-
-
Save j-griffith/a268e9f6310bdae444395057a732fff7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| labels: | |
| control-plane: controller-manager | |
| name: nvcloud-system | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| controller-gen.kubebuilder.io/version: v0.4.1 | |
| creationTimestamp: null | |
| name: nuclei.omniverse.nvidia.io | |
| spec: | |
| group: omniverse.nvidia.io | |
| names: | |
| kind: Nucleus | |
| listKind: NucleusList | |
| plural: nuclei | |
| singular: nucleus | |
| scope: Namespaced | |
| versions: | |
| - additionalPrinterColumns: | |
| - description: The service URL/IP the nucleus services are available on | |
| jsonPath: .status.NucleusEndpoint | |
| name: Endpoint | |
| type: string | |
| - description: Indicates whether the nucleus object is configured to use persistent data or not | |
| jsonPath: .spec.ephemeralData | |
| name: Ephemeral_Data | |
| type: boolean | |
| - description: The current status of the Nucleus custom object | |
| jsonPath: .status.status | |
| name: Status | |
| type: string | |
| name: v1alpha1 | |
| schema: | |
| openAPIV3Schema: | |
| description: Nucleus is the Schema for the nuclei API | |
| properties: | |
| apiVersion: | |
| description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| type: string | |
| kind: | |
| description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: NucleusSpec defines the desired state of Nucleus | |
| properties: | |
| authDataClaimName: | |
| description: AuthDataClaimName allows you to specify an existing PVC to use as the omni/data volume. If omitted a claim will be created using the nucleus instance name. NOTE Claims will be preserved when deleting nucleus objects | |
| type: string | |
| dataClaimName: | |
| description: DataClaimName allows you to specify an existing PVC to use as the omni/data volume. If omitted a claim will be created using the nucleus instance name. NOTE Claims will be preserved when deleting nucleus objects | |
| type: string | |
| dataVolumeSize: | |
| description: DataVolumeSize is the requested size of the data volume for this deployment in string/Gi notation (defaults to 100Gi) | |
| type: string | |
| ephemeralData: | |
| type: boolean | |
| images: | |
| description: Images provides an option to specify customizations to the container images that are used to create a nucleus deployment. If omitted we use the standard images and settings for the Nucleus Cloud version specified | |
| properties: | |
| api: | |
| description: ContainerSpec defines the needed parameters for our nucleus containers | |
| properties: | |
| image: | |
| type: string | |
| name: | |
| type: string | |
| ports: | |
| items: | |
| type: string | |
| type: array | |
| restart: | |
| type: string | |
| type: object | |
| auth: | |
| description: ContainerSpec defines the needed parameters for our nucleus containers | |
| properties: | |
| image: | |
| type: string | |
| name: | |
| type: string | |
| ports: | |
| items: | |
| type: string | |
| type: array | |
| restart: | |
| type: string | |
| type: object | |
| discovery: | |
| description: ContainerSpec defines the needed parameters for our nucleus containers | |
| properties: | |
| image: | |
| type: string | |
| name: | |
| type: string | |
| ports: | |
| items: | |
| type: string | |
| type: array | |
| restart: | |
| type: string | |
| type: object | |
| lft: | |
| description: ContainerSpec defines the needed parameters for our nucleus containers | |
| properties: | |
| image: | |
| type: string | |
| name: | |
| type: string | |
| ports: | |
| items: | |
| type: string | |
| type: array | |
| restart: | |
| type: string | |
| type: object | |
| logProcessor: | |
| description: ContainerSpec defines the needed parameters for our nucleus containers | |
| properties: | |
| image: | |
| type: string | |
| name: | |
| type: string | |
| ports: | |
| items: | |
| type: string | |
| type: array | |
| restart: | |
| type: string | |
| type: object | |
| logRotate: | |
| description: ContainerSpec defines the needed parameters for our nucleus containers | |
| properties: | |
| image: | |
| type: string | |
| name: | |
| type: string | |
| ports: | |
| items: | |
| type: string | |
| type: array | |
| restart: | |
| type: string | |
| type: object | |
| monpx: | |
| description: ContainerSpec defines the needed parameters for our nucleus containers | |
| properties: | |
| image: | |
| type: string | |
| name: | |
| type: string | |
| ports: | |
| items: | |
| type: string | |
| type: array | |
| restart: | |
| type: string | |
| type: object | |
| resolverCache: | |
| description: ContainerSpec defines the needed parameters for our nucleus containers | |
| properties: | |
| image: | |
| type: string | |
| name: | |
| type: string | |
| ports: | |
| items: | |
| type: string | |
| type: array | |
| restart: | |
| type: string | |
| type: object | |
| search: | |
| description: ContainerSpec defines the needed parameters for our nucleus containers | |
| properties: | |
| image: | |
| type: string | |
| name: | |
| type: string | |
| ports: | |
| items: | |
| type: string | |
| type: array | |
| restart: | |
| type: string | |
| type: object | |
| snapshot: | |
| description: ContainerSpec defines the needed parameters for our nucleus containers | |
| properties: | |
| image: | |
| type: string | |
| name: | |
| type: string | |
| ports: | |
| items: | |
| type: string | |
| type: array | |
| restart: | |
| type: string | |
| type: object | |
| tagging: | |
| description: ContainerSpec defines the needed parameters for our nucleus containers | |
| properties: | |
| image: | |
| type: string | |
| name: | |
| type: string | |
| ports: | |
| items: | |
| type: string | |
| type: array | |
| restart: | |
| type: string | |
| type: object | |
| thumbnail: | |
| description: ContainerSpec defines the needed parameters for our nucleus containers | |
| properties: | |
| image: | |
| type: string | |
| name: | |
| type: string | |
| ports: | |
| items: | |
| type: string | |
| type: array | |
| restart: | |
| type: string | |
| type: object | |
| web: | |
| description: ContainerSpec defines the needed parameters for our nucleus containers | |
| properties: | |
| image: | |
| type: string | |
| name: | |
| type: string | |
| ports: | |
| items: | |
| type: string | |
| type: array | |
| restart: | |
| type: string | |
| type: object | |
| type: object | |
| loadBalancerServiceName: | |
| description: LoadBalancerServiceName is an optional field that allows you to specify the name of the lb service to create for this nucleus deployment. This is useful if you'd like to create/use your own deployed lb service. NOTE if the service already exists, it will not be managed or deleted by the operator | |
| type: string | |
| name: | |
| description: Name is the name that will be given to the nucleus object to be created | |
| type: string | |
| namespace: | |
| description: Namespace allows you to specify a namespace, by default we will create a 'nvcloud-system' namespace and use that, we advise NOT modifying this field | |
| type: string | |
| nucleusID: | |
| type: string | |
| ovAdminSecret: | |
| description: OVAdminSecret the master password to use for the Omniverse login this is the Omniverse super user account. If omitted, we will use a default demo password "ovDemoPass!", this is NOT suitable for production environments | |
| type: string | |
| serviceSecretName: | |
| description: ServiceSecretName is an optional field that allows you to specify the name of the service secret object to create for this nucleus deployment. This is usefu if you'd like to create/usee youre own deployed secet object. NOTE if the secret already exists, it will not be managed or deleted by the operator | |
| type: string | |
| storageClass: | |
| description: StorageClass allows you to specify the storage class you'd like to use for persistent block storage in the Nucleus deployment. For persistence we require dynamic provisioning support. If omitted will use the default storage class (ignored if `EphemeralData` is set to true). | |
| type: string | |
| version: | |
| description: Version (Nucleus Cloud Version) is the version of the Nucleus bundled release that you'd like to deploy | |
| type: string | |
| required: | |
| - ephemeralData | |
| type: object | |
| status: | |
| description: NucleusStatus defines the observed state of Nucleus | |
| properties: | |
| NucleusEndpoint: | |
| type: string | |
| message: | |
| type: string | |
| objectStatus: | |
| description: ObjectStatus defines each nucleus component and whether it's current state ("", "Ready", "NotReady") | |
| properties: | |
| authDataPVC: | |
| type: string | |
| authDeployment: | |
| type: string | |
| authLogPVC: | |
| type: string | |
| coreDataPVC: | |
| type: string | |
| coreDeployment: | |
| type: string | |
| coreLogPVC: | |
| type: string | |
| discoveryDeployment: | |
| type: string | |
| loadBalancer: | |
| type: string | |
| serviceSecret: | |
| type: string | |
| webDeployment: | |
| type: string | |
| required: | |
| - authDataPVC | |
| - authDeployment | |
| - authLogPVC | |
| - coreDataPVC | |
| - coreDeployment | |
| - coreLogPVC | |
| - discoveryDeployment | |
| - loadBalancer | |
| - serviceSecret | |
| - webDeployment | |
| type: object | |
| ready: | |
| type: boolean | |
| serviceInitialized: | |
| type: boolean | |
| status: | |
| type: string | |
| required: | |
| - NucleusEndpoint | |
| - objectStatus | |
| - serviceInitialized | |
| type: object | |
| uuid: | |
| type: string | |
| type: object | |
| served: true | |
| storage: true | |
| subresources: | |
| status: {} | |
| status: | |
| acceptedNames: | |
| kind: "" | |
| plural: "" | |
| conditions: [] | |
| storedVersions: [] | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: Role | |
| metadata: | |
| name: nucleus-operator-leader-election-role | |
| namespace: nvcloud-system | |
| rules: | |
| - apiGroups: | |
| - "" | |
| - coordination.k8s.io | |
| resources: | |
| - configmaps | |
| - leases | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - delete | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - events | |
| verbs: | |
| - create | |
| - patch | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| creationTimestamp: null | |
| name: nucleus-operator-manager-role | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - configmaps | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - events | |
| verbs: | |
| - create | |
| - delete | |
| - get | |
| - list | |
| - patch | |
| - update | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - persistentvolumeclaims | |
| verbs: | |
| - create | |
| - delete | |
| - get | |
| - list | |
| - patch | |
| - update | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - pods | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - secrets | |
| verbs: | |
| - create | |
| - delete | |
| - get | |
| - list | |
| - patch | |
| - update | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - services | |
| verbs: | |
| - create | |
| - delete | |
| - get | |
| - list | |
| - patch | |
| - update | |
| - watch | |
| - apiGroups: | |
| - apps | |
| resources: | |
| - deployments | |
| verbs: | |
| - create | |
| - delete | |
| - get | |
| - list | |
| - patch | |
| - update | |
| - watch | |
| - apiGroups: | |
| - batch | |
| resources: | |
| - jobs | |
| verbs: | |
| - create | |
| - delete | |
| - get | |
| - list | |
| - patch | |
| - update | |
| - watch | |
| - apiGroups: | |
| - omniverse.nvidia.io | |
| resources: | |
| - nuclei | |
| verbs: | |
| - create | |
| - delete | |
| - get | |
| - list | |
| - patch | |
| - update | |
| - watch | |
| - apiGroups: | |
| - omniverse.nvidia.io | |
| resources: | |
| - nuclei/finalizers | |
| verbs: | |
| - update | |
| - apiGroups: | |
| - omniverse.nvidia.io | |
| resources: | |
| - nuclei/status | |
| verbs: | |
| - get | |
| - patch | |
| - update | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: nucleus-operator-metrics-reader | |
| rules: | |
| - nonResourceURLs: | |
| - /metrics | |
| verbs: | |
| - get | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: nucleus-operator-proxy-role | |
| rules: | |
| - apiGroups: | |
| - authentication.k8s.io | |
| resources: | |
| - tokenreviews | |
| verbs: | |
| - create | |
| - apiGroups: | |
| - authorization.k8s.io | |
| resources: | |
| - subjectaccessreviews | |
| verbs: | |
| - create | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: RoleBinding | |
| metadata: | |
| name: nucleus-operator-leader-election-rolebinding | |
| namespace: nvcloud-system | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: nucleus-operator-leader-election-role | |
| subjects: | |
| - kind: ServiceAccount | |
| name: default | |
| namespace: nvcloud-system | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: nucleus-operator-manager-rolebinding | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: nucleus-operator-manager-role | |
| subjects: | |
| - kind: ServiceAccount | |
| name: default | |
| namespace: nvcloud-system | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: nucleus-operator-proxy-rolebinding | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: nucleus-operator-proxy-role | |
| subjects: | |
| - kind: ServiceAccount | |
| name: default | |
| namespace: nvcloud-system | |
| --- | |
| apiVersion: v1 | |
| data: | |
| controller_manager_config.yaml: | | |
| apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 | |
| kind: ControllerManagerConfig | |
| health: | |
| healthProbeBindAddress: :8081 | |
| metrics: | |
| bindAddress: 127.0.0.1:8080 | |
| webhook: | |
| port: 9443 | |
| leaderElection: | |
| leaderElect: true | |
| resourceName: 41f0be62.nvidia.io | |
| kind: ConfigMap | |
| metadata: | |
| name: nucleus-operator-manager-config | |
| namespace: nvcloud-system | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| labels: | |
| control-plane: controller-manager | |
| name: nucleus-operator-controller-manager-metrics-service | |
| namespace: nvcloud-system | |
| spec: | |
| ports: | |
| - name: https | |
| port: 8443 | |
| targetPort: https | |
| selector: | |
| control-plane: controller-manager | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| labels: | |
| control-plane: controller-manager | |
| name: nucleus-operator-controller-manager | |
| namespace: nvcloud-system | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| control-plane: controller-manager | |
| template: | |
| metadata: | |
| labels: | |
| control-plane: controller-manager | |
| spec: | |
| containers: | |
| - args: | |
| - --secure-listen-address=0.0.0.0:8443 | |
| - --upstream=http://127.0.0.1:8080/ | |
| - --logtostderr=true | |
| - --v=10 | |
| image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 | |
| name: kube-rbac-proxy | |
| ports: | |
| - containerPort: 8443 | |
| name: https | |
| - args: | |
| - --health-probe-bind-address=:8081 | |
| - --metrics-bind-address=127.0.0.1:8080 | |
| - --leader-elect | |
| command: | |
| - /manager | |
| image: nvcr.io/omniverse/cesspool/nucleus-operator:latest | |
| livenessProbe: | |
| httpGet: | |
| path: /healthz | |
| port: 8081 | |
| initialDelaySeconds: 15 | |
| periodSeconds: 20 | |
| name: manager | |
| readinessProbe: | |
| httpGet: | |
| path: /readyz | |
| port: 8081 | |
| initialDelaySeconds: 5 | |
| periodSeconds: 10 | |
| resources: | |
| limits: | |
| cpu: 100m | |
| memory: 30Mi | |
| requests: | |
| cpu: 100m | |
| memory: 20Mi | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| securityContext: | |
| runAsUser: 65532 | |
| terminationGracePeriodSeconds: 10 | |
| imagePullSecrets: | |
| - name: "nvcr-cred" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment