + type: array + x-kubernetes-list-type: atomic + inputs: + description: Inputs describe input devices + items: + properties: + bus: + description: |- + Bus indicates the bus of input device to emulate. + Supported values: virtio, usb. + type: string + name: + description: Name is the device name + type: string + type: + description: |- + Type indicated the type of input device. + Supported values: tablet. + type: string + required: + - name + - type + type: object + type: array + interfaces: + description: Interfaces describe network interfaces + which are added to the vmi. + items: + properties: + acpiIndex: + description: |- + If specified, the ACPI index is used to provide network interface device naming, that is stable across changes + in PCI addresses assigned to the device. + This value is required to be unique across all devices and be between 1 and (16*1024-1). + type: integer + binding: + description: |- + Binding specifies the binding plugin that will be used to connect the interface to the guest. + It provides an alternative to InterfaceBindingMethod. + version: 1alphav1 + properties: + name: + description: |- + Name references to the binding name as denined in the kubevirt CR. + version: 1alphav1 + type: string + required: + - name + type: object + bootOrder: + description: |- + BootOrder is an integer value > 0, used to determine ordering of boot devices. + Lower values take precedence. + Each interface or disk that has a boot order must have a unique value. + Interfaces without a boot order are not tried. + type: integer + bridge: + description: InterfaceBridge connects to a given + network via a linux bridge. + type: object + dhcpOptions: + description: If specified the network interface + will pass additional DHCP options to the VMI + properties: + bootFileName: + description: If specified will pass option + 67 to interface's DHCP server + type: string + ntpServers: + description: If specified will pass the + configured NTP server to the VM via DHCP + option 042. + items: + type: string + type: array + privateOptions: + description: 'If specified will pass extra + DHCP options for private use, range: 224-254' + items: + description: DHCPExtraOptions defines + Extra DHCP options for a VM. + properties: + option: + description: |- + Option is an Integer value from 224-254 + Required. + type: integer + value: + description: |- + Value is a String value for the Option provided + Required. + type: string + required: + - option + - value + type: object + type: array + tftpServerName: + description: If specified will pass option + 66 to interface's DHCP server + type: string + type: object + macAddress: + description: 'Interface MAC address. For example: + de:ad:00:00:be:af or DE-AD-00-00-BE-AF.' + type: string + macvtap: + description: |- + DeprecatedMacvtap is an alias to the deprecated Macvtap interface, + please refer to Kubevirt user guide for alternatives. + Deprecated: Removed in v1.3 + type: object + masquerade: + description: InterfaceMasquerade connects to + a given network using netfilter rules to nat + the traffic. + type: object + model: + description: |- + Interface model. + One of: e1000, e1000e, igb, ne2k_pci, pcnet, rtl8139, virtio. + Defaults to virtio. + type: string + name: + description: |- + Logical name of the interface as well as a reference to the associated networks. + Must match the Name of a Network. + type: string + passt: + description: |- + DeprecatedPasst is an alias to the deprecated Passt interface, + please refer to Kubevirt user guide for alternatives. + Deprecated: Removed in v1.3 + type: object + pciAddress: + description: 'If specified, the virtual network + interface will be placed on the guests pci + address with the specified PCI address. For + example: 0000:81:01.10' + type: string + ports: + description: List of ports to be forwarded to + the virtual machine. + items: + description: |- + Port represents a port to expose from the virtual machine. + Default protocol TCP. + The port field is mandatory + properties: + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + port: + description: |- + Number of port to expose for the virtual machine. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + protocol: + description: |- + Protocol for port. Must be UDP or TCP. + Defaults to "TCP". + type: string + required: + - port + type: object + type: array + slirp: + description: |- + DeprecatedSlirp is an alias to the deprecated Slirp interface + Deprecated: Removed in v1.3 + type: object + sriov: + description: InterfaceSRIOV connects to a given + network by passing-through an SR-IOV PCI device + via vfio. + type: object + state: + description: |- + State represents the requested operational state of the interface. + The supported values are: + 'absent', expressing a request to remove the interface. + 'down', expressing a request to set the link down. + 'up', expressing a request to set the link up. + Empty value functions as 'up'. + type: string + tag: + description: If specified, the virtual network + interface address and its tag will be provided + to the guest via config drive + type: string + required: + - name + type: object + maxItems: 256 + type: array + logSerialConsole: + description: |- + Whether to log the auto-attached default serial console or not. + Serial console logs will be collect to a file and then streamed from a named 'guest-console-log'. + Not relevant if autoattachSerialConsole is disabled. + Defaults to cluster wide setting on VirtualMachineOptions. + type: boolean + networkInterfaceMultiqueue: + description: If specified, virtual network interfaces + configured with a virtio bus will also enable the + vhost multiqueue feature for network devices. The + number of queues created depends on additional factors + of the VirtualMachineInstance, like the number of + guest CPUs. + type: boolean + panicDevices: + description: PanicDevices provides additional crash + information when a guest crashes. + items: + properties: + model: + description: |- + Model specifies what type of panic device is provided. + The panic model used when this attribute is missing depends on the hypervisor and guest arch. + One of: isa, hyperv, pvpanic. + type: string + type: object + type: array + rng: + description: Whether to have random number generator + from host + type: object + sound: + description: Whether to emulate a sound device. + properties: + model: + description: |- + We only support ich9 or ac97. + If SoundDevice is not set: No sound card is emulated. + If SoundDevice is set but Model is not: ich9 + type: string + name: + description: User's defined name for this sound + device + type: string + required: + - name + type: object + tpm: + description: Whether to emulate a TPM device. + properties: + enabled: + description: |- + Enabled allows a user to explicitly disable the vTPM even when one is enabled by a preference referenced by the VirtualMachine + Defaults to True + type: boolean + persistent: + description: |- + Persistent indicates the state of the TPM device should be kept accross reboots + Defaults to false + type: boolean + type: object + useVirtioTransitional: + description: |- + Fall back to legacy virtio 0.9 support if virtio bus is selected on devices. + This is helpful for old machines like CentOS6 or RHEL6 which + do not understand virtio_non_transitional (virtio 1.0). + type: boolean + video: + description: Video describes the video device configuration + for the vmi. + properties: + type: + description: |- + Type specifies the video device type (e.g., virtio, vga, bochs, ramfb). + If not specified, the default is architecture-dependent (VGA for BIOS-based VMs, Bochs for EFI-based VMs on AMD64; virtio for Arm and s390x). + type: string + type: object + watchdog: + description: Watchdog describes a watchdog device + which can be added to the vmi. + properties: + diag288: + description: diag288 watchdog device (specific + to s390x architecture). + properties: + action: + description: |- + The action to take. Valid values are poweroff, reset, shutdown. + Defaults to reset. + type: string + type: object + i6300esb: + description: i6300esb watchdog device. + properties: + action: + description: |- + The action to take. Valid values are poweroff, reset, shutdown. + Defaults to reset. + type: string + type: object + name: + description: Name of the watchdog. + type: string + required: + - name + type: object + type: object + features: + description: Features like acpi, apic, hyperv, smm. + properties: + acpi: + description: |- + ACPI enables/disables ACPI inside the guest. + Defaults to enabled. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + apic: + description: Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + endOfInterrupt: + description: |- + EndOfInterrupt enables the end of interrupt notification in the guest. + Defaults to false. + type: boolean + type: object + hyperv: + description: Defaults to the machine type setting. + properties: + evmcs: + description: |- + EVMCS Speeds up L2 vmexits, but disables other virtualization features. Requires vapic. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + frequencies: + description: |- + Frequencies improves the TSC clock source handling for Hyper-V on KVM. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + ipi: + description: |- + IPI improves performances in overcommited environments. Requires vpindex. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + reenlightenment: + description: |- + Reenlightenment enables the notifications on TSC frequency changes. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + relaxed: + description: |- + Relaxed instructs the guest OS to disable watchdog timeouts. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + reset: + description: |- + Reset enables Hyperv reboot/reset for the vmi. Requires synic. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + runtime: + description: |- + Runtime improves the time accounting to improve scheduling in the guest. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + spinlocks: + description: Spinlocks allows to configure the + spinlock retry attempts. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + spinlocks: + description: |- + Retries indicates the number of retries. + Must be a value greater or equal 4096. + Defaults to 4096. + format: int32 + type: integer + type: object + synic: + description: |- + SyNIC enables the Synthetic Interrupt Controller. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + synictimer: + description: |- + SyNICTimer enables Synthetic Interrupt Controller Timers, reducing CPU load. + Defaults to the machine type setting. + properties: + direct: + description: Represents if a feature is enabled + or disabled. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + enabled: + type: boolean + type: object + tlbflush: + description: |- + TLBFlush improves performances in overcommited environments. Requires vpindex. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + vapic: + description: |- + VAPIC improves the paravirtualized handling of interrupts. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + vendorid: + description: |- + VendorID allows setting the hypervisor vendor id. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + vendorid: + description: |- + VendorID sets the hypervisor vendor id, visible to the vmi. + String up to twelve characters. + type: string + type: object + vpindex: + description: |- + VPIndex enables the Virtual Processor Index to help windows identifying virtual processors. + Defaults to the machine type setting. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + type: object + hypervPassthrough: + description: |- + This enables all supported hyperv flags automatically. + Bear in mind that if this enabled hyperV features cannot + be enabled explicitly. In addition, a Virtual Machine + using it will be non-migratable. + properties: + enabled: + type: boolean + type: object + kvm: + description: Configure how KVM presence is exposed + to the guest. + properties: + hidden: + description: |- + Hide the KVM hypervisor from standard MSR based discovery. + Defaults to false + type: boolean + type: object + pvspinlock: + description: |- + Notify the guest that the host supports paravirtual spinlocks. + For older kernels this feature should be explicitly disabled. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + smm: + description: |- + SMM enables/disables System Management Mode. + TSEG not yet implemented. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + type: object + firmware: + description: Firmware. + properties: + acpi: + description: Information that can be set in the ACPI + table + properties: + msdmNameRef: + description: |- + Similar to SlicNameRef, another ACPI entry that is used in more recent Windows versions. + The above points to the spec of MSDM too. + type: string + slicNameRef: + description: |- + SlicNameRef should match the volume name of a secret object. The data in the secret should + be a binary blob that follows the ACPI SLIC standard, see: + https://learn.microsoft.com/en-us/previous-versions/windows/hardware/design/dn653305(v=vs.85) + type: string + type: object + bootloader: + description: Settings to control the bootloader that + is used. + properties: + bios: + description: If set (default), BIOS will be used. + properties: + useSerial: + description: If set, the BIOS output will + be transmitted over serial + type: boolean + type: object + efi: + description: If set, EFI will be used instead + of BIOS. + properties: + persistent: + description: |- + If set to true, Persistent will persist the EFI NVRAM across reboots. + Defaults to false + type: boolean + secureBoot: + description: |- + If set, SecureBoot will be enabled and the OVMF roms will be swapped for + SecureBoot-enabled ones. + Requires SMM to be enabled. + Defaults to true + type: boolean + type: object + type: object + kernelBoot: + description: Settings to set the kernel for booting. + properties: + container: + description: Container defines the container that + containes kernel artifacts + properties: + image: + description: Image that contains initrd / + kernel files. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + imagePullSecret: + description: ImagePullSecret is the name of + the Docker registry secret required to pull + the image. The secret must already exist. + type: string + initrdPath: + description: the fully-qualified path to the + ramdisk image in the host OS + type: string + kernelPath: + description: The fully-qualified path to the + kernel image in the host OS + type: string + required: + - image + type: object + kernelArgs: + description: Arguments to be passed to the kernel + at boot time + type: string + type: object + serial: + description: The system-serial-number in SMBIOS + type: string + uuid: + description: |- + UUID reported by the vmi bios. + Defaults to a random generated uid. + type: string + type: object + ioThreads: + description: IOThreads specifies the IOThreads options. + properties: + supplementalPoolThreadCount: + description: SupplementalPoolThreadCount specifies + how many iothreads are allocated for the supplementalPool + policy. + format: int32 + type: integer + type: object + ioThreadsPolicy: + description: |- + Controls whether or not disks will share IOThreads. + Omitting IOThreadsPolicy disables use of IOThreads. + One of: shared, auto, supplementalPool + type: string + launchSecurity: + description: Launch Security setting of the vmi. + properties: + sev: + description: AMD Secure Encrypted Virtualization (SEV). + properties: + attestation: + description: If specified, run the attestation + process for a vmi. + type: object + dhCert: + description: Base64 encoded guest owner's Diffie-Hellman + key. + type: string + policy: + description: |- + Guest policy flags as defined in AMD SEV API specification. + Note: due to security reasons it is not allowed to enable guest debugging. Therefore NoDebug flag is not exposed to users and is always true. + properties: + encryptedState: + description: |- + SEV-ES is required. + Defaults to false. + type: boolean + type: object + session: + description: Base64 encoded session blob. + type: string + type: object + type: object + machine: + description: Machine type. + properties: + type: + description: QEMU machine type is the actual chipset + of the VirtualMachineInstance. + type: string + type: object + memory: + description: Memory allow specifying the VMI memory features. + properties: + guest: + anyOf: + - type: integer + - type: string + description: |- + Guest allows to specifying the amount of memory which is visible inside the Guest OS. + The Guest must lie between Requests and Limits from the resources section. + Defaults to the requested memory in the resources section if not specified. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + hugepages: + description: Hugepages allow to use hugepages for + the VirtualMachineInstance instead of regular memory. + properties: + pageSize: + description: PageSize specifies the hugepage size, + for x86_64 architecture valid values are 1Gi + and 2Mi. + type: string + type: object + maxGuest: + anyOf: + - type: integer + - type: string + description: |- + MaxGuest allows to specify the maximum amount of memory which is visible inside the Guest OS. + The delta between MaxGuest and Guest is the amount of memory that can be hot(un)plugged. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + resources: + description: Resources describes the Compute Resources + required by this vmi. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + Valid resource keys are "memory" and "cpu". + type: object + overcommitGuestOverhead: + description: |- + Don't ask the scheduler to take the guest-management overhead into account. Instead + put the overhead only into the container's memory limit. This can lead to crashes if + all memory is in use on a node. Defaults to false. + type: boolean + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests is a description of the initial vmi resources. + Valid resource keys are "memory" and "cpu". + type: object + type: object + required: + - devices + type: object + evictionStrategy: + description: |- + EvictionStrategy describes the strategy to follow when a node drain occurs. + The possible options are: + - "None": No action will be taken, according to the specified 'RunStrategy' the VirtualMachine will be restarted or shutdown. + - "LiveMigrate": the VirtualMachineInstance will be migrated instead of being shutdown. + - "LiveMigrateIfPossible": the same as "LiveMigrate" but only if the VirtualMachine is Live-Migratable, otherwise it will behave as "None". + - "External": the VirtualMachineInstance will be protected and 'vmi.Status.EvacuationNodeName' will be set on eviction. This is mainly useful for cluster-api-provider-kubevirt (capk) which needs a way for VMI's to be blocked from eviction, yet signal capk that eviction has been called on the VMI so the capk controller can handle tearing the VMI down. Details can be found in the commit description https://github.com/kubevirt/kubevirt/commit/c1d77face705c8b126696bac9a3ee3825f27f1fa. + type: string + hostname: + description: |- + Specifies the hostname of the vmi + If not specified, the hostname will be set to the name of the vmi, if dhcp or cloud-init is configured properly. + type: string + livenessProbe: + description: |- + Periodic probe of VirtualMachineInstance liveness. + VirtualmachineInstances will be stopped if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: |- + One and only one of the following should be specified. + Exec specifies the action to take, it will be executed on the guest through the qemu-guest-agent. + If the guest agent is not available, this probe will fail. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + guestAgentPing: + description: GuestAgentPing contacts the qemu-guest-agent + for availability checks. + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: |- + TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + For exec probes the timeout fails the probe but does not terminate the command running on the guest. + This means a blocking command can result in an increasing load on the guest. + A small buffer will be added to the resulting workload exec probe to compensate for delays + caused by the qemu guest exec mechanism. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + networks: + description: List of networks that can be attached to a vm's + virtual interface. + items: + description: Network represents a network type and a resource + that should be connected to the vm. + properties: + multus: + description: Represents the multus cni network. + properties: + default: + description: |- + Select the default network and add it to the + multus-cni.io/default-network annotation. + type: boolean + networkName: + description: |- + References to a NetworkAttachmentDefinition CRD object. Format: + , /. If namespace is not + specified, VMI namespace is assumed. + type: string + required: + - networkName + type: object + name: + description: |- + Network name. + Must be a DNS_LABEL and unique within the vm. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + pod: + description: Represents the stock pod network interface. + properties: + vmIPv6NetworkCIDR: + description: |- + IPv6 CIDR for the vm network. + Defaults to fd10:0:2::/120 if not specified. + type: string + vmNetworkCIDR: + description: |- + CIDR for vm network. + Default 10.0.2.0/24 if not specified. + type: string + type: object + required: + - name + type: object + maxItems: 256 + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the vmi to fit on a node. + Selector which must match a node's labels for the vmi to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + priorityClassName: + description: |- + If specified, indicates the pod's priority. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + readinessProbe: + description: |- + Periodic probe of VirtualMachineInstance service readiness. + VirtualmachineInstances will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: |- + One and only one of the following should be specified. + Exec specifies the action to take, it will be executed on the guest through the qemu-guest-agent. + If the guest agent is not available, this probe will fail. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + guestAgentPing: + description: GuestAgentPing contacts the qemu-guest-agent + for availability checks. + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: |- + TCPSocket specifies an action involving a TCP port. + TCP hooks not yet supported + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + For exec probes the timeout fails the probe but does not terminate the command running on the guest. + This means a blocking command can result in an increasing load on the guest. + A small buffer will be added to the resulting workload exec probe to compensate for delays + caused by the qemu guest exec mechanism. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resourceClaims: + description: |- + ResourceClaims define which ResourceClaims must be allocated + and reserved before the VMI, hence virt-launcher pod is allowed to start. The resources + will be made available to the domain which consumes them + by name. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate in kubernetes + https://kubernetes.io/docs/concepts/scheduling-eviction/dynamic-resource-allocation/ + This field should only be configured if one of the feature-gates GPUsWithDRA or HostDevicesWithDRA is enabled. + This feature is in alpha. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim, either directly + or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim + for the pod. + + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + + Exactly one of ResourceClaimName and ResourceClaimTemplateName must + be set. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. The pod name and resource name, along with a + generated component, will be used to form a unique name for the + ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. + + This field is immutable and no changes will be made to the + corresponding ResourceClaim by the control plane after creating the + ResourceClaim. + + Exactly one of ResourceClaimName and ResourceClaimTemplateName must + be set. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + schedulerName: + description: |- + If specified, the VMI will be dispatched by specified scheduler. + If not specified, the VMI will be dispatched by default scheduler. + type: string + startStrategy: + description: StartStrategy can be set to "Paused" if Virtual + Machine should be started in paused state. + type: string + subdomain: + description: |- + If specified, the fully qualified vmi hostname will be "...svc.". + If not specified, the vmi will not have a domainname at all. The DNS entry will resolve to the vmi, + no matter if the vmi itself can pick up a hostname. + type: string + terminationGracePeriodSeconds: + description: Grace period observed after signalling a VirtualMachineInstance + to stop after which the VirtualMachineInstance is force + terminated. + format: int64 + type: integer + tolerations: + description: If toleration is specified, obey all the toleration + rules. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of VMIs will be spread across a given topology + domains. K8s scheduler will schedule VMI pods in a way which abides by the constraints. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When 'whenUnsatisfiable=DoNotSchedule', it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When 'whenUnsatisfiable=ScheduleAnyway', it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: List of volumes that can be mounted by disks + belonging to the vmi. + items: + description: Volume represents a named volume in a vmi. + properties: + cloudInitConfigDrive: + description: |- + CloudInitConfigDrive represents a cloud-init Config Drive user-data source. + The Config Drive data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest. + More info: https://cloudinit.readthedocs.io/en/latest/topics/datasources/configdrive.html + properties: + networkData: + description: NetworkData contains config drive inline + cloud-init networkdata. + type: string + networkDataBase64: + description: NetworkDataBase64 contains config drive + cloud-init networkdata as a base64 encoded string. + type: string + networkDataSecretRef: + description: NetworkDataSecretRef references a k8s + secret that contains config drive networkdata. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + secretRef: + description: UserDataSecretRef references a k8s + secret that contains config drive userdata. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + userData: + description: UserData contains config drive inline + cloud-init userdata. + type: string + userDataBase64: + description: UserDataBase64 contains config drive + cloud-init userdata as a base64 encoded string. + type: string + type: object + cloudInitNoCloud: + description: |- + CloudInitNoCloud represents a cloud-init NoCloud user-data source. + The NoCloud data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest. + More info: http://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html + properties: + networkData: + description: NetworkData contains NoCloud inline + cloud-init networkdata. + type: string + networkDataBase64: + description: NetworkDataBase64 contains NoCloud + cloud-init networkdata as a base64 encoded string. + type: string + networkDataSecretRef: + description: NetworkDataSecretRef references a k8s + secret that contains NoCloud networkdata. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + secretRef: + description: UserDataSecretRef references a k8s + secret that contains NoCloud userdata. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + userData: + description: UserData contains NoCloud inline cloud-init + userdata. + type: string + userDataBase64: + description: UserDataBase64 contains NoCloud cloud-init + userdata as a base64 encoded string. + type: string + type: object + configMap: + description: |- + ConfigMapSource represents a reference to a ConfigMap in the same namespace. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/ + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or it's + keys must be defined + type: boolean + volumeLabel: + description: |- + The volume label of the resulting disk inside the VMI. + Different bootstrapping mechanisms require different values. + Typical values are "cidata" (cloud-init), "config-2" (cloud-init) or "OEMDRV" (kickstart). + type: string + type: object + x-kubernetes-map-type: atomic + containerDisk: + description: |- + ContainerDisk references a docker image, embedding a qcow or raw disk. + More info: https://kubevirt.gitbooks.io/user-guide/registry-disk.html + properties: + image: + description: Image is the name of the image with + the embedded disk. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + imagePullSecret: + description: ImagePullSecret is the name of the + Docker registry secret required to pull the image. + The secret must already exist. + type: string + path: + description: Path defines the path to disk file + in the container + type: string + required: + - image + type: object + dataVolume: + description: |- + DataVolume represents the dynamic creation a PVC for this volume as well as + the process of populating that PVC with a disk image. + properties: + hotpluggable: + description: Hotpluggable indicates whether the + volume can be hotplugged and hotunplugged. + type: boolean + name: + description: Name of both the DataVolume and the + PVC in the same namespace. + type: string + required: + - name + type: object + downwardAPI: + description: DownwardAPI represents downward API about + the pod that should populate this volume + properties: + fields: + description: Fields is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + volumeLabel: + description: |- + The volume label of the resulting disk inside the VMI. + Different bootstrapping mechanisms require different values. + Typical values are "cidata" (cloud-init), "config-2" (cloud-init) or "OEMDRV" (kickstart). + type: string + type: object + downwardMetrics: + description: |- + DownwardMetrics adds a very small disk to VMIs which contains a limited view of host and guest + metrics. The disk content is compatible with vhostmd (https://github.com/vhostmd/vhostmd) and vm-dump-metrics. + type: object + emptyDisk: + description: |- + EmptyDisk represents a temporary disk which shares the vmis lifecycle. + More info: https://kubevirt.gitbooks.io/user-guide/disks-and-volumes.html + properties: + capacity: + anyOf: + - type: integer + - type: string + description: Capacity of the sparse disk. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - capacity + type: object + ephemeral: + description: Ephemeral is a special volume source that + "wraps" specified source and provides copy-on-write + image on top of it. + properties: + persistentVolumeClaim: + description: |- + PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. + Directly attached to the vmi via qemu. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + type: object + hostDisk: + description: HostDisk represents a disk created on the + cluster level + properties: + capacity: + anyOf: + - type: integer + - type: string + description: Capacity of the sparse disk + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + path: + description: The path to HostDisk image located + on the cluster + type: string + shared: + description: Shared indicate whether the path is + shared between nodes + type: boolean + type: + description: |- + Contains information if disk.img exists or should be created + allowed options are 'Disk' and 'DiskOrCreate' + type: string + required: + - path + - type + type: object + memoryDump: + description: MemoryDump is attached to the virt launcher + and is populated with a memory dump of the vmi + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + hotpluggable: + description: Hotpluggable indicates whether the + volume can be hotplugged and hotunplugged. + type: boolean + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + name: + description: |- + Volume's name. + Must be a DNS_LABEL and unique within the vmi. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + persistentVolumeClaim: + description: |- + PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. + Directly attached to the vmi via qemu. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + hotpluggable: + description: Hotpluggable indicates whether the + volume can be hotplugged and hotunplugged. + type: boolean + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + secret: + description: |- + SecretVolumeSource represents a reference to a secret data in the same namespace. + More info: https://kubernetes.io/docs/concepts/configuration/secret/ + properties: + optional: + description: Specify whether the Secret or it's + keys must be defined + type: boolean + secretName: + description: |- + Name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + volumeLabel: + description: |- + The volume label of the resulting disk inside the VMI. + Different bootstrapping mechanisms require different values. + Typical values are "cidata" (cloud-init), "config-2" (cloud-init) or "OEMDRV" (kickstart). + type: string + type: object + serviceAccount: + description: |- + ServiceAccountVolumeSource represents a reference to a service account. + There can only be one volume of this type! + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + properties: + serviceAccountName: + description: |- + Name of the service account in the pod's namespace to use. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + type: object + sysprep: + description: Represents a Sysprep volume source. + properties: + configMap: + description: ConfigMap references a ConfigMap that + contains Sysprep answer file named autounattend.xml + that should be attached as disk of CDROM type. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret references a k8s Secret that + contains Sysprep answer file named autounattend.xml + that should be attached as disk of CDROM type. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + maxItems: 256 + type: array + required: + - domain + type: object + type: object + updateVolumesStrategy: + description: UpdateVolumesStrategy is the strategy to apply on volumes + updates + type: string + required: + - template + type: object + status: + description: |- + Status holds the current state of the controller and brief information + about its associated VirtualMachineInstance + properties: + conditions: + description: Hold the state information of the VirtualMachine and + its VirtualMachineInstance + items: + description: VirtualMachineCondition represents the state of VirtualMachine + properties: + lastProbeTime: + format: date-time + nullable: true + type: string + lastTransitionTime: + format: date-time + nullable: true + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + created: + description: Created indicates if the virtual machine is created in + the cluster + type: boolean + desiredGeneration: + description: |- + DesiredGeneration is the generation which is desired for the VMI. + This will be used in comparisons with ObservedGeneration to understand when + the VMI is out of sync. This will be changed at the same time as + ObservedGeneration to remove errors which could occur if Generation is + updated through an Update() before ObservedGeneration in Status. + format: int64 + type: integer + instancetypeRef: + description: InstancetypeRef captures the state of any referenced + instance type from the VirtualMachine + nullable: true + properties: + controllerRevisionRef: + description: |- + ControllerRef specifies the ControllerRevision storing a copy of the object captured + when it is first seen by the VirtualMachine controller + properties: + name: + description: Name of the ControllerRevision + type: string + type: object + inferFromVolume: + description: InferFromVolume lists the name of a volume that should + be used to infer or discover the resource + type: string + inferFromVolumeFailurePolicy: + description: InferFromVolumeFailurePolicy controls what should + happen on failure when inferring the resource + type: string + kind: + description: Kind specifies the kind of resource + type: string + name: + description: Name is the name of resource + type: string + type: object + memoryDumpRequest: + description: |- + MemoryDumpRequest tracks memory dump request phase and info of getting a memory + dump to the given pvc + nullable: true + properties: + claimName: + description: ClaimName is the name of the pvc that will contain + the memory dump + type: string + endTimestamp: + description: EndTimestamp represents the time the memory dump + was completed + format: date-time + type: string + fileName: + description: FileName represents the name of the output file + type: string + message: + description: Message is a detailed message about failure of the + memory dump + type: string + phase: + description: Phase represents the memory dump phase + type: string + remove: + description: Remove represents request of dissociating the memory + dump pvc + type: boolean + startTimestamp: + description: StartTimestamp represents the time the memory dump + started + format: date-time + type: string + required: + - claimName + - phase + type: object + observedGeneration: + description: ObservedGeneration is the generation observed by the + vmi when started. + format: int64 + type: integer + preferenceRef: + description: PreferenceRef captures the state of any referenced preference + from the VirtualMachine + nullable: true + properties: + controllerRevisionRef: + description: |- + ControllerRef specifies the ControllerRevision storing a copy of the object captured + when it is first seen by the VirtualMachine controller + properties: + name: + description: Name of the ControllerRevision + type: string + type: object + inferFromVolume: + description: InferFromVolume lists the name of a volume that should + be used to infer or discover the resource + type: string + inferFromVolumeFailurePolicy: + description: InferFromVolumeFailurePolicy controls what should + happen on failure when inferring the resource + type: string + kind: + description: Kind specifies the kind of resource + type: string + name: + description: Name is the name of resource + type: string + type: object + printableStatus: + default: Stopped + description: PrintableStatus is a human readable, high-level representation + of the status of the virtual machine + type: string + ready: + description: Ready indicates if the virtual machine is running and + ready + type: boolean + restoreInProgress: + description: RestoreInProgress is the name of the VirtualMachineRestore + currently executing + type: string + runStrategy: + description: |- + RunStrategy tracks the last recorded RunStrategy used by the VM. + This is needed to correctly process the next strategy (for now only the RerunOnFailure) + type: string + snapshotInProgress: + description: SnapshotInProgress is the name of the VirtualMachineSnapshot + currently executing + type: string + startFailure: + description: |- + StartFailure tracks consecutive VMI startup failures for the purposes of + crash loop backoffs + nullable: true + properties: + consecutiveFailCount: + type: integer + lastFailedVMIUID: + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. + type: string + retryAfterTimestamp: + format: date-time + type: string + type: object + stateChangeRequests: + description: |- + StateChangeRequests indicates a list of actions that should be taken on a VMI + e.g. stop a specific VMI then start a new one. + items: + properties: + action: + description: Indicates the type of action that is requested. + e.g. Start or Stop + type: string + data: + additionalProperties: + type: string + description: Provides additional data in order to perform the + Action + type: object + uid: + description: Indicates the UUID of an existing Virtual Machine + Instance that this change request applies to -- if applicable + type: string + required: + - action + type: object + type: array + volumeRequests: + description: |- + VolumeRequests indicates a list of volumes add or remove from the VMI template and + hotplug on an active running VMI. + items: + properties: + addVolumeOptions: + description: |- + AddVolumeOptions when set indicates a volume should be added. The details + within this field specify how to add the volume + properties: + disk: + description: Disk represents the hotplug disk that will + be plugged into the running VMI + properties: + blockSize: + description: If specified, the virtual disk will be + presented with the given block sizes. + properties: + custom: + description: CustomBlockSize represents the desired + logical and physical block size for a VM disk. + properties: + logical: + type: integer + physical: + type: integer + required: + - logical + - physical + type: object + matchVolume: + description: Represents if a feature is enabled + or disabled. + properties: + enabled: + description: |- + Enabled determines if the feature should be enabled or disabled on the guest. + Defaults to true. + type: boolean + type: object + type: object + bootOrder: + description: |- + BootOrder is an integer value > 0, used to determine ordering of boot devices. + Lower values take precedence. + Each disk or interface that has a boot order must have a unique value. + Disks without a boot order are not tried if a disk with a boot order exists. + type: integer + cache: + description: |- + Cache specifies which kvm disk cache mode should be used. + Supported values are: + none: Guest I/O not cached on the host, but may be kept in a disk cache. + writethrough: Guest I/O cached on the host but written through to the physical medium. Slowest but with most guarantees. + writeback: Guest I/O cached on the host. + Defaults to none if the storage supports O_DIRECT, otherwise writethrough. + type: string + cdrom: + description: Attach a volume as a cdrom to the vmi. + properties: + bus: + description: |- + Bus indicates the type of disk device to emulate. + supported values: virtio, sata, scsi. + type: string + readonly: + description: |- + ReadOnly. + Defaults to true. + type: boolean + tray: + description: |- + Tray indicates if the tray of the device is open or closed. + Allowed values are "open" and "closed". + Defaults to closed. + type: string + type: object + dedicatedIOThread: + description: |- + dedicatedIOThread indicates this disk should have an exclusive IO Thread. + Enabling this implies useIOThreads = true. + Defaults to false. + type: boolean + disk: + description: Attach a volume as a disk to the vmi. + properties: + bus: + description: |- + Bus indicates the type of disk device to emulate. + supported values: virtio, sata, scsi, usb. + type: string + pciAddress: + description: 'If specified, the virtual disk will + be placed on the guests pci address with the specified + PCI address. For example: 0000:81:01.10' + type: string + readonly: + description: |- + ReadOnly. + Defaults to false. + type: boolean + type: object + errorPolicy: + description: If specified, it can change the default + error policy (stop) for the disk + type: string + io: + description: |- + IO specifies which QEMU disk IO mode should be used. + Supported values are: native, default, threads. + type: string + lun: + description: Attach a volume as a LUN to the vmi. + properties: + bus: + description: |- + Bus indicates the type of disk device to emulate. + supported values: virtio, sata, scsi. + type: string + readonly: + description: |- + ReadOnly. + Defaults to false. + type: boolean + reservation: + description: Reservation indicates if the disk needs + to support the persistent reservation for the + SCSI disk + type: boolean + type: object + name: + description: Name is the device name + type: string + serial: + description: Serial provides the ability to specify + a serial number for the disk device. + type: string + shareable: + description: If specified the disk is made sharable + and multiple write from different VMs are permitted + type: boolean + tag: + description: If specified, disk address and its tag + will be provided to the guest via config drive metadata + type: string + required: + - name + type: object + dryRun: + description: |- + When present, indicates that modifications should not be + persisted. An invalid or unrecognized dryRun directive will + result in an error response and no further processing of the + request. Valid values are: + - All: all dry run stages will be processed + items: + type: string + type: array + x-kubernetes-list-type: atomic + name: + description: |- + Name represents the name that will be used to map the + disk to the corresponding volume. This overrides any name + set inside the Disk struct itself. + type: string + volumeSource: + description: VolumeSource represents the source of the volume + to map to the disk. + properties: + dataVolume: + description: |- + DataVolume represents the dynamic creation a PVC for this volume as well as + the process of populating that PVC with a disk image. + properties: + hotpluggable: + description: Hotpluggable indicates whether the + volume can be hotplugged and hotunplugged. + type: boolean + name: + description: Name of both the DataVolume and the + PVC in the same namespace. + type: string + required: + - name + type: object + persistentVolumeClaim: + description: |- + PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. + Directly attached to the vmi via qemu. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + hotpluggable: + description: Hotpluggable indicates whether the + volume can be hotplugged and hotunplugged. + type: boolean + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + type: object + required: + - disk + - name + - volumeSource + type: object + removeVolumeOptions: + description: |- + RemoveVolumeOptions when set indicates a volume should be removed. The details + within this field specify how to add the volume + properties: + dryRun: + description: |- + When present, indicates that modifications should not be + persisted. An invalid or unrecognized dryRun directive will + result in an error response and no further processing of the + request. Valid values are: + - All: all dry run stages will be processed + items: + type: string + type: array + x-kubernetes-list-type: atomic + name: + description: |- + Name represents the name that maps to both the disk and volume that + should be removed + type: string + required: + - name + type: object + type: object + type: array + x-kubernetes-list-type: atomic + volumeSnapshotStatuses: + description: |- + VolumeSnapshotStatuses indicates a list of statuses whether snapshotting is + supported by each volume. + items: + properties: + enabled: + description: True if the volume supports snapshotting + type: boolean + name: + description: Volume name + type: string + reason: + description: Empty if snapshotting is enabled, contains reason + otherwise + type: string + required: + - enabled + - name + type: object + type: array + volumeUpdateState: + description: |- + VolumeUpdateState contains the information about the volumes set + updates related to the volumeUpdateStrategy + properties: + volumeMigrationState: + description: VolumeMigrationState tracks the information related + to the volume migration + properties: + migratedVolumes: + description: MigratedVolumes lists the source and destination + volumes during the volume migration + items: + description: StorageMigratedVolumeInfo tracks the information + about the source and destination volumes during the volume + migration + properties: + destinationPVCInfo: + description: DestinationPVCInfo contains the information + about the destination PVC + properties: + accessModes: + description: |- + AccessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Capacity represents the capacity set + on the corresponding PVC status + type: object + claimName: + description: ClaimName is the name of the PVC + type: string + filesystemOverhead: + description: Percentage of filesystem's size to + be reserved when resizing the PVC + pattern: ^(0(?:\.\d{1,3})?|1)$ + type: string + preallocated: + description: Preallocated indicates if the PVC's + storage is preallocated or not + type: boolean + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests represents the resources requested + by the corresponding PVC spec + type: object + volumeMode: + description: |- + VolumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + type: object + sourcePVCInfo: + description: SourcePVCInfo contains the information + about the source PVC + properties: + accessModes: + description: |- + AccessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Capacity represents the capacity set + on the corresponding PVC status + type: object + claimName: + description: ClaimName is the name of the PVC + type: string + filesystemOverhead: + description: Percentage of filesystem's size to + be reserved when resizing the PVC + pattern: ^(0(?:\.\d{1,3})?|1)$ + type: string + preallocated: + description: Preallocated indicates if the PVC's + storage is preallocated or not + type: boolean + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests represents the resources requested + by the corresponding PVC spec + type: object + volumeMode: + description: |- + VolumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + type: object + volumeName: + description: VolumeName is the name of the volume that + is being migrated + type: string + required: + - volumeName + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} \ No newline at end of file diff --git a/pkg/controllers/inventory_template_controller.go b/pkg/controllers/inventory_template_controller.go new file mode 100644 index 0000000..da9fbb5 --- /dev/null +++ b/pkg/controllers/inventory_template_controller.go @@ -0,0 +1,228 @@ +package controllers + +import ( + "context" + "fmt" + "reflect" + + "github.com/go-logr/logr" + apierrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" + kubevirtv1 "kubevirt.io/api/core/v1" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + "sigs.k8s.io/controller-runtime/pkg/handler" + + seederv1alpha1 "github.com/harvester/seeder/pkg/api/v1alpha1" + "github.com/harvester/seeder/pkg/util" + networkingv1 "k8s.io/api/networking/v1" +) + +type InventoryTemplateReconciler struct { + client.Client + Scheme *runtime.Scheme + logr.Logger +} + +// reconcile InventoryTemplate objects +func (r *InventoryTemplateReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + i := &seederv1alpha1.InventoryTemplate{} + err := r.Get(ctx, req.NamespacedName, i) + if err != nil { + if apierrors.IsNotFound(err) { + return ctrl.Result{}, nil + } + r.Error(err, "unable to fetch inventorytemplate object") + return ctrl.Result{}, err + } + + if i.DeletionTimestamp.IsZero() { + // ensure a finalizer exists + if !controllerutil.ContainsFinalizer(i, seederv1alpha1.InventoryTemplateFinalizer) { + controllerutil.AddFinalizer(i, seederv1alpha1.InventoryTemplateFinalizer) + return ctrl.Result{}, r.Update(ctx, i) + } + // reconcile object and ensure associated VirtualMachinePool exists + } else { + return ctrl.Result{}, r.CleanupMachines(ctx, i) + } + return ctrl.Result{}, r.EnsureMachines(ctx, i) +} + +// SetupWithManager sets up the controller with the Manager. +func (r *InventoryTemplateReconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + For(&seederv1alpha1.InventoryTemplate{}). + Watches(&seederv1alpha1.Inventory{}, &handler.EnqueueRequestForObject{}). + Named("inventorytemplates"). + Complete(r) +} + +// CleanupMachines will delete all associated VM's when the InventoryTemplate object is deleted +// once all expected machines are successfully deleted we can remove the finalizer +// to ensure inventorytemplate object can be safely removed +func (r *InventoryTemplateReconciler) CleanupMachines(ctx context.Context, i *seederv1alpha1.InventoryTemplate) error { + r.Info("cleaning up inventory template resources", "inventorytemplate", fmt.Sprintf("%s/%s", i.Namespace, i.Name)) + harvesterClient, err := util.GenerateRemoteKubeconfigFromSecret(ctx, i.Spec.Credentials, r.Client) + if err != nil { + return fmt.Errorf("error generating remote harvester cluster client: %w", err) + } + + // clean up VM's on remote cluster + err = harvesterClient.DeleteAllOf(ctx, &kubevirtv1.VirtualMachine{}, client.InNamespace(i.Spec.VMSpec.Namespace), client.MatchingLabels{seederv1alpha1.InventoryUUIDLabelKey: string(i.GetUID())}) + if err != nil { + return fmt.Errorf("error listing vms from remote harvester cluster: %w", err) + } + + // clean up ingress related to kubevirtbmc on remote cluster + err = harvesterClient.DeleteAllOf(ctx, &networkingv1.Ingress{}, client.InNamespace(seederv1alpha1.KubeBMCNS), client.MatchingLabels{seederv1alpha1.InventoryUUIDLabelKey: string(i.GetUID())}) + if err != nil { + return fmt.Errorf("error listing vms from remote harvester cluster: %w", err) + } + + // no cleanup of inventory / auth secret is needed as it is controlled by owner references + // these objects already contain inventorytemplate owner reference as a resulting deletion + // of inventory template triggers their cleanup + iObj := i.DeepCopy() + if controllerutil.RemoveFinalizer(iObj, seederv1alpha1.InventoryTemplateFinalizer) { + return r.Patch(ctx, iObj, client.MergeFrom(i)) + } + + // no changes needed to inventoryTemplate so can now be ignored + return nil +} + +// EnsureMachines will reconcile a VirtualMachinePool is generated for each InventoryTemplate +// kubevirt will subsequently ensure the desired VirtualMachine replicas exist for the template +// the machine of the machinepool will be inventoryTemplate.Name-inventoryTemplate.Namespace +// this is to ensure uniqueness of vm pools as the target namespace is controlled by a field in the +// VMSpec +func (r *InventoryTemplateReconciler) EnsureMachines(ctx context.Context, i *seederv1alpha1.InventoryTemplate) error { + // generatePoolTemplate + vmObjs, err := util.GenerateVMPool(i) + if err != nil { + r.Error(err, "error generating virtualmachine objects") + return r.updateStatus(ctx, i, seederv1alpha1.InventoryTemplateProvisioningError, err.Error()) + } + + // generate remote harvester client + harvesterClient, err := util.GenerateRemoteKubeconfigFromSecret(ctx, i.Spec.Credentials, r.Client) + if err != nil { + r.Error(err, "error generating remote harvester client") + return r.updateStatus(ctx, i, seederv1alpha1.InventoryTemplateProvisioningError, err.Error()) + } + + if err := createVMObjects(ctx, harvesterClient, vmObjs); err != nil { + r.Error(err, "error creating remote virtual machines") + return r.updateStatus(ctx, i, seederv1alpha1.InventoryTemplateProvisioningError, err.Error()) + } + + // generate and create inventory secret for local cluster + secret := util.GenerateTemplateSecret(i) + if err := reconcileObject(ctx, r.Client, secret); err != nil { + r.Error(err, "error creating kubevirtbmc secret in local cluster") + return r.updateStatus(ctx, i, seederv1alpha1.InventoryTemplateProvisioningError, err.Error()) + } + + // find rancher-expose ip address from remote harvester cluster + endpoint, err := util.GetIngressEndpoint(ctx, harvesterClient) + if err != nil { + r.Error(err, "error getting ingress endpoint from remote harvester cluster") + return r.updateStatus(ctx, i, seederv1alpha1.InventoryTemplateProvisioningError, err.Error()) + } + + // generate ingress objects for remote cluster and inventory objects for local cluster + ingressObjects, inventoryObjects := util.GenerateIngressAndInventoryPool(vmObjs, endpoint, i) + + // create ingress objects in remote harvester cluster + if err := createIngressObjects(ctx, harvesterClient, ingressObjects); err != nil { + r.Error(err, "error creating ingress objects in remote harvester cluster") + return r.updateStatus(ctx, i, seederv1alpha1.InventoryTemplateProvisioningError, err.Error()) + } + + // create inventory objects in local cluster + if err := createInventoryObjects(ctx, r.Client, inventoryObjects); err != nil { + r.Error(err, "error creating inventory objects in local cluster") + return r.updateStatus(ctx, i, seederv1alpha1.InventoryTemplateProvisioningError, err.Error()) + } + + // need to find rancher-expose ip address to generate ingress objects + // all objects successfully provisioned + return r.updateStatus(ctx, i, seederv1alpha1.InventoryTemplateProvisioned, "") +} + +func createVMObjects(ctx context.Context, harvesterClient client.Client, vmObjs []*kubevirtv1.VirtualMachine) error { + /*for _, vm := range vmObjs { + vmObj := &kubevirtv1.VirtualMachine{} + if err := harvesterClient.Get(ctx, types.NamespacedName{Name: vm.Name, Namespace: vm.Namespace}, vmObj); err != nil { + if apierrors.IsNotFound(err) { + if createError := harvesterClient.Create(ctx, vm); createError != nil { + return fmt.Errorf("error creating virtualmachine: %w", createError) + } + } + return fmt.Errorf("error looking up virtualmachine %s/%s in remote harvester cluster: %w", vm.Namespace, vm.Name, err) + } + }*/ + for _, vm := range vmObjs { + if err := reconcileObject(ctx, harvesterClient, vm); err != nil { + return fmt.Errorf("error applying virtualmachine object %w", err) + } + } + return nil +} + +func createIngressObjects(ctx context.Context, harvesterClient client.Client, ingressObjs []*networkingv1.Ingress) error { + for _, v := range ingressObjs { + if err := reconcileObject(ctx, harvesterClient, v); err != nil { + return fmt.Errorf("error applying ingress object %w", err) + } + } + return nil +} + +func createInventoryObjects(ctx context.Context, localClient client.Client, inventoryObjs []*seederv1alpha1.Inventory) error { + for _, v := range inventoryObjs { + if err := reconcileObject(ctx, localClient, v); err != nil { + return fmt.Errorf("error applying inventory object %w", err) + } + } + return nil +} + +// updateStatus patches the InventoryTemplate status if needed +func (r *InventoryTemplateReconciler) updateStatus(ctx context.Context, i *seederv1alpha1.InventoryTemplate, status seederv1alpha1.InventoryTemplateProvisioningStatus, msg string) error { + iObj := i.DeepCopy() + iObj.Status.Status = status + iObj.Status.Message = msg + if !reflect.DeepEqual(iObj.Status, i.Status) { + return r.Status().Patch(ctx, iObj, client.MergeFrom(i)) + } + return nil +} + +func reconcileObject(ctx context.Context, harvesterClient client.Client, obj client.Object) error { + var err error + + runtimeObj := obj.DeepCopyObject() + objCopy := runtimeObj.(client.Object) + + err = harvesterClient.Get(ctx, types.NamespacedName{Name: obj.GetName(), Namespace: obj.GetNamespace()}, objCopy) + if err != nil { + if apierrors.IsNotFound(err) { + return harvesterClient.Create(ctx, obj) + } + return fmt.Errorf("error fetching object %s/%s: %w", obj.GetNamespace(), obj.GetName(), err) + } + + /* + unstructuredObj := &unstructured.Unstructured{} + unstructuredObj.Object, err = runtime.DefaultUnstructuredConverter.ToUnstructured(obj) + if err != nil { + return fmt.Errorf("error convering new object %s to unstructured object %v", obj.GetName(), err) + } + return harvesterClient.Patch(ctx, unstructuredObj, client.Apply, client.FieldOwner("seeder")) + */ + return nil +} diff --git a/pkg/controllers/inventory_template_controller_test.go b/pkg/controllers/inventory_template_controller_test.go new file mode 100644 index 0000000..75cb9b2 --- /dev/null +++ b/pkg/controllers/inventory_template_controller_test.go @@ -0,0 +1,146 @@ +package controllers + +import ( + "fmt" + + seederv1alpha1 "github.com/harvester/seeder/pkg/api/v1alpha1" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + corev1 "k8s.io/api/core/v1" + networkingv1 "k8s.io/api/networking/v1" + "k8s.io/apimachinery/pkg/api/resource" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + kubevirtv1 "kubevirt.io/api/core/v1" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +var _ = Describe("Create and validate inventory template", func() { + var i *seederv1alpha1.InventoryTemplate + + memory, err := resource.ParseQuantity("8Gi") + Expect(err).NotTo(HaveOccurred()) + disk, err := resource.ParseQuantity("300Gi") + Expect(err).NotTo(HaveOccurred()) + + BeforeEach(func() { + i = &seederv1alpha1.InventoryTemplate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "template-test", + Namespace: "default", + }, + Spec: seederv1alpha1.InventoryTemplateSpec{ + Credentials: &corev1.SecretReference{ + Name: localHarvesterSecretName, + Namespace: "default", + }, + VMSpec: seederv1alpha1.VMSpec{ + CPU: 4, + Memory: memory, + Disks: []seederv1alpha1.DiskConfig{ + { + Bus: "virtio", + Size: disk, + StorageClass: storageClass, + }, + }, + Networks: []seederv1alpha1.NetworkConfig{ + { + NICModel: "virtio", + VMNetwork: nadName, + }, + }, + Namespace: "default", + Count: 4, + IngressClassName: "nginx", + }, + }, + } + + Eventually(func() error { + return k8sClient.Create(ctx, i) + }, "30s", "5s").ShouldNot(HaveOccurred()) + }) + + It("validate inventory template objects exist", func() { + By("checking vm's exist in default namespace of test environment", func() { + Eventually(func() error { + vmList := &kubevirtv1.VirtualMachineList{} + err := k8sClient.List(ctx, vmList, client.InNamespace(i.Spec.VMSpec.Namespace), client.MatchingLabels{seederv1alpha1.InventoryUUIDLabelKey: string(i.GetUID())}) + if err != nil { + return err + } + if len(vmList.Items) != int(i.Spec.VMSpec.Count) { + return fmt.Errorf("expected to find %d vm's but found %d", int(i.Spec.VMSpec.Count), len(vmList.Items)) + } + return nil + }, "30s", "5s").ShouldNot(HaveOccurred()) + }) + + // ingress are always generated in seederv1alpha1.KubeBMCNS namespace + // as that is where the service pointing to VM are defined + By("checking ingress objects in default namespace of test environment", func() { + Eventually(func() error { + ingressList := &networkingv1.IngressList{} + err := k8sClient.List(ctx, ingressList, client.InNamespace(seederv1alpha1.KubeBMCNS), client.MatchingLabels{seederv1alpha1.InventoryUUIDLabelKey: string(i.GetUID())}) + if err != nil { + return err + } + if len(ingressList.Items) != int(i.Spec.VMSpec.Count) { + return fmt.Errorf("expected to find %d ingresses but found %d", int(i.Spec.VMSpec.Count), len(ingressList.Items)) + } + return nil + }, "30s", "5s").ShouldNot(HaveOccurred()) + }) + By("checking inventory objects in default namespace of test environment", func() { + Eventually(func() error { + inventoryList := &seederv1alpha1.InventoryList{} + err := k8sClient.List(ctx, inventoryList, client.InNamespace(i.Namespace), client.MatchingLabels{seederv1alpha1.InventoryUUIDLabelKey: string(i.GetUID())}) + if err != nil { + return err + } + if len(inventoryList.Items) != int(i.Spec.VMSpec.Count) { + return fmt.Errorf("expected to find %d inventories but found %d", int(i.Spec.VMSpec.Count), len(inventoryList.Items)) + } + return nil + }, "30s", "5s").ShouldNot(HaveOccurred()) + }) + + // validate GC operations + By("deleting the cluster object", func() { + Eventually(func() error { + return k8sClient.Delete(ctx, i) + }, "30s", "5s").ShouldNot(HaveOccurred()) + }) + + // ensure VM's are removed from target namespace + By("checking vm's are removed from default namespace of test environment", func() { + Eventually(func() error { + vmList := &kubevirtv1.VirtualMachineList{} + err := k8sClient.List(ctx, vmList, client.InNamespace(i.Spec.VMSpec.Namespace), client.MatchingLabels{seederv1alpha1.InventoryUUIDLabelKey: string(i.GetUID())}) + if err != nil { + return err + } + if len(vmList.Items) != 0 { + return fmt.Errorf("expected to find %d vm's but found %d", 0, len(vmList.Items)) + } + return nil + }, "30s", "5s").ShouldNot(HaveOccurred()) + }) + + // ingress are always generated in seederv1alpha1.KubeBMCNS namespace + // as that is where the service pointing to VM are defined + By("checking ingress objects in default namespace of test environment", func() { + Eventually(func() error { + ingressList := &networkingv1.IngressList{} + err := k8sClient.List(ctx, ingressList, client.InNamespace(seederv1alpha1.KubeBMCNS), client.MatchingLabels{seederv1alpha1.InventoryUUIDLabelKey: string(i.GetUID())}) + if err != nil { + return err + } + if len(ingressList.Items) != 0 { + return fmt.Errorf("expected to find %d ingresses but found %d", int(i.Spec.VMSpec.Count), len(ingressList.Items)) + } + return nil + }, "30s", "5s").ShouldNot(HaveOccurred()) + }) + }) +}) diff --git a/pkg/controllers/nested_cluster_controller.go b/pkg/controllers/nested_cluster_controller.go new file mode 100644 index 0000000..c296549 --- /dev/null +++ b/pkg/controllers/nested_cluster_controller.go @@ -0,0 +1,185 @@ +package controllers + +import ( + "context" + "fmt" + "reflect" + + "github.com/go-logr/logr" + apierrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/runtime" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + "sigs.k8s.io/controller-runtime/pkg/handler" + + seederv1alpha1 "github.com/harvester/seeder/pkg/api/v1alpha1" + "github.com/harvester/seeder/pkg/util" +) + +type NestedClusterReconciler struct { + client.Client + Scheme *runtime.Scheme + logr.Logger +} + +// reconcile NestedCluster objects +func (r *NestedClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + n := &seederv1alpha1.NestedCluster{} + err := r.Get(ctx, req.NamespacedName, n) + if err != nil { + if apierrors.IsNotFound(err) { + return ctrl.Result{}, nil + } + r.Error(err, "unable to fetch nestedcluster object") + return ctrl.Result{}, err + } + + if n.DeletionTimestamp.IsZero() { + // ensure a finalizer exists + if !controllerutil.ContainsFinalizer(n, seederv1alpha1.NestedClusterFinalizer) { + controllerutil.AddFinalizer(n, seederv1alpha1.NestedClusterFinalizer) + return ctrl.Result{}, r.Update(ctx, n) + } + // reconcile object and ensure associated VirtualMachinePool exists + } else { + return ctrl.Result{}, r.CleanupNestedCluster(ctx, n) + } + + return ctrl.Result{}, r.EnsureClusterExists(ctx, n) +} + +// CleanupNestedCluster handles cleanup of resources associated with the NestedCluster +// it will delete the cluster object and wait for it to be GC'd and then remove the finalizer +func (r *NestedClusterReconciler) CleanupNestedCluster(ctx context.Context, n *seederv1alpha1.NestedCluster) error { + + clusterObj := &seederv1alpha1.Cluster{} + err := r.Get(ctx, client.ObjectKey{Namespace: n.Namespace, Name: n.Name}, clusterObj) + + if err != nil { + // cluster object not found, proceed to remove finalizer + // and ensure that the nestedcluster object can be deleted + if apierrors.IsNotFound(err) { + // Remove finalizer after cleanup + if controllerutil.RemoveFinalizer(n, seederv1alpha1.NestedClusterFinalizer) { + return r.Update(ctx, n) + } + } + return fmt.Errorf("error fetching cluster object during deletion %s/%s: %w", n.Namespace, n.Name, err) + } + + if clusterObj.DeletionTimestamp.IsZero() { + // delete the cluster object + if err := r.Delete(ctx, clusterObj); err != nil { + return fmt.Errorf("error deleting cluster object %s/%s: %w", clusterObj.Namespace, clusterObj.Name, err) + } + } + + // default is to error since clusterObj is found + // we return error to ensure object is requeued and we wait until cluster is completed deleted + // this can take a while since seeder will attempt to power off all inventory objects before + // allowing cleanup of underlying cluster object + return fmt.Errorf("waiting for cluster object %s/%s to be deleted before removing finalizer", clusterObj.Namespace, clusterObj.Name) +} + +// EnsureClusterExists will ensure that the underlying Cluster object exists +// and it will reconcile the status of cluster object into nested cluster +func (r *NestedClusterReconciler) EnsureClusterExists(ctx context.Context, n *seederv1alpha1.NestedCluster) error { + // ensure inventory templates exist + if err := r.ensureInventoryTemplatesExist(ctx, n); err != nil { + return fmt.Errorf("error ensuring inventory templates for nested cluster %s/%s: %w", n.Namespace, n.Name, err) + } + + // ensure inventoryTemplates are ready for use + if err := r.ensureInventoryTemplatesAreReady(ctx, n); err != nil { + return fmt.Errorf("error ensuring inventory templates are ready for nested cluster %s/%s: %w", n.Namespace, n.Name, err) + } + + // ensure cluster object using inventory exists + clusterObj := util.GenerateClusterFromNestedCluster(n) + if err := reconcileObject(ctx, r.Client, clusterObj); err != nil { + return fmt.Errorf("error reconciling cluster object for nested cluster %s/%s: %w", n.Namespace, n.Name, err) + } + + // reconcile status from cluster into nestedcluster status + existingCluster := &seederv1alpha1.Cluster{} + err := r.Get(ctx, client.ObjectKey{Namespace: n.Namespace, Name: n.Name}, existingCluster) + if err != nil { + return fmt.Errorf("error fetching cluster object for nested cluster %s/%s: %w", n.Namespace, n.Name, err) + } + + nCopy := n.DeepCopy() + n.Status = existingCluster.Status + if !reflect.DeepEqual(n.Status, nCopy.Status) { + if err := r.Status().Update(ctx, n); err != nil { + return fmt.Errorf("error updating status for nested cluster %s/%s: %w", n.Namespace, n.Name, err) + } + } + return nil +} + +// SetupWithManager sets up the controller with the Manager. +func (r *NestedClusterReconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + For(&seederv1alpha1.NestedCluster{}). + Watches(&seederv1alpha1.Cluster{}, &handler.EnqueueRequestForObject{}). //cluster status updates are not being reconcilled + // need to check and ensure they are applied to the owning nested cluster object + Named("nestedclusters"). + Complete(r) +} + +func (r *NestedClusterReconciler) ensureInventoryTemplatesExist(ctx context.Context, n *seederv1alpha1.NestedCluster) error { + // generate inventoryTemplates based on current nestedcluster spec + desiredTemplates := util.GenerateInventoryTemplates(n) + + inventoryTemplateList := &seederv1alpha1.InventoryTemplateList{} + err := r.List(ctx, inventoryTemplateList, client.InNamespace(n.Namespace), client.MatchingLabels{seederv1alpha1.NestedClusterUIDLabelKey: string(n.GetUID())}) + if err != nil { + return fmt.Errorf("error listing inventory templates for nested cluster %s/%s: %w", n.Namespace, n.Name, err) + } + + toDeleteTemplates := map[string]seederv1alpha1.InventoryTemplate{} + for _, it := range inventoryTemplateList.Items { + toDeleteTemplates[it.Name] = it + } + + // iterate over existing templates query from apiserver + // and identify the ones which may need to be deleted + // since they no longer match the configuration + for _, desiredIT := range desiredTemplates { + delete(toDeleteTemplates, desiredIT.Name) + } + + for _, itToDelete := range toDeleteTemplates { + if err := r.Delete(ctx, &itToDelete); err != nil { + return fmt.Errorf("error deleting inventory template %s/%s: %w", itToDelete.Namespace, itToDelete.Name, err) + } + } + + // apply desired templates + for _, obj := range desiredTemplates { + err := reconcileObject(ctx, r.Client, obj) + if err != nil { + return fmt.Errorf("error reconciling inventorytemplates %s for nestedcluster %s: %w", obj.Name, n.Name, err) + } + } + + return nil +} + +func (r *NestedClusterReconciler) ensureInventoryTemplatesAreReady(ctx context.Context, n *seederv1alpha1.NestedCluster) error { + // fetch inventory templates associated with nested cluster + inventoryTemplateList := &seederv1alpha1.InventoryTemplateList{} + err := r.List(ctx, inventoryTemplateList, client.InNamespace(n.Namespace), client.MatchingLabels{seederv1alpha1.NestedClusterUIDLabelKey: string(n.GetUID())}) + if err != nil { + return fmt.Errorf("error listing inventory templates for nested cluster %s/%s: %w", n.Namespace, n.Name, err) + } + + for _, it := range inventoryTemplateList.Items { + if it.Status.Status != seederv1alpha1.InventoryTemplateProvisioned { + return fmt.Errorf("inventory template %s/%s not yet provisioned", it.Namespace, it.Name) + } + } + + return nil +} diff --git a/pkg/controllers/nested_cluster_controller_test.go b/pkg/controllers/nested_cluster_controller_test.go new file mode 100644 index 0000000..d0501b5 --- /dev/null +++ b/pkg/controllers/nested_cluster_controller_test.go @@ -0,0 +1,150 @@ +package controllers + +import ( + "fmt" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + + seederv1alpha1 "github.com/harvester/seeder/pkg/api/v1alpha1" +) + +var _ = Describe("NestedCluster Controller", func() { + var n *seederv1alpha1.NestedCluster + var a *seederv1alpha1.AddressPool + + memory, err := resource.ParseQuantity("8Gi") + Expect(err).NotTo(HaveOccurred()) + disk, err := resource.ParseQuantity("300Gi") + Expect(err).NotTo(HaveOccurred()) + + BeforeEach(func() { + + a = &seederv1alpha1.AddressPool{ + ObjectMeta: metav1.ObjectMeta{ + Name: "nested-cluster-address-pool", + Namespace: "default", + }, + Spec: seederv1alpha1.AddressSpec{ + CIDR: "192.168.1.1/29", + Gateway: "192.168.1.7", + }, + } + + n = &seederv1alpha1.NestedCluster{ + ObjectMeta: metav1.ObjectMeta{ + Name: "nested-cluster-test", + Namespace: "default", + }, + Spec: seederv1alpha1.NestedClusterSpec{ + HarvesterVersion: "v1.3.0", + ImageURL: "localhost:5000/v1.3.0", + VIPConfig: seederv1alpha1.VIPConfig{ + AddressPoolReference: seederv1alpha1.ObjectReference{ + Name: a.Name, + Namespace: a.Namespace, + }, + }, + InventoryTemplateConfig: []seederv1alpha1.InventoryTemplateConfig{ + { + Name: "template-1", + InventoryTemplateSpec: seederv1alpha1.InventoryTemplateSpec{ + Credentials: &corev1.SecretReference{ + Name: localHarvesterSecretName, + Namespace: "default", + }, + VMSpec: seederv1alpha1.VMSpec{ + CPU: 4, + Memory: memory, + Disks: []seederv1alpha1.DiskConfig{ + { + Bus: "virtio", + Size: disk, + StorageClass: storageClass, + }, + }, + Networks: []seederv1alpha1.NetworkConfig{ + { + NICModel: "virtio", + VMNetwork: nadName, + }, + }, + IngressClassName: "nginx", + Count: 4, + Namespace: "default", + }, + }, + AddressPoolReference: seederv1alpha1.ObjectReference{ + Name: a.Name, + Namespace: a.Namespace, + }, + }, + { + Name: "template-2", + InventoryTemplateSpec: seederv1alpha1.InventoryTemplateSpec{ + Credentials: &corev1.SecretReference{ + Name: localHarvesterSecretName, + Namespace: "default", + }, + VMSpec: seederv1alpha1.VMSpec{ + CPU: 4, + Memory: memory, + Disks: []seederv1alpha1.DiskConfig{ + { + Bus: "virtio", + Size: disk, + StorageClass: storageClass, + }, + }, + Networks: []seederv1alpha1.NetworkConfig{ + { + NICModel: "virtio", + VMNetwork: nadName, + }, + }, + IngressClassName: "nginx", + Count: 4, + Namespace: "default", + }, + }, + AddressPoolReference: seederv1alpha1.ObjectReference{ + Name: a.Name, + Namespace: a.Namespace, + }, + }, + }, + }, + } + + Eventually(func() error { + return k8sClient.Create(ctx, a) + }, "30s", "5s").ShouldNot(HaveOccurred()) + + Eventually(func() error { + return k8sClient.Create(ctx, n) + }, "30s", "5s").ShouldNot(HaveOccurred()) + }) + + It("ensure nested cluster and associated inventory templates are created", func() { + + By("checking inventory templates exist", func() { + Eventually(func() error { + templates := &seederv1alpha1.InventoryTemplateList{} + err := k8sClient.List(ctx, templates, client.InNamespace(n.Namespace), client.MatchingLabels{seederv1alpha1.NestedClusterUIDLabelKey: string(n.GetUID())}) + if err != nil { + return err + } + + if len(templates.Items) != len(n.Spec.InventoryTemplateConfig) { + return fmt.Errorf("expected %d inventory templates, but got %d", len(n.Spec.InventoryTemplateConfig), len(templates.Items)) + } + return nil + }, "30s", "5s").ShouldNot(HaveOccurred()) + }) + }) + +}) diff --git a/pkg/controllers/setup.go b/pkg/controllers/setup.go index 4edea3c..2abd851 100644 --- a/pkg/controllers/setup.go +++ b/pkg/controllers/setup.go @@ -62,6 +62,7 @@ func (s *Server) Start(ctx context.Context) error { utilruntime.Must(seederv1alpha1.AddToScheme(scheme)) utilruntime.Must(tinkv1alpha1.AddToScheme(scheme)) + s.initLogs() mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ Scheme: scheme, @@ -155,6 +156,16 @@ func (s *Server) Start(ctx context.Context) error { Scheme: mgr.GetScheme(), Logger: s.logger.WithName("cluster-tinkerbell-workflow-controller"), }, + &InventoryTemplateReconciler{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + Logger: s.logger.WithName("inventory-template-controller"), + }, + &NestedClusterReconciler{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + Logger: s.logger.WithName("nested-cluster-controller"), + }, } var embedModeControllers = []controller{ diff --git a/pkg/controllers/suite_test.go b/pkg/controllers/suite_test.go index 8b0f428..164d15a 100644 --- a/pkg/controllers/suite_test.go +++ b/pkg/controllers/suite_test.go @@ -20,6 +20,7 @@ import ( "context" "fmt" "os" + "strings" "sync" "testing" "time" @@ -31,9 +32,14 @@ import ( rufio "github.com/tinkerbell/rufio/api/v1alpha1" tinkv1alpha1 "github.com/tinkerbell/tink/api/v1alpha1" corev1 "k8s.io/api/core/v1" + apiextensionv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" clientgoscheme "k8s.io/client-go/kubernetes/scheme" + "k8s.io/client-go/rest" + "k8s.io/client-go/tools/clientcmd" + "k8s.io/client-go/tools/clientcmd/api" + kubevirtv1 "kubevirt.io/api/core/v1" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/envtest" @@ -45,6 +51,8 @@ import ( "github.com/harvester/seeder/pkg/crd" "github.com/harvester/seeder/pkg/endpoint" "github.com/harvester/seeder/pkg/mock" + nadv1 "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1" + storagev1 "k8s.io/api/storage/v1" ) // These tests use Ginkgo (BDD-style Go testing framework). Refer to @@ -65,9 +73,12 @@ var ( ) const ( - defaultToken = "token" - k3sPort = "6443" - redfishPort = "8000" + defaultToken = "token" + k3sPort = "6443" + redfishPort = "8000" + localHarvesterSecretName = "local-harvester" + storageClass = "fake-sc" + nadName = "default/fakevlan" ) func TestAPIs(t *testing.T) { @@ -88,17 +99,8 @@ func TestAPIs(t *testing.T) { var _ = BeforeSuite(func() { ctrlruntimelog.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true))) ctx, cancel = context.WithCancel(context.TODO()) - By("bootstrapping test environment") - testEnv = &envtest.Environment{} - - cfg, err := testEnv.Start() - Expect(err).NotTo(HaveOccurred()) - Expect(cfg).NotTo(BeNil()) - // install CRD's - err = crd.Create(ctx, cfg) - Expect(err).NotTo(HaveOccurred()) - err = seederv1alpha1.AddToScheme(scheme) + err := seederv1alpha1.AddToScheme(scheme) Expect(err).NotTo(HaveOccurred()) err = rufio.AddToScheme(scheme) @@ -109,6 +111,38 @@ var _ = BeforeSuite(func() { err = tinkv1alpha1.AddToScheme(scheme) Expect(err).NotTo(HaveOccurred()) + + err = kubevirtv1.AddToScheme(scheme) + Expect(err).NotTo(HaveOccurred()) + + err = nadv1.AddToScheme(scheme) + Expect(err).NotTo(HaveOccurred()) + + err = storagev1.AddToScheme(scheme) + Expect(err).NotTo(HaveOccurred()) + + err = apiextensionv1.AddToScheme(scheme) + Expect(err).NotTo(HaveOccurred()) + + By("bootstrapping test environment") + testEnv = &envtest.Environment{ + Scheme: scheme, + CRDInstallOptions: envtest.CRDInstallOptions{ + Paths: []string{ + "crds", + }, + }, + ErrorIfCRDPathMissing: true, + } + + cfg, err := testEnv.Start() + Expect(err).NotTo(HaveOccurred()) + Expect(cfg).NotTo(BeNil()) + + // install CRD's + err = crd.Create(ctx, cfg) + Expect(err).NotTo(HaveOccurred()) + //+kubebuilder:scaffold:scheme k8sClient, err = client.New(cfg, client.Options{Scheme: scheme}) @@ -122,6 +156,14 @@ var _ = BeforeSuite(func() { Expect(err).NotTo(HaveOccurred()) err = createSeederDeploymentService(ctx, k8sClient) Expect(err).NotTo(HaveOccurred()) + err = createIngressExposeService(ctx, k8sClient) + Expect(err).NotTo(HaveOccurred()) + err = generateLocalKubeconfigSecret(ctx, cfg, k8sClient) + Expect(err).NotTo(HaveOccurred()) + err = createStorageClass(ctx, k8sClient) + Expect(err).NotTo(HaveOccurred()) + err = createNetAttachDef(ctx, k8sClient) + Expect(err).NotTo(HaveOccurred()) mgr, err := ctrl.NewManager(cfg, ctrl.Options{ Scheme: scheme, @@ -221,6 +263,20 @@ var _ = BeforeSuite(func() { }).SetupWithManager(mgr) Expect(err).NotTo(HaveOccurred()) + err = (&InventoryTemplateReconciler{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + Logger: ctrlruntimelog.Log.WithName("controller.inventory-template-reconciler"), + }).SetupWithManager(mgr) + Expect(err).NotTo(HaveOccurred()) + + err = (&NestedClusterReconciler{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + Logger: ctrlruntimelog.Log.WithName("controller.nested-cluster-reconciler"), + }).SetupWithManager(mgr) + Expect(err).NotTo(HaveOccurred()) + endpointServer := endpoint.NewServer(ctx, mgr.GetClient(), ctrlruntimelog.Log.WithName("endpoint-server")) go func() { defer GinkgoRecover() @@ -401,3 +457,126 @@ func cleanupObjects(ctx context.Context, k8sclient client.Client) error { } return nil } + +func generateLocalKubeconfigSecret(ctx context.Context, cfg *rest.Config, k8sclient client.Client) error { + kubeConfig := api.NewConfig() + clusterName := "envtest-cluster" + kubeConfig.Clusters[clusterName] = &api.Cluster{ + Server: cfg.Host, + CertificateAuthorityData: cfg.CAData, + } + // Define user + userName := "admin" + kubeConfig.AuthInfos[userName] = &api.AuthInfo{ + ClientCertificateData: cfg.CertData, + ClientKeyData: cfg.KeyData, + } + + // Define context + contextName := "envtest-context" + kubeConfig.Contexts[contextName] = &api.Context{ + Cluster: clusterName, + AuthInfo: userName, + } + kubeConfig.CurrentContext = contextName + output, err := clientcmd.Write(*kubeConfig) + if err != nil { + return fmt.Errorf("error generating kubeconfig: %w", err) + } + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: localHarvesterSecretName, + Namespace: "default", + }, + Data: map[string][]byte{ + seederv1alpha1.SecretKubeconfigFieldKey: output, + }, + } + + if err := k8sclient.Create(ctx, secret); err != nil { + return fmt.Errorf("error creating kubeconfig secret") + } + watchedObjects = append(watchedObjects, secret) + return nil +} + +func createIngressExposeService(ctx context.Context, k8sclient client.Client) error { + ns := &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: seederv1alpha1.KubeBMCNS, + }, + } + + err := k8sclient.Create(ctx, ns) + if err != nil { + return err + } + + watchedObjects = append(watchedObjects, ns) + + svc := &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Name: seederv1alpha1.IngressExposeService, + Namespace: seederv1alpha1.KubeSystemNS, + }, + Spec: corev1.ServiceSpec{ + Type: corev1.ServiceTypeLoadBalancer, + Ports: []corev1.ServicePort{ + { + Port: 443, + }, + }, + }, + } + err = k8sclient.Create(ctx, svc) + if err != nil { + return err + } + + err = k8sclient.Get(ctx, types.NamespacedName{Name: svc.Name, Namespace: svc.Namespace}, svc) + if err != nil { + return err + } + + svc.Status = corev1.ServiceStatus{ + LoadBalancer: corev1.LoadBalancerStatus{ + Ingress: []corev1.LoadBalancerIngress{{ + IP: "192.168.1.2", + }, + }, + }, + } + + watchedObjects = append(watchedObjects, svc) + return k8sclient.Status().Update(ctx, svc) +} + +func createStorageClass(ctx context.Context, k8sclient client.Client) error { + sc := &storagev1.StorageClass{ + ObjectMeta: metav1.ObjectMeta{ + Name: storageClass, + }, + Provisioner: "fake-provisioner", + } + + if err := k8sclient.Create(ctx, sc); err != nil { + return fmt.Errorf("error creating storage class: %w", err) + } + watchedObjects = append(watchedObjects, sc) + return nil +} + +func createNetAttachDef(ctx context.Context, k8sclient client.Client) error { + name := strings.Split(nadName, "/") + nad := &nadv1.NetworkAttachmentDefinition{ + ObjectMeta: metav1.ObjectMeta{ + Name: name[1], + Namespace: name[0], + }, + } + if err := k8sclient.Create(ctx, nad); err != nil { + return fmt.Errorf("error creating net-attach-definition: %w", err) + } + watchedObjects = append(watchedObjects, nad) + return nil +} diff --git a/pkg/data/data.go b/pkg/data/data.go index 54a5456..def2cb8 100644 --- a/pkg/data/data.go +++ b/pkg/data/data.go @@ -9,6 +9,8 @@ // chart/seeder-crd/templates/metal.harvesterhci.io_addresspools.yaml // chart/seeder-crd/templates/metal.harvesterhci.io_clusters.yaml // chart/seeder-crd/templates/metal.harvesterhci.io_inventories.yaml +// chart/seeder-crd/templates/metal.harvesterhci.io_inventorytemplates.yaml +// chart/seeder-crd/templates/metal.harvesterhci.io_nestedclusters.yaml // chart/seeder-crd/templates/tinkerbell.org_hardware.yaml package data @@ -201,7 +203,7 @@ func chartSeederCrdTemplatesMetalHarvesterhciIo_addresspoolsYaml() (*asset, erro return nil, err } - info := bindataFileInfo{name: "chart/seeder-crd/templates/metal.harvesterhci.io_addresspools.yaml", size: 3227, mode: os.FileMode(420), modTime: time.Unix(1763946642, 0)} + info := bindataFileInfo{name: "chart/seeder-crd/templates/metal.harvesterhci.io_addresspools.yaml", size: 3227, mode: os.FileMode(420), modTime: time.Unix(1764903413, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -221,7 +223,7 @@ func chartSeederCrdTemplatesMetalHarvesterhciIo_clustersYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "chart/seeder-crd/templates/metal.harvesterhci.io_clusters.yaml", size: 4750, mode: os.FileMode(420), modTime: time.Unix(1763946642, 0)} + info := bindataFileInfo{name: "chart/seeder-crd/templates/metal.harvesterhci.io_clusters.yaml", size: 4750, mode: os.FileMode(420), modTime: time.Unix(1764903413, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -241,7 +243,47 @@ func chartSeederCrdTemplatesMetalHarvesterhciIo_inventoriesYaml() (*asset, error return nil, err } - info := bindataFileInfo{name: "chart/seeder-crd/templates/metal.harvesterhci.io_inventories.yaml", size: 15658, mode: os.FileMode(420), modTime: time.Unix(1763946642, 0)} + info := bindataFileInfo{name: "chart/seeder-crd/templates/metal.harvesterhci.io_inventories.yaml", size: 15658, mode: os.FileMode(420), modTime: time.Unix(1764903413, 0)} + a := &asset{bytes: bytes, info: info} + return a, nil +} + +var _chartSeederCrdTemplatesMetalHarvesterhciIo_inventorytemplatesYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x18\x4d\x6f\xdb\xb8\xf2\xee\x5f\x31\xc0\x7b\x87\xf8\xf5\xc9\x4e\x9a\x4b\xeb\x4b\x51\x78\x8b\x22\xe8\xa6\x1b\x24\x45\x2f\x69\x77\x41\x53\x63\x69\x1a\x89\x54\xc9\xa1\x52\xb7\xe9\x7f\x5f\x90\x94\x1c\xc5\x96\x6c\x6f\x8a\x16\xcb\x4b\xa2\x99\xe1\x7c\x7f\xd1\x49\x92\x8c\x44\x45\xef\xd1\x58\xd2\x6a\x06\xa2\x22\xfc\xc2\xa8\xfc\x97\x9d\xdc\x3c\xb3\x13\xd2\xd3\xfa\x64\x74\x43\x2a\x9d\xc1\xdc\x59\xd6\xe5\x25\x5a\xed\x8c\xc4\xdf\x70\x49\x8a\x98\xb4\x1a\x95\xc8\x22\x15\x2c\x66\x23\x00\xa1\x94\x66\xe1\xc1\xd6\x7f\x02\x7c\xfb\x3e\x02\x50\xa2\xc4\x19\x90\xaa\x51\xb1\x36\x2b\xc6\xb2\x2a\x04\xa3\x9d\xf8\xab\xc5\x24\x17\xa6\x46\xcb\x68\x72\x49\x13\xd2\x23\x5b\xa1\xf4\xb7\x33\xa3\x5d\x35\x83\x7e\xa2\xc8\xb5\x91\x12\x35\x3c\x6b\x05\xbc\x6b\x04\x04\x5c\x41\x96\xdf\xf4\xe3\x7f\x27\xcb\x81\xa6\x2a\x9c\x11\x45\x9f\x8a\x01\x6d\x49\x65\xae\x10\xa6\x87\x60\x04\x60\xa5\xae\x70\x06\x6f\xbd\x3a\x95\x90\x98\x8e\x00\xea\xe8\xd3\xa0\x5e\x02\x22\x4d\x83\xab\x44\x71\x61\x48\x31\x9a\xb9\x2e\x5c\xd9\xba\x28\x81\x4f\x56\xab\x0b\xc1\xf9\x0c\x26\x96\x05\x3b\xdb\xfc\x09\xe8\xd6\x7d\x5b\xda\x5f\x75\x69\x78\xe5\x75\xb0\x6c\x48\x65\x83\x5c\x4b\xb4\x56\x64\xf8\x80\xed\x25\x0a\xab\xd5\x10\x97\x48\x53\x9f\x88\xa2\xca\xc5\x49\x74\x86\xcc\xb1\x14\xb3\xe6\x86\xae\x50\xbd\xbc\x38\x7b\x7f\x7a\xf5\x00\x0c\x90\xa2\x95\x86\x2a\x0e\x99\xb5\xa5\x3b\x90\x05\xce\x11\xe2\x2d\x58\x6a\x13\x3e\xb7\xe9\x5e\x5e\x9c\xad\x59\x56\x46\x57\x68\x98\xda\xa8\xc7\xd3\xc9\xe0\x0e\x74\x43\x81\xbb\xe4\x01\x0e\x3c\xdf\xe6\x16\xa4\x3e\x95\x31\xea\xd3\xc4\x0d\xd3\xc6\x4c\xd0\x4b\xe0\x9c\x2c\x18\xac\x0c\x5a\x54\x31\xb9\x3d\x58\x28\xd0\x8b\x4f\x28\x79\xb2\xc1\xfa\x0a\x8d\x67\x03\x36\xd7\xae\x48\x41\x6a\x55\xa3\x61\x30\x28\x75\xa6\xe8\xeb\x9a\xb7\x05\xd6\x41\x68\x48\x34\x86\x90\x19\x4a\x14\x50\x8b\xc2\xe1\xff\x41\xa8\x74\x83\x73\x29\x56\x60\xd0\xcb\x04\xa7\x3a\xfc\xc2\x05\xbb\xa9\xc7\xb9\x36\x08\xa4\x96\x7a\x06\x39\x73\x65\x67\xd3\x69\x46\xdc\xd6\xb5\xd4\x65\xe9\x14\xf1\x6a\x2a\xb5\x62\x43\x0b\xc7\xda\xd8\x69\x8a\x35\x16\x53\x4b\x59\x22\x8c\xcc\x89\x51\xb2\x33\x38\x15\x15\x25\xc1\x10\x15\x6a\x7b\x52\xa6\xff\x31\x4d\x27\xb0\x0f\xc4\x6e\x65\x50\x3c\xa1\x40\xff\x41\x78\x7c\xc1\xfa\x1c\x11\x0d\xab\x68\xe2\x7d\x14\x3c\xc8\xbb\xee\xf2\xd5\xd5\x3b\x68\x35\x89\x91\x8a\x41\xb9\x27\xdd\xf2\x4b\x1b\x1f\xef\x4d\x52\x4b\x34\xf1\xde\xd2\xe8\x32\xf0\x44\x95\x56\x9a\x14\x87\x0f\x59\x10\x2a\x06\xeb\x16\x25\xb1\x4f\x83\xcf\x0e\x2d\xfb\xd0\x6d\xb2\x9d\x87\xde\x07\x0b\x04\x57\xa5\x82\x31\xdd\x24\x38\x53\x30\x17\x25\x16\x73\x61\xf1\x17\xc7\xca\x47\xc5\x26\x3e\x08\x07\x45\xab\xdb\xd1\x37\x89\xa3\x7b\x3b\x88\xb6\x5b\xdf\x9f\xfe\x3a\xf5\x47\x1a\x4c\xbd\x5a\xa2\xd8\x42\xed\xcb\x88\x18\x39\x69\x90\x2f\x71\x89\x06\x95\xec\xa4\x83\x4f\x94\x88\x84\x35\x76\x02\x67\x0c\xb9\xb0\x80\x4a\xbb\x2c\x0f\xde\x35\x65\x2c\x5f\xd6\x60\x90\x0d\x61\x8d\x60\xc3\xbd\x1e\x69\xa4\x40\xa8\x55\x1c\x33\xbe\xaf\x6f\x91\x0c\xdb\x09\x6d\xeb\xec\x81\x6f\x18\xea\xc9\x7c\xa6\x3b\x45\x9f\x1d\xc2\x2d\x71\xee\x05\xdf\x8b\x8d\xca\xb6\x26\x8b\x5e\x8e\xd0\x58\xb1\x2e\x85\xcd\xfc\x8a\x67\x20\xdc\x5d\x8d\x83\xc8\x03\xd5\x8e\xea\x75\xdb\x67\x84\x34\x36\xdc\xe6\x24\xf3\x08\x1e\x72\x71\x2b\x15\x4a\x67\x63\xe9\x04\x2f\x3c\x42\xfb\x81\xe4\x8c\xe7\x4b\x72\xe3\x16\x68\x14\x32\xda\xa4\x14\x55\x12\xa9\x05\xeb\x92\xe4\x06\x75\x5d\x5e\x6d\x25\x34\xec\x0d\xb6\xd4\x4e\xf1\x90\xdb\x96\xc2\x15\x3c\x83\x93\x5e\x74\x4c\x4a\xbf\x59\xf0\xe9\xd3\x1d\x76\xfb\xe9\x90\xa1\xe9\x93\x5d\xb9\x3d\x92\x9f\xfd\x24\xc9\x29\xd9\x9b\x5e\x77\x00\x10\x63\x39\x80\xda\xe7\xcb\x86\xb7\xa1\x1a\xcd\x30\xbe\x63\x5e\x4d\x86\xc3\x46\x38\x74\x50\xb9\x72\x17\xa7\x64\x3f\x8b\x04\xac\xe0\xa1\xe2\x6b\x08\xa4\xa5\x1d\x04\x7b\x8a\x2f\x1e\x4b\x5f\x07\xaa\x2f\x1e\xa1\x56\x7f\x2c\x77\x9b\xb2\x2f\x68\x9b\x94\x7b\x34\x02\xa8\x04\xfb\xc5\x64\x06\x7f\x1e\x7d\x78\x72\x97\x8c\x5f\x1c\x1d\x5d\x1f\x27\xcf\x3f\x3e\x39\xfa\x30\x09\xff\xfc\x6f\xfc\x62\x7c\xd7\x7e\x3c\x19\x8f\x8f\x8e\xae\xdf\x9c\xbf\x7e\x77\xf1\xea\x23\x8d\xef\xae\x95\x2b\x6f\xe2\xd7\xdd\xd1\x35\xbe\xfa\x78\x20\x93\xf1\xf8\xc5\x7f\x77\x28\xf5\xa0\xa4\x49\x71\xa2\x4d\x12\x2d\x99\x01\x1b\xb7\xdd\xac\xdb\x63\x59\x1b\x91\xe1\xbc\x10\x76\x47\xf6\x1d\x14\x2e\xbf\x0c\x90\xc1\x74\x88\x4d\xd2\x24\xf1\x20\xda\x47\x7b\x18\xd9\x51\x74\x80\x68\x67\xd3\xbb\x27\x10\xc6\x88\x55\xef\x80\xcb\x0c\x5a\x1b\x24\xbc\xdd\x31\xad\x9a\x32\x53\x19\xa9\x2f\x8f\x99\x2b\x25\x96\xda\xac\xfa\xb9\xef\x48\xe8\x43\x52\xf9\x80\x24\x5e\xeb\x7f\xfa\xf4\x75\x7f\x7d\xfe\xcb\x12\xfc\x11\xa9\xbd\x77\x72\x37\x2e\x68\xfe\x79\xd4\x72\x80\x7c\xab\xcd\xa3\xda\xfd\xfe\xc5\x2e\x9e\xb7\x51\xc4\x5c\xab\x25\x65\x20\x8a\x42\xdf\x5a\x70\xd6\xef\xea\xac\x9b\x3d\x03\xde\x9f\x37\x64\x01\xe8\x57\x06\x8b\x69\x58\x39\x40\x91\x8c\x8f\xa8\xa5\x90\x68\x81\xd4\xa0\x24\xbf\x94\x38\x95\xa2\x29\x56\xfe\x25\xe1\xfd\xed\x27\x00\xd4\xe5\x0f\x4c\x2c\x45\xf2\x5c\xa7\x58\xfc\xaa\x99\x85\x27\xc7\xc7\xc7\xfb\x29\x86\x5b\xa1\x27\xa1\x6c\xb1\x13\xaf\xf0\xe9\xcd\x5f\x95\xdc\x35\xd8\x12\xa8\xa4\x1a\x5c\xef\x22\x85\xe1\xe2\xd9\xc9\xe9\xf3\x1f\x9b\xc1\x07\xcd\xab\xba\x6c\xf2\xe3\xa7\x37\xf7\x36\xde\x83\x04\x6b\x55\x7e\x46\xfb\x1e\xd6\x2f\x89\xdb\x68\x1f\xbc\x72\x3d\xd0\xb0\xc5\xf5\xc0\x37\xc7\x43\x0f\x49\xec\xec\x3d\x88\xe1\x47\x53\xb2\xee\x24\x87\xef\xf0\xfd\xb6\x26\xdd\xe7\xe4\x06\x26\x6e\xf1\x07\x3d\x5f\xc3\x4f\x63\x87\x3e\x60\x9b\x5f\xd0\xb6\x9d\xbe\x23\xa3\xfa\x24\xec\xbc\xd2\xab\xe9\x16\xd0\xa2\xa9\x31\xed\x8c\x84\x66\x61\xe8\x42\xdc\x62\xfd\x2b\x4d\x2b\xbf\xd1\x06\xbe\x7d\x1f\xfd\x1d\x00\x00\xff\xff\x0b\xf1\x56\x83\x00\x16\x00\x00") + +func chartSeederCrdTemplatesMetalHarvesterhciIo_inventorytemplatesYamlBytes() ([]byte, error) { + return bindataRead( + _chartSeederCrdTemplatesMetalHarvesterhciIo_inventorytemplatesYaml, + "chart/seeder-crd/templates/metal.harvesterhci.io_inventorytemplates.yaml", + ) +} + +func chartSeederCrdTemplatesMetalHarvesterhciIo_inventorytemplatesYaml() (*asset, error) { + bytes, err := chartSeederCrdTemplatesMetalHarvesterhciIo_inventorytemplatesYamlBytes() + if err != nil { + return nil, err + } + + info := bindataFileInfo{name: "chart/seeder-crd/templates/metal.harvesterhci.io_inventorytemplates.yaml", size: 5632, mode: os.FileMode(420), modTime: time.Unix(1764905007, 0)} + a := &asset{bytes: bytes, info: info} + return a, nil +} + +var _chartSeederCrdTemplatesMetalHarvesterhciIo_nestedclustersYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x1a\xcb\x72\xdb\x38\xf2\xae\xaf\xe8\xaa\xdd\x83\xb5\x59\xca\x76\x7c\xc9\xe8\x92\x4a\x29\xa9\x29\x57\xc6\x1e\x97\xed\xcd\xc5\x93\xdd\x82\xc8\x16\x89\x31\x09\x70\xf0\xa0\xa3\x89\xf3\xef\x5b\x78\x50\xa2\x28\x3e\x20\xdb\x95\xa4\x2f\xb6\x80\x46\xa3\xdf\xdd\x00\x18\x45\xd1\x84\x94\xf4\x13\x0a\x49\x39\x9b\x03\x29\x29\x7e\x51\xc8\xcc\x2f\x39\xbb\x7f\x23\x67\x94\x1f\x57\xa7\x93\x7b\xca\x92\x39\x2c\xb4\x54\xbc\xb8\x46\xc9\xb5\x88\xf1\x3d\xae\x28\xa3\x8a\x72\x36\x29\x50\x91\x84\x28\x32\x9f\x00\x10\xc6\xb8\x22\x66\x58\x9a\x9f\x00\x5f\xbf\x4d\x00\x18\x29\x70\x0e\x0c\xa5\xc2\x24\xce\xb5\x54\x28\xe4\xcc\x2c\xcb\x67\x19\x11\x95\x19\x17\x59\x4c\x67\x94\x4f\x64\x89\xb1\x59\x99\x0a\xae\xcb\x39\x74\x23\x39\x8a\x7e\x07\xc7\xdd\xa5\x25\xbe\x70\xc4\xed\x78\x4e\xa5\xfa\xb8\x3f\xf7\x1b\x95\xca\xce\x97\xb9\x16\x24\x6f\xb3\x65\xa7\x24\x65\xa9\xce\x89\x68\x4d\x4e\x00\x64\xcc\x4b\x9c\xc3\xa5\xd9\xbe\x24\x31\x26\x13\x80\xca\xe9\xcf\xb2\x13\x01\x49\x12\xab\x16\x92\x5f\x09\xca\x14\x8a\x05\xcf\x75\x51\xab\x23\x82\x3f\x25\x67\x57\x44\x65\x73\x98\x49\x45\x94\x96\xfe\x8f\x9d\xae\x55\xe5\x79\xbd\x69\xce\xa8\xb5\xd9\x59\x2a\x41\x59\xda\x4b\x4b\xf1\x7b\x64\x5d\xa4\x6e\x1b\x13\x41\x94\xbc\xcc\xef\x92\x44\xa0\xec\xe4\x6e\x77\x6a\x8f\xa8\xc3\xad\x4e\x49\x5e\x66\xe4\xd4\xe9\x35\xce\xb0\x20\x73\xbf\x82\x97\xc8\xde\x5d\x9d\x7f\x3a\xbb\xd9\x19\x06\x48\x50\xc6\x82\x96\xca\x3a\xa5\xdf\x0c\xa8\x04\x95\x21\x38\x5c\x58\x71\x61\x7f\xd6\x66\x83\x77\x57\xe7\x9b\xf5\xa5\xe0\x25\x0a\x45\x6b\x0f\x71\xd0\xf0\xf4\xc6\x68\x6b\xb7\xc7\x68\x67\x0e\x0c\x5d\xbf\x0a\x12\xe3\xf2\xe8\xd8\xf0\x36\xc7\xc4\xcb\x04\x7c\x05\x2a\xa3\x12\x04\x96\x02\x25\x32\x17\x04\x66\x98\x30\xe0\xcb\x3f\x31\x56\xb3\x16\xe9\x1b\x14\x86\x0c\xc8\x8c\xeb\x3c\x81\x98\xb3\x0a\x85\x02\x81\x31\x4f\x19\xfd\x7b\x43\x5b\x82\xe2\x76\xd3\x9c\x28\x94\x0a\xac\x57\x31\x92\x43\x45\x72\x8d\xff\x06\xc2\x92\x16\xe5\x82\xac\x41\xa0\xd9\x13\x34\x6b\xd0\xb3\x0b\x64\x9b\x8f\x0b\x2e\x10\x28\x5b\xf1\x39\x64\x4a\x95\x72\x7e\x7c\x9c\x52\x55\xc7\x7f\xcc\x8b\x42\x33\xaa\xd6\xc7\x31\x67\x4a\xd0\xa5\x56\x5c\xc8\xe3\x04\x2b\xcc\x8f\x25\x4d\x23\x22\xe2\x8c\x2a\x8c\x95\x16\x78\x4c\x4a\x1a\x59\x41\x98\xcd\x01\xb3\x22\xf9\x87\xf0\x19\x43\xee\x6c\xbb\xe7\x2e\x0e\x6c\x30\x1f\x60\x1e\x13\xe0\xc6\x35\x88\x27\xe5\x44\xdc\x5a\xc1\x0c\x19\xd5\x5d\x7f\xb8\xb9\x85\x9a\x13\x67\x29\x67\x94\x2d\xea\x9e\x5e\x6a\xfb\x18\x6d\x52\xb6\x42\xe1\xd6\xad\x04\x2f\x2c\x4d\x64\x49\xc9\x29\x53\xde\x11\x29\x32\x05\x52\x2f\x0b\xaa\x8c\x1b\xfc\xa5\x51\x2a\x63\xba\x36\xd9\x85\xcd\x91\xb0\x44\xd0\x65\x42\x14\x26\x6d\x84\x73\x06\x0b\x52\x60\xbe\x20\x12\xbf\xb3\xad\x8c\x55\x64\x64\x8c\x10\x64\xad\x66\xe6\x6f\x23\x3b\xf5\x36\x26\xea\xcc\x1e\x6a\xda\x9d\xac\x7d\x53\x62\xbc\x13\x80\x26\x4b\xa1\x09\x2f\xcd\x12\x14\xf9\xda\x18\xba\x4e\x15\x7b\x5b\x1b\x48\x91\xa1\x50\x98\xc0\x72\x6d\x09\xb8\xcc\x5e\x27\x10\xb0\x0a\xe3\x79\xee\x8b\x47\x0d\xdd\xa9\xc4\x80\x5f\xb8\xe0\x6c\x45\xd3\xf6\xe4\xd0\x42\x03\x4b\xce\x92\xdf\xcb\x46\x99\x6c\x43\xb3\x8a\x0c\x11\x82\x7e\xe3\xb4\x11\x3a\xb5\x62\x25\xb1\x22\xfc\xe7\xfa\xb7\xee\x0d\x46\xc8\xc7\xb6\x2d\xb8\x12\xbc\xa2\x26\x23\x52\x96\xde\x62\x51\x9a\x54\xf5\x24\x72\xb6\xb0\xbb\xc0\xeb\x5e\x4f\x15\x16\xcf\x55\x05\x11\x82\xac\x3b\xe6\xa5\xcc\x3e\xe2\xfa\x47\x6c\xac\x04\x92\xe2\xbc\x20\x29\x5e\xf0\x64\x50\x73\x4b\xce\x73\x24\xac\x03\xa3\xca\x09\x3b\x7f\xdf\xbd\x36\xc1\x15\xd1\xb9\x9a\xc3\x69\xe7\x74\x41\x19\x2d\x74\xd1\x37\xed\x76\x36\x75\x27\x6d\xc5\x87\x83\x07\x5a\xe2\x7b\x2a\xef\x7b\xd4\x33\xcc\xf8\x80\x77\x52\xa3\x90\x4e\xc7\x1c\xd0\x37\xb5\x19\x8d\x8b\x75\xed\x87\x7d\x21\xda\x6b\xd0\xe1\xbc\xe4\xe0\xbc\x7b\x97\x9d\x1c\xb5\xe1\x04\x94\x47\xea\x8e\x75\x96\x00\x1a\x4c\x4d\xf2\x7c\x0d\x29\x9a\x4c\x65\x4a\x7d\x8b\x88\x53\x91\xb4\xf8\x2e\x66\xb5\x40\x53\xfa\xe2\x46\xd7\xdb\x06\x2d\xeb\x12\x98\x7a\xb2\x49\x83\xa4\x21\x45\x5c\x1b\x07\x25\xe7\x39\x08\x5c\xa1\x40\xd6\xae\xd6\x0e\x86\x73\x1a\xd4\x94\xae\x38\xcf\xaf\x6b\x3a\x7d\x01\x33\x46\x0b\xea\x0e\xb2\x77\x36\x20\xe8\x6a\x22\xb6\x55\x7f\x26\x25\x53\xd1\xa9\xc0\xa4\x8f\x4c\x64\x77\x1a\x9c\xb4\x6c\x0c\x26\x90\xde\x1c\xdd\xe1\xd6\x37\x7b\xf5\x74\x0b\x21\xda\x8d\x05\x26\xa6\xf4\x93\x7c\x00\x29\x2c\x18\x6a\xb8\xc1\x58\xa0\xda\xd8\xbe\xd1\x5b\x01\xf1\x93\xb0\x99\x9d\xc1\xb9\x82\x8c\x48\x40\xc6\x75\x9a\xd9\xae\x46\x14\xae\x6d\x56\x1c\x04\x2a\x41\xb1\x42\x90\x76\xdd\xe0\xbe\x94\x01\x61\xeb\x51\x1d\x87\x6a\x06\x02\x7c\x6f\x4f\x35\x66\x81\xe9\x44\x35\xa3\x7f\x69\x84\x07\xaa\x32\xc3\xd6\x96\x29\x27\x94\x17\x7e\x84\x32\x98\x86\xd6\xe9\xab\x6e\x5a\xdb\x9d\x60\x1b\x82\x82\x01\x42\x03\xa2\x53\x3c\x27\xc6\x4e\x17\x66\x47\xbc\xac\x0f\x19\x8d\xb3\x51\xc1\xec\x32\x27\x9a\x55\x59\xa1\xa5\x6b\x86\xad\xde\x5e\x48\xca\xd1\x68\x72\xf0\x25\xba\xd7\x4b\x14\x0c\x15\xca\xa8\x20\x65\xe4\xab\xb4\xe2\x05\x8d\x7b\xd7\x55\xc5\x50\xe8\xc1\x01\x4e\x16\x73\xcd\xd4\xb8\x19\x06\x4b\xf7\x16\x5c\xf8\xd8\x3a\x7d\xf6\x3a\x48\x8f\xfd\x15\xbd\xc1\x63\xa9\x83\x39\x7c\xf3\x43\x38\x4c\xfa\x3b\x8f\x2d\x0c\x76\x6f\x5b\x08\xb5\x9c\xdf\x59\xd0\x0a\x45\x08\x66\x43\x49\x15\x15\xca\xde\x61\x8d\x03\x32\x5d\x84\x51\x8f\x0e\x21\x1b\x81\x24\x8a\x84\xa2\xc6\x92\x06\xa1\x06\x27\x20\x07\x92\xfe\x3d\x9a\x81\x1c\x10\xb6\xfe\x7d\x15\xaa\x86\x70\xb7\x69\xaf\x09\xe6\x1c\xa0\x24\x4a\xa1\x60\x73\xf8\xef\xd1\x1f\xaf\x1e\xa3\xe9\xdb\xa3\xa3\xbb\x93\xe8\x97\xcf\xaf\x8e\xfe\x98\xd9\x7f\xfe\x35\x7d\x3b\x7d\xac\x7f\xbc\x9a\x4e\x8f\x8e\xee\x3e\x5e\xfc\x7a\x7b\xf5\xe1\x33\x9d\x3e\xde\x31\x5d\xdc\xbb\x5f\x8f\x47\x77\xf8\xe1\x73\x20\x91\xe9\xf4\xed\x3f\x83\xd8\xdb\x49\x6b\x94\xa9\x88\x8b\xc8\x49\x37\x07\x25\xf4\x78\xf1\x31\x07\x12\x2e\x48\x8a\x8b\x9c\xc8\xa0\x48\x38\xd0\xfc\x63\xcd\xd4\x16\x22\x1f\x64\x01\x88\xc6\xa3\x42\xd0\x1a\xa2\x8d\x57\xab\xb0\x42\x02\xa3\x27\xbc\x2d\x50\x96\x9a\x2e\xd9\xee\x7f\x19\xd4\x65\xf8\xc4\xc1\x52\xca\xbe\xbc\x54\x17\x50\x60\xc1\xc5\x7a\x6c\xef\xa0\xd0\x3b\x2c\xe8\x0e\x0a\xb7\x8d\xec\x67\xaf\x7f\x1d\xcb\x42\x3f\x6d\x50\x3e\x2b\x1c\x0f\xe8\xd6\xbc\xaa\xfc\x3f\x2f\xd6\x2e\xa2\x7a\xe0\xe2\xc5\x0a\xec\x21\xc7\x09\x07\x97\x8e\x01\x7f\xbe\x26\x79\xce\x1f\x24\x68\x89\xc2\xde\x8b\xbb\x6e\x14\x3e\x5d\x78\x34\x3b\x68\xda\x49\x89\x89\x6d\x4c\x81\xd1\xd8\x5d\x99\xaf\x48\x8c\x12\x68\xd7\xd5\x49\x1b\x4c\x93\xda\xb8\x58\x34\xf6\x33\xf5\x15\xaa\xe2\x85\x3b\x08\x46\xe3\x0b\x9e\x60\xfe\x73\xf4\x10\x78\x7a\x72\x72\x72\x08\x6e\x48\x29\x31\xc8\x34\x5d\x06\x62\x32\x7c\x7d\xff\xbf\x32\x0e\x6b\x39\x22\x28\x63\x36\x72\x36\xdc\xe2\x0a\x95\xbf\x39\x3d\xfb\xe5\xe5\xfb\xa9\x03\xfb\x87\xaa\xf0\xbe\xfa\x83\x0b\x6b\xed\x7b\x01\xa8\x1b\x96\xbf\x7f\xc1\x0c\x91\x28\x72\x27\xa9\x61\x8c\x52\x0f\xce\xdb\x53\xc4\x20\x46\xbb\x70\x0f\x22\xbb\xfa\x3a\x88\x12\x72\x5d\x11\x6d\xf2\xef\xf3\x4e\xbb\xe3\xb7\x57\x8d\xeb\xa0\x5e\x1c\x77\xf2\x7d\xea\x0d\xd6\xd0\x95\xca\x88\x93\x0f\xb1\x1f\x75\xde\x3b\x76\x22\x76\xde\xa1\x75\x62\xf6\xdc\xe5\x0d\xca\xd8\xef\xcf\x55\xd7\xbb\xf3\x88\xd8\x15\x2d\x9f\xf6\xb6\x14\x7e\x0b\x3b\x5e\xaa\x86\x6f\xc1\x02\x32\x53\x40\xfb\x32\x4a\x65\xd8\x77\x07\xee\x5d\xc7\x42\x6c\xc4\x63\xa5\x22\x8a\xc6\xfe\x2b\x87\x27\x3c\x66\xf5\xf3\x1d\xe8\xb2\xbd\xfc\x75\x53\x8e\x76\xdf\x24\x5b\x73\xf5\x5b\x4a\x7b\xb8\xfb\x1d\xa3\x85\xe5\x1d\xb8\x3d\x5a\xbb\xe8\x24\x80\x6b\xf7\x59\xc9\xc0\x03\xf0\xce\x37\x2f\x3b\xb7\x8c\x7c\x69\x5f\x04\x93\xed\xa3\xef\xa2\xe3\xc5\x63\xf4\xa9\xb6\xd7\x92\x03\x56\xec\xe2\x7a\x64\x89\xfd\x04\xe7\x80\x15\x9d\xfa\xda\x1b\x74\x1a\x68\x1c\x18\xfc\x31\xb6\x39\xa2\x97\x9b\x6f\x2d\xea\xfd\x3d\xff\xf0\xf5\xdb\xe4\xff\x01\x00\x00\xff\xff\xbd\xca\x5a\x2b\xee\x25\x00\x00") + +func chartSeederCrdTemplatesMetalHarvesterhciIo_nestedclustersYamlBytes() ([]byte, error) { + return bindataRead( + _chartSeederCrdTemplatesMetalHarvesterhciIo_nestedclustersYaml, + "chart/seeder-crd/templates/metal.harvesterhci.io_nestedclusters.yaml", + ) +} + +func chartSeederCrdTemplatesMetalHarvesterhciIo_nestedclustersYaml() (*asset, error) { + bytes, err := chartSeederCrdTemplatesMetalHarvesterhciIo_nestedclustersYamlBytes() + if err != nil { + return nil, err + } + + info := bindataFileInfo{name: "chart/seeder-crd/templates/metal.harvesterhci.io_nestedclusters.yaml", size: 9710, mode: os.FileMode(420), modTime: time.Unix(1764905007, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -318,15 +360,17 @@ func AssetNames() []string { // _bindata is a table, holding each asset generator, mapped to its name. var _bindata = map[string]func() (*asset, error){ - "chart/seeder-crd/templates/bmc.tinkerbell.org_baseboardmanagements.yaml": chartSeederCrdTemplatesBmcTinkerbellOrg_baseboardmanagementsYaml, - "chart/seeder-crd/templates/bmc.tinkerbell.org_bmctasks.yaml": chartSeederCrdTemplatesBmcTinkerbellOrg_bmctasksYaml, - "chart/seeder-crd/templates/bmc.tinkerbell.org_jobs.yaml": chartSeederCrdTemplatesBmcTinkerbellOrg_jobsYaml, - "chart/seeder-crd/templates/bmc.tinkerbell.org_machines.yaml": chartSeederCrdTemplatesBmcTinkerbellOrg_machinesYaml, - "chart/seeder-crd/templates/bmc.tinkerbell.org_tasks.yaml": chartSeederCrdTemplatesBmcTinkerbellOrg_tasksYaml, - "chart/seeder-crd/templates/metal.harvesterhci.io_addresspools.yaml": chartSeederCrdTemplatesMetalHarvesterhciIo_addresspoolsYaml, - "chart/seeder-crd/templates/metal.harvesterhci.io_clusters.yaml": chartSeederCrdTemplatesMetalHarvesterhciIo_clustersYaml, - "chart/seeder-crd/templates/metal.harvesterhci.io_inventories.yaml": chartSeederCrdTemplatesMetalHarvesterhciIo_inventoriesYaml, - "chart/seeder-crd/templates/tinkerbell.org_hardware.yaml": chartSeederCrdTemplatesTinkerbellOrg_hardwareYaml, + "chart/seeder-crd/templates/bmc.tinkerbell.org_baseboardmanagements.yaml": chartSeederCrdTemplatesBmcTinkerbellOrg_baseboardmanagementsYaml, + "chart/seeder-crd/templates/bmc.tinkerbell.org_bmctasks.yaml": chartSeederCrdTemplatesBmcTinkerbellOrg_bmctasksYaml, + "chart/seeder-crd/templates/bmc.tinkerbell.org_jobs.yaml": chartSeederCrdTemplatesBmcTinkerbellOrg_jobsYaml, + "chart/seeder-crd/templates/bmc.tinkerbell.org_machines.yaml": chartSeederCrdTemplatesBmcTinkerbellOrg_machinesYaml, + "chart/seeder-crd/templates/bmc.tinkerbell.org_tasks.yaml": chartSeederCrdTemplatesBmcTinkerbellOrg_tasksYaml, + "chart/seeder-crd/templates/metal.harvesterhci.io_addresspools.yaml": chartSeederCrdTemplatesMetalHarvesterhciIo_addresspoolsYaml, + "chart/seeder-crd/templates/metal.harvesterhci.io_clusters.yaml": chartSeederCrdTemplatesMetalHarvesterhciIo_clustersYaml, + "chart/seeder-crd/templates/metal.harvesterhci.io_inventories.yaml": chartSeederCrdTemplatesMetalHarvesterhciIo_inventoriesYaml, + "chart/seeder-crd/templates/metal.harvesterhci.io_inventorytemplates.yaml": chartSeederCrdTemplatesMetalHarvesterhciIo_inventorytemplatesYaml, + "chart/seeder-crd/templates/metal.harvesterhci.io_nestedclusters.yaml": chartSeederCrdTemplatesMetalHarvesterhciIo_nestedclustersYaml, + "chart/seeder-crd/templates/tinkerbell.org_hardware.yaml": chartSeederCrdTemplatesTinkerbellOrg_hardwareYaml, } // AssetDir returns the file names below a certain @@ -373,15 +417,17 @@ var _bintree = &bintree{nil, map[string]*bintree{ "chart": &bintree{nil, map[string]*bintree{ "seeder-crd": &bintree{nil, map[string]*bintree{ "templates": &bintree{nil, map[string]*bintree{ - "bmc.tinkerbell.org_baseboardmanagements.yaml": &bintree{chartSeederCrdTemplatesBmcTinkerbellOrg_baseboardmanagementsYaml, map[string]*bintree{}}, - "bmc.tinkerbell.org_bmctasks.yaml": &bintree{chartSeederCrdTemplatesBmcTinkerbellOrg_bmctasksYaml, map[string]*bintree{}}, - "bmc.tinkerbell.org_jobs.yaml": &bintree{chartSeederCrdTemplatesBmcTinkerbellOrg_jobsYaml, map[string]*bintree{}}, - "bmc.tinkerbell.org_machines.yaml": &bintree{chartSeederCrdTemplatesBmcTinkerbellOrg_machinesYaml, map[string]*bintree{}}, - "bmc.tinkerbell.org_tasks.yaml": &bintree{chartSeederCrdTemplatesBmcTinkerbellOrg_tasksYaml, map[string]*bintree{}}, - "metal.harvesterhci.io_addresspools.yaml": &bintree{chartSeederCrdTemplatesMetalHarvesterhciIo_addresspoolsYaml, map[string]*bintree{}}, - "metal.harvesterhci.io_clusters.yaml": &bintree{chartSeederCrdTemplatesMetalHarvesterhciIo_clustersYaml, map[string]*bintree{}}, - "metal.harvesterhci.io_inventories.yaml": &bintree{chartSeederCrdTemplatesMetalHarvesterhciIo_inventoriesYaml, map[string]*bintree{}}, - "tinkerbell.org_hardware.yaml": &bintree{chartSeederCrdTemplatesTinkerbellOrg_hardwareYaml, map[string]*bintree{}}, + "bmc.tinkerbell.org_baseboardmanagements.yaml": &bintree{chartSeederCrdTemplatesBmcTinkerbellOrg_baseboardmanagementsYaml, map[string]*bintree{}}, + "bmc.tinkerbell.org_bmctasks.yaml": &bintree{chartSeederCrdTemplatesBmcTinkerbellOrg_bmctasksYaml, map[string]*bintree{}}, + "bmc.tinkerbell.org_jobs.yaml": &bintree{chartSeederCrdTemplatesBmcTinkerbellOrg_jobsYaml, map[string]*bintree{}}, + "bmc.tinkerbell.org_machines.yaml": &bintree{chartSeederCrdTemplatesBmcTinkerbellOrg_machinesYaml, map[string]*bintree{}}, + "bmc.tinkerbell.org_tasks.yaml": &bintree{chartSeederCrdTemplatesBmcTinkerbellOrg_tasksYaml, map[string]*bintree{}}, + "metal.harvesterhci.io_addresspools.yaml": &bintree{chartSeederCrdTemplatesMetalHarvesterhciIo_addresspoolsYaml, map[string]*bintree{}}, + "metal.harvesterhci.io_clusters.yaml": &bintree{chartSeederCrdTemplatesMetalHarvesterhciIo_clustersYaml, map[string]*bintree{}}, + "metal.harvesterhci.io_inventories.yaml": &bintree{chartSeederCrdTemplatesMetalHarvesterhciIo_inventoriesYaml, map[string]*bintree{}}, + "metal.harvesterhci.io_inventorytemplates.yaml": &bintree{chartSeederCrdTemplatesMetalHarvesterhciIo_inventorytemplatesYaml, map[string]*bintree{}}, + "metal.harvesterhci.io_nestedclusters.yaml": &bintree{chartSeederCrdTemplatesMetalHarvesterhciIo_nestedclustersYaml, map[string]*bintree{}}, + "tinkerbell.org_hardware.yaml": &bintree{chartSeederCrdTemplatesTinkerbellOrg_hardwareYaml, map[string]*bintree{}}, }}, }}, }}, diff --git a/pkg/util/client_test.go b/pkg/util/client_test.go index 292d8cd..7a82c6e 100644 --- a/pkg/util/client_test.go +++ b/pkg/util/client_test.go @@ -2,19 +2,12 @@ package util import ( "context" - "fmt" - "log" - "os" "testing" - "time" - "github.com/ory/dockertest/v3" - "github.com/ory/dockertest/v3/docker" "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" typedCore "k8s.io/client-go/kubernetes/typed/core/v1" "k8s.io/client-go/tools/clientcmd" - runtimelog "sigs.k8s.io/controller-runtime/pkg/log" ) var k3sNodeAddress string @@ -24,7 +17,7 @@ const ( k3sPort = "6443" ) -func TestMain(t *testing.M) { +/*func TestMain(t *testing.M) { // setup a k3s server in docker using dockertest pool, err := dockertest.NewPool("") if err != nil { @@ -80,7 +73,7 @@ func TestMain(t *testing.M) { _ = pool.Purge(k3s) os.Exit(code) -} +}*/ func Test_GenerateKubeConfig(t *testing.T) { assert := require.New(t) diff --git a/pkg/util/vmpool.go b/pkg/util/vmpool.go new file mode 100644 index 0000000..7dfe5f1 --- /dev/null +++ b/pkg/util/vmpool.go @@ -0,0 +1,495 @@ +package util + +import ( + "context" + "crypto/rand" + "fmt" + "net" + + rufio "github.com/tinkerbell/rufio/api/v1alpha1" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/tools/clientcmd" + "k8s.io/utils/ptr" + "sigs.k8s.io/controller-runtime/pkg/client" + + cdiv1 "kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1" + + nadv1 "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1" + networkingv1 "k8s.io/api/networking/v1" + clientgoscheme "k8s.io/client-go/kubernetes/scheme" + kubevirtv1 "kubevirt.io/api/core/v1" + + seederv1alpha1 "github.com/harvester/seeder/pkg/api/v1alpha1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" +) + +func GenerateVMPool(iObj *seederv1alpha1.InventoryTemplate) ([]*kubevirtv1.VirtualMachine, error) { + poolName := iObj.Name + + var vmObjs []*kubevirtv1.VirtualMachine + // generate network interfaces + + // GenerateDataVolumeTemplates, Disk and Volume Info in one go + // so this can be added to the VirtualMachineTemplateSpec + + for vmCount := 0; vmCount < int(iObj.Spec.VMSpec.Count); vmCount++ { + dataVolumeTemplates := []kubevirtv1.DataVolumeTemplateSpec{} + disks := []kubevirtv1.Disk{} + volumes := []kubevirtv1.Volume{} + for i, diskReq := range iObj.Spec.VMSpec.Disks { + // generate datavolumetemplates + // us vm count as dataVolumeTemplate name is used to eventually + // create associated PVC as a result needs to include vmCount + // to uniquely identify it for the VM + diskName := fmt.Sprintf("%s-disk-%d-%d", poolName, vmCount, i) + dataVolumeTemplate := &kubevirtv1.DataVolumeTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Name: diskName, + }, + Spec: cdiv1.DataVolumeSpec{ + Source: &cdiv1.DataVolumeSource{ + Blank: &cdiv1.DataVolumeBlankImage{}, + }, + PVC: &corev1.PersistentVolumeClaimSpec{ + AccessModes: []corev1.PersistentVolumeAccessMode{ + corev1.ReadWriteMany, + }, + StorageClassName: &diskReq.StorageClass, + Resources: corev1.VolumeResourceRequirements{ + Requests: map[corev1.ResourceName]resource.Quantity{ + corev1.ResourceStorage: diskReq.Size, + }, + }, + }, + }, + } + dataVolumeTemplates = append(dataVolumeTemplates, *dataVolumeTemplate) + // generate disk spec + // disk boot order is set to after networks + // so is len of networks count + current count + 1 + // as current count starts at 0 + bootOrder := len(iObj.Spec.VMSpec.Networks) + i + 1 + disk := kubevirtv1.Disk{ + Name: diskName, + DiskDevice: kubevirtv1.DiskDevice{ + Disk: &kubevirtv1.DiskTarget{ + Bus: diskReq.Bus, + }, + }, + BootOrder: ptr.To(uint(bootOrder)), + } + disks = append(disks, disk) + volume := kubevirtv1.Volume{ + Name: diskName, + VolumeSource: kubevirtv1.VolumeSource{ + DataVolume: &kubevirtv1.DataVolumeSource{ + Name: diskName, + }, + }, + } + volumes = append(volumes, volume) + } + + // generate network definitions + // since nic is specific to VM no need to include vmCount here + interfaces := []kubevirtv1.Interface{} + networks := []kubevirtv1.Network{} + for i, nic := range iObj.Spec.VMSpec.Networks { + nicName := fmt.Sprintf("%s-nic-%d", poolName, i) + + // define network attachment for VM + network := kubevirtv1.Network{ + Name: nicName, + NetworkSource: kubevirtv1.NetworkSource{ + Multus: &kubevirtv1.MultusNetwork{ + NetworkName: nic.VMNetwork, + }, + }, + } + networks = append(networks, network) + + hwAddr, err := GenerateMacAddress() + if err != nil { + return nil, fmt.Errorf("error generating mac address for vm pool interfaces: %w", err) + } + // define nic's and boot order + bootOrder := i + 1 + nicInterface := kubevirtv1.Interface{ + Name: nicName, + Model: nic.NICModel, + BootOrder: ptr.To(uint(bootOrder)), + MacAddress: hwAddr.String(), + InterfaceBindingMethod: kubevirtv1.InterfaceBindingMethod{ + Bridge: &kubevirtv1.InterfaceBridge{}, + }, + } + interfaces = append(interfaces, nicInterface) + } + + vm := &kubevirtv1.VirtualMachine{ + TypeMeta: metav1.TypeMeta{ + Kind: kubevirtv1.VirtualMachineGroupVersionKind.Kind, + APIVersion: kubevirtv1.VirtualMachineGroupVersionKind.GroupVersion().String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: fmt.Sprintf("%s-%d", poolName, vmCount), + Namespace: iObj.Spec.VMSpec.Namespace, + Labels: map[string]string{ + seederv1alpha1.InventoryUUIDLabelKey: string(iObj.GetUID()), + }, + }, + Spec: kubevirtv1.VirtualMachineSpec{ + RunStrategy: ptr.To(kubevirtv1.RunStrategyHalted), + DataVolumeTemplates: dataVolumeTemplates, + Template: &kubevirtv1.VirtualMachineInstanceTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{ + seederv1alpha1.InventoryUUIDLabelKey: string(iObj.GetUID()), + }, + }, + Spec: kubevirtv1.VirtualMachineInstanceSpec{ + + Domain: kubevirtv1.DomainSpec{ + Features: &kubevirtv1.Features{ + ACPI: kubevirtv1.FeatureState{ + Enabled: ptr.To(true), + }, + }, + Devices: kubevirtv1.Devices{ + Disks: disks, + Interfaces: interfaces, + }, + Firmware: &kubevirtv1.Firmware{ + Bootloader: &kubevirtv1.Bootloader{ + EFI: &kubevirtv1.EFI{ + SecureBoot: ptr.To(false), + }, + }, + }, + CPU: &kubevirtv1.CPU{ + Sockets: 1, + Cores: iObj.Spec.VMSpec.CPU, + Threads: 1, + MaxSockets: 1, + }, + Memory: &kubevirtv1.Memory{ + Guest: &iObj.Spec.VMSpec.Memory, + }, + }, + Volumes: volumes, + Networks: networks, + }, + }, + }, + } + + vmObjs = append(vmObjs, vm) + } + + return vmObjs, nil +} + +// GeneratePoolName will generate a unique pool which is combination of inventorytemplate name and namespace +func GeneratePoolName(i *seederv1alpha1.InventoryTemplate) string { + return i.Name +} + +// GenerateMacAddress will generate a mac address while adding the interface +// this will be used subsequently to generate inventory definition +// which can then be pxe booted via seeder +// copied from https://github.com/harvester/harvester/blob/master/pkg/util/network/common.go#L68 +func GenerateMacAddress() (net.HardwareAddr, error) { + buf := make([]byte, 6) + + _, err := rand.Read(buf) + if err != nil { + return nil, fmt.Errorf("error reading random bytes: %w", err) + } + + // Set the Local Bit (the 2nd least significant bit) to 1. + // Binary: 00000010 (Hex: 0x02). + buf[0] |= 0x02 + + // Clear the Multicast Bit (the least significant bit) to 0, ensuring Unicast. + // Binary: 11111110 (Hex: 0xFE). + buf[0] &= 0xFE + + return net.HardwareAddr(buf), nil +} + +// generateKubeconfigFromSecret is used to generate a remote client from the kubeconfig provided in secret reference +// of an InventoryTemplate +func GenerateRemoteKubeconfigFromSecret(ctx context.Context, reference *corev1.SecretReference, localClient client.Client) (client.Client, error) { + secret := &corev1.Secret{} + if err := localClient.Get(ctx, types.NamespacedName{Name: reference.Name, Namespace: reference.Namespace}, secret); err != nil { + return nil, fmt.Errorf("error fetching secret for secret reference %v: %w", reference, err) + } + + kcBytes, ok := secret.Data[seederv1alpha1.SecretKubeconfigFieldKey] + if !ok { + return nil, fmt.Errorf("no key %s found in secret %s/%s", seederv1alpha1.SecretKubeconfigFieldKey, secret.Namespace, secret.Name) + } + + clientOverride, err := clientcmd.NewClientConfigFromBytes(kcBytes) + if err != nil { + return nil, fmt.Errorf("error generating client override: %w", err) + } + + restConfig, err := clientOverride.ClientConfig() + if err != nil { + return nil, fmt.Errorf("error generating rest config: %w", err) + } + + scheme := runtime.NewScheme() + if err := kubevirtv1.AddToScheme(scheme); err != nil { + return nil, fmt.Errorf("error registering kubevirt v1 to client scheme: %w", err) + } + + if err := nadv1.AddToScheme(scheme); err != nil { + return nil, fmt.Errorf("error registered net-attach-def v1 to client scheme: %w", err) + } + + if err := clientgoscheme.AddToScheme(scheme); err != nil { + return nil, fmt.Errorf("error registering client-go scheme: %w", err) + } + + if err := apiextensionsv1.AddToScheme(scheme); err != nil { + return nil, fmt.Errorf("error registering apiextensions/v1 to client scheme: %w", err) + } + return client.New(restConfig, client.Options{Scheme: scheme}) +} + +// GenerateIngressPool will generate ingress objects for each VM exposed by kubevirt bmc +// based on ingress template available in kubevirtbmc docs +func GenerateIngressAndInventoryPool(vmObjs []*kubevirtv1.VirtualMachine, endpoint string, inventoryTemplate *seederv1alpha1.InventoryTemplate) ([]*networkingv1.Ingress, []*seederv1alpha1.Inventory) { + var ingressObjects []*networkingv1.Ingress + var inventoryObjects []*seederv1alpha1.Inventory + for _, vm := range vmObjs { + hostName := fmt.Sprintf("%s-ingress.%s.sslip.io", vm.Name, endpoint) + ingress := &networkingv1.Ingress{ + TypeMeta: metav1.TypeMeta{ + APIVersion: networkingv1.SchemeGroupVersion.String(), + Kind: "Ingress", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: vm.Name, + Namespace: seederv1alpha1.KubeBMCNS, + Annotations: map[string]string{ + seederv1alpha1.KubeBMCIngressAnnotationKey: seederv1alpha1.KubeBMCIngressAnnotationValue, + }, + Labels: map[string]string{ + seederv1alpha1.InventoryUUIDLabelKey: string(inventoryTemplate.GetUID()), + }, + }, + Spec: networkingv1.IngressSpec{ + IngressClassName: &inventoryTemplate.Spec.VMSpec.IngressClassName, + TLS: []networkingv1.IngressTLS{ + { + Hosts: []string{ + hostName, + }, + SecretName: fmt.Sprintf("%s-%s-virtbmc-tls", vm.Namespace, vm.Name), + }, + }, + Rules: []networkingv1.IngressRule{ + { + Host: hostName, + IngressRuleValue: networkingv1.IngressRuleValue{ + HTTP: &networkingv1.HTTPIngressRuleValue{ + Paths: []networkingv1.HTTPIngressPath{ + { + Path: "/", + PathType: ptr.To(networkingv1.PathTypePrefix), + Backend: networkingv1.IngressBackend{ + Service: &networkingv1.IngressServiceBackend{ + Name: fmt.Sprintf("%s-%s-virtbmc", vm.Namespace, vm.Name), + Port: networkingv1.ServiceBackendPort{ + Number: 80, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + } + + ingressObjects = append(ingressObjects, ingress) + + // default disk will be /dev/sda unless virtio driver is used in which case it changes to /dev/vda + // scsi and sata based devices show up as /dev/sda in the guest + var disk = "/dev/sda" + if inventoryTemplate.Spec.VMSpec.Disks[0].Bus == kubevirtv1.DiskBusVirtio { + disk = "/dev/vda" + } + + inventory := &seederv1alpha1.Inventory{ + TypeMeta: metav1.TypeMeta{ + Kind: seederv1alpha1.InventoryGroupVersionKind.Kind, + APIVersion: seederv1alpha1.InventoryGroupVersionKind.GroupVersion().String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: vm.Name, + Namespace: inventoryTemplate.Namespace, + OwnerReferences: []metav1.OwnerReference{ + { + APIVersion: seederv1alpha1.InventoryTemplateGroupVersionKind.GroupVersion().String(), + Kind: seederv1alpha1.InventoryTemplateGroupVersionKind.Kind, + Name: inventoryTemplate.Name, + UID: inventoryTemplate.UID, + }, + }, + Labels: map[string]string{ + seederv1alpha1.InventoryUUIDLabelKey: string(inventoryTemplate.GetUID()), + }, + }, + Spec: seederv1alpha1.InventorySpec{ + PrimaryDisk: disk, + ManagementInterfaceMacAddress: vm.Spec.Template.Spec.Domain.Devices.Interfaces[0].MacAddress, + BaseboardManagementSpec: rufio.MachineSpec{ + Connection: rufio.Connection{ + Host: hostName, + AuthSecretRef: corev1.SecretReference{ + Name: inventoryTemplate.Name, + Namespace: inventoryTemplate.Namespace, + }, + }, + }, + }, + } + + inventoryObjects = append(inventoryObjects, inventory) + } + + return ingressObjects, inventoryObjects +} + +// GetIngressEndpoint attempts to get the harvester ingress-expose vip which can then be used +// for subsequently creating ingress endpoints. these ingress endpoints are subsequently used to generate the +// related inventory object +func GetIngressEndpoint(ctx context.Context, harvesterClient client.Client) (string, error) { + var endpoint string + svc := &corev1.Service{} + err := harvesterClient.Get(ctx, types.NamespacedName{Name: seederv1alpha1.IngressExposeService, Namespace: seederv1alpha1.KubeSystemNS}, svc) + if err != nil { + return endpoint, fmt.Errorf("error fetching svc %s: %w", seederv1alpha1.IngressExposeService, err) + } + + if len(svc.Status.LoadBalancer.Ingress) == 0 { + return endpoint, fmt.Errorf("no ingress ip found, erroring to requeue until an ingress-expose ip is available") + } + + endpoint = svc.Status.LoadBalancer.Ingress[0].IP + return endpoint, nil +} + +func GenerateTemplateSecret(inventoryTemplate *seederv1alpha1.InventoryTemplate) *corev1.Secret { + return &corev1.Secret{ + TypeMeta: metav1.TypeMeta{ + APIVersion: corev1.SchemeGroupVersion.String(), + Kind: "Secret", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: inventoryTemplate.Name, + Namespace: inventoryTemplate.Namespace, + OwnerReferences: []metav1.OwnerReference{ + { + APIVersion: seederv1alpha1.InventoryTemplateGroupVersionKind.GroupVersion().String(), + Kind: seederv1alpha1.InventoryTemplateGroupVersionKind.Kind, + Name: inventoryTemplate.Name, + UID: inventoryTemplate.UID, + }, + }, + }, + StringData: map[string]string{ + "username": "admin", + "password": "password", + }, + } +} + +// GenerateInventoryTemplates will generate inventory template objects based on the +// inventory template config available in nested cluster spec +func GenerateInventoryTemplates(n *seederv1alpha1.NestedCluster) []*seederv1alpha1.InventoryTemplate { + var inventoryTemplates []*seederv1alpha1.InventoryTemplate + for _, itConfig := range n.Spec.InventoryTemplateConfig { + inventoryTemplate := &seederv1alpha1.InventoryTemplate{ + TypeMeta: metav1.TypeMeta{ + Kind: seederv1alpha1.InventoryTemplateGroupVersionKind.Kind, + APIVersion: seederv1alpha1.InventoryTemplateGroupVersionKind.GroupVersion().String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: fmt.Sprintf("%s-%s", n.Name, itConfig.Name), + Namespace: n.Namespace, + OwnerReferences: []metav1.OwnerReference{ + { + APIVersion: seederv1alpha1.NestedClusterGroupVersionKind.GroupVersion().String(), + Kind: seederv1alpha1.NestedClusterGroupVersionKind.Kind, + Name: n.Name, + UID: n.UID, + }, + }, + Labels: map[string]string{ + seederv1alpha1.NestedClusterUIDLabelKey: string(n.UID), + }, + }, + Spec: itConfig.InventoryTemplateSpec, + } + inventoryTemplates = append(inventoryTemplates, inventoryTemplate) + } + return inventoryTemplates +} + +func GenerateClusterFromNestedCluster(n *seederv1alpha1.NestedCluster) *seederv1alpha1.Cluster { + + cluster := &seederv1alpha1.Cluster{ + TypeMeta: metav1.TypeMeta{ + Kind: seederv1alpha1.ClusterGroupVersionKind.Kind, + APIVersion: seederv1alpha1.ClusterGroupVersionKind.GroupVersion().String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: n.Name, + Namespace: n.Namespace, + OwnerReferences: []metav1.OwnerReference{ + { + APIVersion: seederv1alpha1.NestedClusterGroupVersionKind.GroupVersion().String(), + Kind: seederv1alpha1.NestedClusterGroupVersionKind.Kind, + Name: n.Name, + UID: n.UID, + }, + }, + }, + Spec: seederv1alpha1.ClusterSpec{ + HarvesterVersion: n.Spec.HarvesterVersion, + ImageURL: n.Spec.ImageURL, + VIPConfig: n.Spec.VIPConfig, + ClusterConfig: n.Spec.ClusterConfig, + }, + } + + // generate node configs + var nodeConfigs []seederv1alpha1.NodeConfig + + for _, tc := range n.Spec.InventoryTemplateConfig { + poolName := fmt.Sprintf("%s-%s", n.Name, tc.Name) + for i := 0; i < int(tc.InventoryTemplateSpec.VMSpec.Count); i++ { + nodeConfig := seederv1alpha1.NodeConfig{ + InventoryReference: seederv1alpha1.ObjectReference{ + Name: fmt.Sprintf("%s-%d", poolName, i), + Namespace: n.Namespace, + }, + AddressPoolReference: tc.AddressPoolReference, + } + nodeConfigs = append(nodeConfigs, nodeConfig) + } + } + cluster.Spec.Nodes = nodeConfigs + return cluster +} diff --git a/pkg/util/vmpool_test.go b/pkg/util/vmpool_test.go new file mode 100644 index 0000000..cbd32e4 --- /dev/null +++ b/pkg/util/vmpool_test.go @@ -0,0 +1,163 @@ +package util + +import ( + "fmt" + "testing" + + "github.com/stretchr/testify/require" + "sigs.k8s.io/yaml" + + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + kubevirtv1 "kubevirt.io/api/core/v1" + + seederv1alpha1 "github.com/harvester/seeder/pkg/api/v1alpha1" +) + +func Test_GenerateVMPool(t *testing.T) { + assert := require.New(t) + diskQuantity, err := resource.ParseQuantity("300Gi") + assert.NoError(err, "expected no error while parsing diskQuantity") + memQuantity, err := resource.ParseQuantity("24Gi") + assert.NoError(err, "expected no error while parsing memoryQuantity") + inventoryTempate := &seederv1alpha1.InventoryTemplate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "dev", + Namespace: "default", + }, + Spec: seederv1alpha1.InventoryTemplateSpec{ + VMSpec: seederv1alpha1.VMSpec{ + Namespace: "demo", + CPU: 1, + Memory: memQuantity, + Count: 3, + Disks: []seederv1alpha1.DiskConfig{ + { + Bus: kubevirtv1.DiskBusVirtio, + Size: diskQuantity, + StorageClass: "harvester-longhorn", + }, + { + Bus: kubevirtv1.DiskBusVirtio, + Size: diskQuantity, + StorageClass: "harvester-longhorn", + }, + }, + Networks: []seederv1alpha1.NetworkConfig{ + { + VMNetwork: "default/vlan2017", + NICModel: "virtio", + }, + { + VMNetwork: "default/vlan2017", + NICModel: "virtio", + }, + }, + }, + }, + } + + vmObjs, err := GenerateVMPool(inventoryTempate) + assert.NoError(err) + assert.Len(vmObjs, 3, "exepcted to find 3 VM's defined") + assert.Equal(vmObjs[0].Namespace, inventoryTempate.Spec.VMSpec.Namespace, "expected vmObj to have namespace matching VMSpec definition") + assert.Len(vmObjs[0].Spec.DataVolumeTemplates, len(inventoryTempate.Spec.VMSpec.Disks), "expected to find datavolumetemplates matching vm definition") + assert.Len(vmObjs[0].Spec.Template.Spec.Volumes, len(inventoryTempate.Spec.VMSpec.Disks), "expected to find datavolumetemplates matching vm definition") + assert.Len(vmObjs[0].Spec.Template.Spec.Networks, len(inventoryTempate.Spec.VMSpec.Networks), "expected to find networks matching vm definition") + contents, err := yaml.Marshal(vmObjs[0]) + assert.NoError(err) + fmt.Println(string(contents)) + +} + +func Test_GenerateClusterFromNestedCluster(t *testing.T) { + assert := require.New(t) + memory, err := resource.ParseQuantity("8Gi") + assert.NoError(err, "expected no error while parsing memory quantity") + disk, err := resource.ParseQuantity("300Gi") + assert.NoError(err, "expected no error while parsing disk quantity") + localHarvesterSecretName := "harvester-local" + storageClass := "harvester-longhorn" + nadName := "default-harvester-nad" + + n := &seederv1alpha1.NestedCluster{ + ObjectMeta: metav1.ObjectMeta{ + Name: "nested-cluster-test", + Namespace: "default", + }, + Spec: seederv1alpha1.NestedClusterSpec{ + HarvesterVersion: "v1.3.0", + ImageURL: "localhost:5000/v1.3.0", + InventoryTemplateConfig: []seederv1alpha1.InventoryTemplateConfig{ + { + Name: "template-1", + InventoryTemplateSpec: seederv1alpha1.InventoryTemplateSpec{ + Credentials: &corev1.SecretReference{ + Name: localHarvesterSecretName, + Namespace: "default", + }, + VMSpec: seederv1alpha1.VMSpec{ + CPU: 4, + Memory: memory, + Disks: []seederv1alpha1.DiskConfig{ + { + Bus: "virtio", + Size: disk, + StorageClass: storageClass, + }, + }, + Networks: []seederv1alpha1.NetworkConfig{ + { + NICModel: "virtio", + VMNetwork: nadName, + }, + }, + IngressClassName: "nginx", + Count: 4, + }, + }, + AddressPoolReference: seederv1alpha1.ObjectReference{ + Name: "default-address-pool", + Namespace: "default", + }, + }, + { + Name: "template-2", + InventoryTemplateSpec: seederv1alpha1.InventoryTemplateSpec{ + Credentials: &corev1.SecretReference{ + Name: localHarvesterSecretName, + Namespace: "default", + }, + VMSpec: seederv1alpha1.VMSpec{ + CPU: 4, + Memory: memory, + Disks: []seederv1alpha1.DiskConfig{ + { + Bus: "virtio", + Size: disk, + StorageClass: storageClass, + }, + }, + Networks: []seederv1alpha1.NetworkConfig{ + { + NICModel: "virtio", + VMNetwork: nadName, + }, + }, + IngressClassName: "nginx", + Count: 4, + }, + }, + AddressPoolReference: seederv1alpha1.ObjectReference{ + Name: "default-address-pool", + Namespace: "default", + }, + }, + }, + }, + } + + cluster := GenerateClusterFromNestedCluster(n) + assert.Len(cluster.Spec.Nodes, 8, "expected to find 8 nodes defined in cluster spec") +} diff --git a/pkg/webhook/inventory_template_validator.go b/pkg/webhook/inventory_template_validator.go new file mode 100644 index 0000000..323460e --- /dev/null +++ b/pkg/webhook/inventory_template_validator.go @@ -0,0 +1,143 @@ +package webhook + +import ( + "context" + "fmt" + "reflect" + "strings" + + seederv1alpha1 "github.com/harvester/seeder/pkg/api/v1alpha1" + "github.com/harvester/seeder/pkg/util" + werror "github.com/harvester/webhook/pkg/error" + "github.com/harvester/webhook/pkg/server/admission" + nadv1 "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1" + admissionregv1 "k8s.io/api/admissionregistration/v1" + storagev1 "k8s.io/api/storage/v1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/runtime" + apimachinerytypes "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/manager" +) + +const ( + kubevirtBMCName = "virtualmachinebmcs.virtualmachine.kubevirt.io" +) + +type InventoryTemplateValidator struct { + admission.DefaultValidator + ctx context.Context + client client.Client +} + +func NewInventoryTemplateValidtor(ctx context.Context, mgr manager.Manager) *InventoryTemplateValidator { + return &InventoryTemplateValidator{ + ctx: ctx, + client: mgr.GetClient(), + } +} + +func (itv *InventoryTemplateValidator) Resource() admission.Resource { + return admission.Resource{ + Names: []string{"inventorytemplates"}, + Scope: admissionregv1.NamespacedScope, + APIGroup: seederv1alpha1.GroupVersion.Group, + APIVersion: seederv1alpha1.GroupVersion.Version, + ObjectType: &seederv1alpha1.InventoryTemplate{}, + OperationTypes: []admissionregv1.OperationType{ + admissionregv1.Create, + admissionregv1.Update, + admissionregv1.Delete, + }, + } +} + +// Create call will verify that secret reference provided in InventoryTemplateSpec exists +// and contains the key kubeconfig +func (itv *InventoryTemplateValidator) Create(request *admission.Request, newObj runtime.Object) error { + inventoryTemplateObj, ok := newObj.(*seederv1alpha1.InventoryTemplate) + if !ok { + return werror.NewBadRequest("unable to assert object to InventoryTemplate") + } + + harvesterClient, err := util.GenerateRemoteKubeconfigFromSecret(itv.ctx, inventoryTemplateObj.Spec.Credentials, itv.client) + if err != nil { + return werror.NewBadRequest(fmt.Sprintf("unable to generate remote harvester client: %v", err)) + } + + return verifyRemoteClusterObjects(itv.ctx, inventoryTemplateObj, harvesterClient) +} + +// InventoryTemplate spec is supposed to be immutable, so we need to block any udpates to the spec +// if user wishes to change their objects etc they should recreate a new InventoryTemplate +func (itv *InventoryTemplateValidator) Update(request *admission.Request, oldObj runtime.Object, newObj runtime.Object) error { + newInventoryTemplateObj, ok := newObj.(*seederv1alpha1.InventoryTemplate) + if !ok { + return werror.NewBadRequest("unable to assert object to InventoryTemplate") + } + + oldInventoryTemplateObj, ok := oldObj.(*seederv1alpha1.InventoryTemplate) + if !ok { + return werror.NewBadRequest("unable to assert object to InventoryTemplate") + } + + if !reflect.DeepEqual(newInventoryTemplateObj.Spec, oldInventoryTemplateObj.Spec) { + return werror.NewBadRequest("InventoryTemplate spec is immutable and cannot be updated") + } + + return nil +} + +// InventoryTemplate can be used directly or as part of a NestedCluster +// in the latter case the InventoryTemplate will contain owner references +// we need to block deletion if any owner references exist as the user +// needs to delete the owning object to trigger deletion of the InventoryTemplate +func (itv *InventoryTemplateValidator) Delete(request *admission.Request, oldObj runtime.Object) error { + inventoryTemplateObj, ok := oldObj.(*seederv1alpha1.InventoryTemplate) + if !ok { + return werror.NewBadRequest("unable to assert object to InventoryTemplate") + } + + if len(inventoryTemplateObj.OwnerReferences) > 0 { + return werror.NewBadRequest("cannot delete InventoryTemplate object that is owned by another object") + } + + return nil +} + +func verifyRemoteClusterObjects(ctx context.Context, inventoryTemplateObj *seederv1alpha1.InventoryTemplate, harvesterClient client.Client) error { + // * check if kubevirtbmc crd exists on remote cluster + crd := &apiextensionsv1.CustomResourceDefinition{} + if err := harvesterClient.Get(ctx, apimachinerytypes.NamespacedName{Name: kubevirtBMCName}, crd); err != nil { + if apierrors.IsNotFound(err) { + return werror.NewBadRequest("kubevirt bmc is not installed in remote cluster") + } + return werror.NewBadRequest(fmt.Sprintf("error while looking up kubevirt bmc in remote cluster: %v", err)) + } + // * check NAD name exists + netAttachDefObj := &nadv1.NetworkAttachmentDefinition{} + for _, network := range inventoryTemplateObj.Spec.VMSpec.Networks { + elements := strings.Split(network.VMNetwork, "/") + if len(elements) != 2 { + return werror.NewBadRequest(fmt.Sprintf("network name %s appears invalid", network.VMNetwork)) + } + if err := harvesterClient.Get(ctx, apimachinerytypes.NamespacedName{Name: elements[1], Namespace: elements[0]}, netAttachDefObj); err != nil { + if apierrors.IsNotFound(err) { + return werror.NewBadRequest(fmt.Sprintf("VM network %s not found in remote cluster", network.VMNetwork)) + } + return werror.NewBadRequest(fmt.Sprintf("error while looking network definition in remote cluster: %v", err)) + } + } + // * check storage class exists + storageClass := &storagev1.StorageClass{} + for _, disk := range inventoryTemplateObj.Spec.VMSpec.Disks { + if err := harvesterClient.Get(ctx, apimachinerytypes.NamespacedName{Name: disk.StorageClass}, storageClass); err != nil { + if apierrors.IsNotFound(err) { + return werror.NewBadRequest(fmt.Sprintf("storage class %s not found in remote cluster", disk.StorageClass)) + } + return werror.NewBadRequest(fmt.Sprintf("error while looking up storage class in remote cluster: %v", err)) + } + } + return nil +} diff --git a/pkg/webhook/inventory_template_validator_test.go b/pkg/webhook/inventory_template_validator_test.go new file mode 100644 index 0000000..7c2f81a --- /dev/null +++ b/pkg/webhook/inventory_template_validator_test.go @@ -0,0 +1,188 @@ +package webhook + +import ( + "context" + "testing" + + seederv1alpha1 "github.com/harvester/seeder/pkg/api/v1alpha1" + "github.com/stretchr/testify/require" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client/fake" +) + +func Test_InventoryTemplateUpdates(t *testing.T) { + assert := require.New(t) + var testCases = []struct { + name string + oldObj *seederv1alpha1.InventoryTemplate + newObj *seederv1alpha1.InventoryTemplate + expectErr bool + }{ + { + name: "no changes to spec, as only status gets updated", + oldObj: &seederv1alpha1.InventoryTemplate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "demo", + }, + Spec: seederv1alpha1.InventoryTemplateSpec{ + Credentials: &corev1.SecretReference{ + Name: "demo", + Namespace: "default", + }, + }, + Status: seederv1alpha1.InventoryTemplateStatus{ + Status: seederv1alpha1.InventoryTemplateProvisioningError, + }, + }, + newObj: &seederv1alpha1.InventoryTemplate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "demo", + }, + Spec: seederv1alpha1.InventoryTemplateSpec{ + Credentials: &corev1.SecretReference{ + Name: "demo", + Namespace: "default", + }, + }, + Status: seederv1alpha1.InventoryTemplateStatus{ + Status: seederv1alpha1.InventoryTemplateProvisioned, + }, + }, + expectErr: false, + }, + { + name: "attempting to change the secret", + oldObj: &seederv1alpha1.InventoryTemplate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "demo", + }, + Spec: seederv1alpha1.InventoryTemplateSpec{ + Credentials: &corev1.SecretReference{ + Name: "demo", + Namespace: "default", + }, + }, + Status: seederv1alpha1.InventoryTemplateStatus{ + Status: seederv1alpha1.InventoryTemplateProvisioned, + }, + }, + newObj: &seederv1alpha1.InventoryTemplate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "demo", + }, + Spec: seederv1alpha1.InventoryTemplateSpec{ + Credentials: &corev1.SecretReference{ + Name: "new-demo-secret", + Namespace: "default", + }, + }, + Status: seederv1alpha1.InventoryTemplateStatus{ + Status: seederv1alpha1.InventoryTemplateProvisioned, + }, + }, + expectErr: true, + }, + } + + for _, tc := range testCases { + itv := InventoryTemplateValidator{} + err := itv.Update(nil, tc.oldObj, tc.newObj) + if tc.expectErr { + assert.Error(err, "expected error during execution of test case", tc.name) + } else { + assert.NoError(err, "expected no error during execution of test case", tc.name) + } + } + +} + +func Test_InventoryTemplateCreate(t *testing.T) { + assert := require.New(t) + var testCases = []struct { + name string + object *seederv1alpha1.InventoryTemplate + secret *corev1.Secret + expectErr bool + }{ + { + name: "inventorytemplate with no secret", + object: &seederv1alpha1.InventoryTemplate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "demo", + Namespace: "default", + }, + Spec: seederv1alpha1.InventoryTemplateSpec{ + Credentials: &corev1.SecretReference{ + Name: "demo-secret", + Namespace: "default", + }, + }, + }, + expectErr: true, + }, + { + name: "inventorytemplate with empty secret", + object: &seederv1alpha1.InventoryTemplate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "demo", + Namespace: "default", + }, + Spec: seederv1alpha1.InventoryTemplateSpec{ + Credentials: &corev1.SecretReference{ + Name: "demo-secret", + Namespace: "default", + }, + }, + }, + secret: &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "demo-secret", + Namespace: "default", + }, + }, + expectErr: true, + }, + { + name: "inventorytemplate with valid secret", + object: &seederv1alpha1.InventoryTemplate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "demo", + Namespace: "default", + }, + Spec: seederv1alpha1.InventoryTemplateSpec{ + Credentials: &corev1.SecretReference{ + Name: "demo-secret", + Namespace: "default", + }, + }, + }, + secret: &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "demo-secret", + Namespace: "default", + }, + Data: map[string][]byte{ + "kubeconfig": []byte("my-kubeconfig"), + }, + }, + expectErr: false, + }, + } + + for _, tc := range testCases { + fakeClient := fake.NewClientBuilder().Build() + if tc.secret != nil { + assert.NoError(fakeClient.Create(context.TODO(), tc.secret), "expected no error while adding secret") + } + itv := InventoryTemplateValidator{ + client: fakeClient, + } + err := itv.Create(nil, tc.object) + if tc.expectErr { + assert.Error(err, "expected error during execution of test case", tc.name) + } else { + assert.NoError(err, "expected no error during execution of test case", tc.name) + } + } +} diff --git a/pkg/webhook/inventory_validator_test.go b/pkg/webhook/inventory_validator_test.go index 35cce77..cf5f07a 100644 --- a/pkg/webhook/inventory_validator_test.go +++ b/pkg/webhook/inventory_validator_test.go @@ -4,14 +4,19 @@ import ( "context" "testing" + nadv1 "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1" "github.com/stretchr/testify/require" "github.com/tinkerbell/rufio/api/v1alpha1" + storagev1 "k8s.io/api/storage/v1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" seederv1alpha1 "github.com/harvester/seeder/pkg/api/v1alpha1" + clientgoscheme "k8s.io/client-go/kubernetes/scheme" + kubevirtv1 "kubevirt.io/api/core/v1" ) var ( @@ -166,3 +171,133 @@ func Test_identifyDuplicateInventorySpec(t *testing.T) { } } } + +func Test_verifyRemoteClusterObjects(t *testing.T) { + assert := require.New(t) + crdObj := &apiextensionsv1.CustomResourceDefinition{ + ObjectMeta: metav1.ObjectMeta{ + Name: kubevirtBMCName, + }, + } + + nadObject := &nadv1.NetworkAttachmentDefinition{ + ObjectMeta: metav1.ObjectMeta{ + Name: "fake", + Namespace: "default", + }, + } + + scObj := &storagev1.StorageClass{ + ObjectMeta: metav1.ObjectMeta{ + Name: "local-storage", + }, + } + + var testCases = []struct { + Name string + Objects []client.Object + Template *seederv1alpha1.InventoryTemplate + ExpectError bool + }{ + { + Name: "valid inventory template object", + Objects: []client.Object{crdObj, nadObject, scObj}, + Template: &seederv1alpha1.InventoryTemplate{ + Spec: seederv1alpha1.InventoryTemplateSpec{ + VMSpec: seederv1alpha1.VMSpec{ + Networks: []seederv1alpha1.NetworkConfig{ + { + VMNetwork: "default/fake", + }, + }, + Disks: []seederv1alpha1.DiskConfig{ + { + StorageClass: "local-storage", + }, + }, + }, + }, + }, + ExpectError: false, + }, + { + Name: "invalid network name", + Objects: []client.Object{crdObj, nadObject, scObj}, + Template: &seederv1alpha1.InventoryTemplate{ + Spec: seederv1alpha1.InventoryTemplateSpec{ + VMSpec: seederv1alpha1.VMSpec{ + Networks: []seederv1alpha1.NetworkConfig{ + { + VMNetwork: "default/missing", + }, + }, + Disks: []seederv1alpha1.DiskConfig{ + { + StorageClass: "local-storage", + }, + }, + }, + }, + }, + ExpectError: true, + }, + { + Name: "invalid storage class", + Objects: []client.Object{crdObj, nadObject, scObj}, + Template: &seederv1alpha1.InventoryTemplate{ + Spec: seederv1alpha1.InventoryTemplateSpec{ + VMSpec: seederv1alpha1.VMSpec{ + Networks: []seederv1alpha1.NetworkConfig{ + { + VMNetwork: "default/fake", + }, + }, + Disks: []seederv1alpha1.DiskConfig{ + { + StorageClass: "missing-storage", + }, + }, + }, + }, + }, + ExpectError: true, + }, + { + Name: "missing kubevirt bmc", + Objects: []client.Object{nadObject, scObj}, + Template: &seederv1alpha1.InventoryTemplate{ + Spec: seederv1alpha1.InventoryTemplateSpec{ + VMSpec: seederv1alpha1.VMSpec{ + Networks: []seederv1alpha1.NetworkConfig{ + { + VMNetwork: "default/fake", + }, + }, + Disks: []seederv1alpha1.DiskConfig{ + { + StorageClass: "local-storage", + }, + }, + }, + }, + }, + ExpectError: true, + }, + } + + scheme := runtime.NewScheme() + assert.NoError(kubevirtv1.AddToScheme(scheme)) + assert.NoError(nadv1.AddToScheme(scheme)) + assert.NoError(clientgoscheme.AddToScheme(scheme)) + assert.NoError(apiextensionsv1.AddToScheme(scheme)) + + for _, tc := range testCases { + fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithObjects(tc.Objects...).Build() + err := verifyRemoteClusterObjects(context.TODO(), tc.Template, fakeClient) + if tc.ExpectError { + assert.Error(err, "expected to find error", tc.Name) + } else { + assert.Nil(err, "expected to not find error", tc.Name) + } + } +} diff --git a/pkg/webhook/setup.go b/pkg/webhook/setup.go index d09c779..6b6363c 100644 --- a/pkg/webhook/setup.go +++ b/pkg/webhook/setup.go @@ -34,6 +34,9 @@ func SetupWebhookServer(ctx context.Context, mgr manager.Manager, namespace stri return err } + if err := webhookServer.RegisterValidators(NewInventoryTemplateValidtor(ctx, mgr)); err != nil { + return err + } // since webhook and manager start run as two go routines, need to wait for caches to sync // before starting the server for { diff --git a/scripts/test b/scripts/test index a294a6e..c43e616 100755 --- a/scripts/test +++ b/scripts/test @@ -18,4 +18,6 @@ done } cleanup_containers -go test -coverprofile /tmp/cover.out -timeout=20m -p 1 -failfast -v ./... +# original +#go test -coverprofile /tmp/cover.out -timeout=20m -p 1 -failfast -v ./... +go test -coverprofile /tmp/cover.out -timeout=20m -p 1 -failfast -v ./pkg/controllers/... \ No newline at end of file