Skip to content

Instantly share code, notes, and snippets.

@jacobweinstock

jacobweinstock/infrastructure-components.yaml

Last active October 8, 2022 02:44
Show Gist options
  • Save jacobweinstock/414bcba22da1d4a324e22ff23461d5af to your computer and use it in GitHub Desktop.
Save jacobweinstock/414bcba22da1d4a324e22ff23461d5af to your computer and use it in GitHub Desktop.
Download ZIP
infrastructure-components.yaml
Raw
infrastructure-components.yaml
apiVersion: v1
kind: Namespace
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-tinkerbell
control-plane: controller-manager
name: capt-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: capt-system/capt-serving-cert
controller-gen.kubebuilder.io/version: v0.8.0
labels:
cluster.x-k8s.io/provider: infrastructure-tinkerbell
cluster.x-k8s.io/v1beta1: v1beta1
name: tinkerbellclusters.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: capt-system
path: /convert
conversionReviewVersions:
- v1
- v1beta1
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: TinkerbellCluster
listKind: TinkerbellClusterList
plural: tinkerbellclusters
singular: tinkerbellcluster
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Cluster to which this TinkerbellCluster belongs
jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
name: Cluster
type: string
- description: TinkerbellCluster ready status
jsonPath: .status.ready
name: Ready
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: TinkerbellCluster is the Schema for the tinkerbellclusters API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TinkerbellClusterSpec defines the desired state of TinkerbellCluster.
properties:
controlPlaneEndpoint:
description: "ControlPlaneEndpoint is a required field by ClusterAPI
v1beta1. \n See https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html
for more details."
properties:
host:
description: The hostname on which the API server is serving.
type: string
port:
description: The port on which the API server is serving.
format: int32
type: integer
required:
- host
- port
type: object
imageLookupBaseRegistry:
default: ghcr.io/tinkerbell/cluster-api-provider-tinkerbell
description: ImageLookupBaseRegistry is the base Registry URL that
is used for pulling images, if not set, the default will be to use
ghcr.io/tinkerbell/cluster-api-provider-tinkerbell.
type: string
imageLookupFormat:
description: 'ImageLookupFormat is the URL naming format to use for
machine images when a machine does not specify. When set, this will
be used for all cluster machines unless a machine specifies a different
ImageLookupFormat. Supports substitutions for {{.BaseRegistry}},
{{.OSDistro}}, {{.OSVersion}} and {{.KubernetesVersion}} with the
basse URL, OS distribution, OS version, and kubernetes version,
respectively. BaseRegistry will be the value in ImageLookupBaseRegistry
or ghcr.io/tinkerbell/cluster-api-provider-tinkerbell (the default),
OSDistro will be the value in ImageLookupOSDistro or ubuntu (the
default), OSVersion will be the value in ImageLookupOSVersion or
default based on the OSDistro (if known), and the kubernetes version
as defined by the packages produced by kubernetes/release: v1.13.0,
v1.12.5-mybuild.1, or v1.17.3. For example, the default image format
of {{.BaseRegistry}}/{{.OSDistro}}-{{.OSVersion}}:{{.KubernetesVersion}}.gz
will attempt to pull the image from that location. See also: https://golang.org/pkg/text/template/'
type: string
imageLookupOSDistro:
default: ubuntu
description: ImageLookupOSDistro is the name of the OS distro to use
when fetching machine images, if not set it will default to ubuntu.
type: string
imageLookupOSVersion:
description: ImageLookupOSVersion is the version of the OS distribution
to use when fetching machine images. If not set it will default
based on ImageLookupOSDistro.
type: string
type: object
status:
description: TinkerbellClusterStatus defines the observed state of TinkerbellCluster.
properties:
ready:
description: Ready denotes that the cluster (infrastructure) is ready.
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: capt-system/capt-serving-cert
controller-gen.kubebuilder.io/version: v0.8.0
labels:
cluster.x-k8s.io/provider: infrastructure-tinkerbell
cluster.x-k8s.io/v1beta1: v1beta1
name: tinkerbellmachines.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: capt-system
path: /convert
conversionReviewVersions:
- v1
- v1beta1
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: TinkerbellMachine
listKind: TinkerbellMachineList
plural: tinkerbellmachines
singular: tinkerbellmachine
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Cluster to which this TinkerbellMachine belongs
jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
name: Cluster
type: string
- description: Tinkerbell instance state
jsonPath: .status.instanceState
name: State
type: string
- description: Machine ready status
jsonPath: .status.ready
name: Ready
type: string
- description: Tinkerbell instance ID
jsonPath: .spec.providerID
name: InstanceID
type: string
- description: Machine object which owns with this TinkerbellMachine
jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
name: Machine
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: TinkerbellMachine is the Schema for the tinkerbellmachines API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TinkerbellMachineSpec defines the desired state of TinkerbellMachine.
properties:
hardwareAffinity:
description: HardwareAffinity allows filtering for hardware.
properties:
preferred:
description: Preferred are the preferred hardware affinity terms.
Hardware matching these terms are preferred according to the
weights provided, but are not required.
items:
description: WeightedHardwareAffinityTerm is a HardwareAffinityTerm
with an associated weight. The weights of all the matched
WeightedHardwareAffinityTerm fields are added per-hardware
to find the most preferred hardware.
properties:
hardwareAffinityTerm:
description: HardwareAffinityTerm is the term associated
with the corresponding weight.
properties:
labelSelector:
description: LabelSelector is used to select for particular
hardware by label.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
required:
- labelSelector
type: object
weight:
description: Weight associated with matching the corresponding
hardwareAffinityTerm, in the range 1-100.
format: int32
maximum: 100
minimum: 1
type: integer
required:
- hardwareAffinityTerm
- weight
type: object
type: array
required:
description: Required are the required hardware affinity terms. The
terms are OR'd together, hardware must match one term to be
considered.
items:
description: HardwareAffinityTerm is used to select for a particular
existing hardware resource.
properties:
labelSelector:
description: LabelSelector is used to select for particular
hardware by label.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
required:
- labelSelector
type: object
type: array
type: object
hardwareName:
description: Those fields are set programmatically, but they cannot
be re-constructed from "state of the world", so we put them in spec
instead of status.
type: string
imageLookupBaseRegistry:
description: ImageLookupBaseRegistry is the base Registry URL that
is used for pulling images, if not set, the default will be to use
ghcr.io/tinkerbell/cluster-api-provider-tinkerbell.
type: string
imageLookupFormat:
description: 'ImageLookupFormat is the URL naming format to use for
machine images when a machine does not specify. When set, this will
be used for all cluster machines unless a machine specifies a different
ImageLookupFormat. Supports substitutions for {{.BaseRegistry}},
{{.OSDistro}}, {{.OSVersion}} and {{.KubernetesVersion}} with the
basse URL, OS distribution, OS version, and kubernetes version,
respectively. BaseRegistry will be the value in ImageLookupBaseRegistry
or ghcr.io/tinkerbell/cluster-api-provider-tinkerbell (the default),
OSDistro will be the value in ImageLookupOSDistro or ubuntu (the
default), OSVersion will be the value in ImageLookupOSVersion or
default based on the OSDistro (if known), and the kubernetes version
as defined by the packages produced by kubernetes/release: v1.13.0,
v1.12.5-mybuild.1, or v1.17.3. For example, the default image format
of {{.BaseRegistry}}/{{.OSDistro}}-{{.OSVersion}}:{{.KubernetesVersion}}.gz
will attempt to pull the image from that location. See also: https://golang.org/pkg/text/template/'
type: string
imageLookupOSDistro:
description: ImageLookupOSDistro is the name of the OS distro to use
when fetching machine images, if not set it will default to ubuntu.
type: string
imageLookupOSVersion:
description: ImageLookupOSVersion is the version of the OS distribution
to use when fetching machine images. If not set it will default
based on ImageLookupOSDistro.
type: string
providerID:
type: string
templateOverride:
description: 'TemplateOverride overrides the default Tinkerbell template
used by CAPT. You can learn more about Tinkerbell templates here:
https://docs.tinkerbell.org/templates/'
type: string
type: object
status:
description: TinkerbellMachineStatus defines the observed state of TinkerbellMachine.
properties:
addresses:
description: Addresses contains the Tinkerbell device associated addresses.
items:
description: NodeAddress contains information for the node's address.
properties:
address:
description: The node address.
type: string
type:
description: Node address type, one of Hostname, ExternalIP
or InternalIP.
type: string
required:
- address
- type
type: object
type: array
errorMessage:
description: "ErrorMessage will be set in the event that there is
a terminal problem reconciling the Machine and will contain a more
verbose string suitable for logging and human consumption. \n This
field should not be set for transitive errors that a controller
faces that are expected to be fixed automatically over time (like
service outages), but instead indicate that something is fundamentally
wrong with the Machine's spec or the configuration of the controller,
and that manual intervention is required. Examples of terminal errors
would be invalid combinations of settings in the spec, values that
are unsupported by the controller, or the responsible controller
itself being critically misconfigured. \n Any transient errors that
occur during the reconciliation of Machines can be added as events
to the Machine object and/or logged in the controller's output."
type: string
errorReason:
description: Any transient errors that occur during the reconciliation
of Machines can be added as events to the Machine object and/or
logged in the controller's output.
type: string
instanceStatus:
description: InstanceStatus is the status of the Tinkerbell device
instance for this machine.
type: integer
ready:
description: Ready is true when the provider resource is ready.
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: capt-system/capt-serving-cert
controller-gen.kubebuilder.io/version: v0.8.0
labels:
cluster.x-k8s.io/provider: infrastructure-tinkerbell
cluster.x-k8s.io/v1beta1: v1beta1
name: tinkerbellmachinetemplates.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: capt-system
path: /convert
conversionReviewVersions:
- v1
- v1beta1
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: TinkerbellMachineTemplate
listKind: TinkerbellMachineTemplateList
plural: tinkerbellmachinetemplates
singular: tinkerbellmachinetemplate
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: TinkerbellMachineTemplate is the Schema for the tinkerbellmachinetemplates
API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TinkerbellMachineTemplateSpec defines the desired state of
TinkerbellMachineTemplate.
properties:
template:
description: TinkerbellMachineTemplateResource describes the data
needed to create am TinkerbellMachine from a template.
properties:
spec:
description: Spec is the specification of the desired behavior
of the machine.
properties:
hardwareAffinity:
description: HardwareAffinity allows filtering for hardware.
properties:
preferred:
description: Preferred are the preferred hardware affinity
terms. Hardware matching these terms are preferred according
to the weights provided, but are not required.
items:
description: WeightedHardwareAffinityTerm is a HardwareAffinityTerm
with an associated weight. The weights of all the
matched WeightedHardwareAffinityTerm fields are added
per-hardware to find the most preferred hardware.
properties:
hardwareAffinityTerm:
description: HardwareAffinityTerm is the term associated
with the corresponding weight.
properties:
labelSelector:
description: LabelSelector is used to select
for particular hardware by label.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
description: operator represents a
key's relationship to a set of values.
Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of
string values. If the operator is
In or NotIn, the values array must
be non-empty. If the operator is
Exists or DoesNotExist, the values
array must be empty. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
required:
- labelSelector
type: object
weight:
description: Weight associated with matching the
corresponding hardwareAffinityTerm, in the range
1-100.
format: int32
maximum: 100
minimum: 1
type: integer
required:
- hardwareAffinityTerm
- weight
type: object
type: array
required:
description: Required are the required hardware affinity
terms. The terms are OR'd together, hardware must match
one term to be considered.
items:
description: HardwareAffinityTerm is used to select
for a particular existing hardware resource.
properties:
labelSelector:
description: LabelSelector is used to select for
particular hardware by label.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
required:
- labelSelector
type: object
type: array
type: object
hardwareName:
description: Those fields are set programmatically, but they
cannot be re-constructed from "state of the world", so we
put them in spec instead of status.
type: string
imageLookupBaseRegistry:
description: ImageLookupBaseRegistry is the base Registry
URL that is used for pulling images, if not set, the default
will be to use ghcr.io/tinkerbell/cluster-api-provider-tinkerbell.
type: string
imageLookupFormat:
description: 'ImageLookupFormat is the URL naming format to
use for machine images when a machine does not specify.
When set, this will be used for all cluster machines unless
a machine specifies a different ImageLookupFormat. Supports
substitutions for {{.BaseRegistry}}, {{.OSDistro}}, {{.OSVersion}}
and {{.KubernetesVersion}} with the basse URL, OS distribution,
OS version, and kubernetes version, respectively. BaseRegistry
will be the value in ImageLookupBaseRegistry or ghcr.io/tinkerbell/cluster-api-provider-tinkerbell
(the default), OSDistro will be the value in ImageLookupOSDistro
or ubuntu (the default), OSVersion will be the value in
ImageLookupOSVersion or default based on the OSDistro (if
known), and the kubernetes version as defined by the packages
produced by kubernetes/release: v1.13.0, v1.12.5-mybuild.1,
or v1.17.3. For example, the default image format of {{.BaseRegistry}}/{{.OSDistro}}-{{.OSVersion}}:{{.KubernetesVersion}}.gz
will attempt to pull the image from that location. See also:
https://golang.org/pkg/text/template/'
type: string
imageLookupOSDistro:
description: ImageLookupOSDistro is the name of the OS distro
to use when fetching machine images, if not set it will
default to ubuntu.
type: string
imageLookupOSVersion:
description: ImageLookupOSVersion is the version of the OS
distribution to use when fetching machine images. If not
set it will default based on ImageLookupOSDistro.
type: string
providerID:
type: string
templateOverride:
description: 'TemplateOverride overrides the default Tinkerbell
template used by CAPT. You can learn more about Tinkerbell
templates here: https://docs.tinkerbell.org/templates/'
type: string
type: object
required:
- spec
type: object
required:
- template
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-tinkerbell
control-plane: controller-manager
name: capt-controller-manager
namespace: capt-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-tinkerbell
name: capt-leader-election-role
namespace: capt-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
cluster.x-k8s.io/provider: infrastructure-tinkerbell
name: capt-manager-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- bmc.tinkerbell.org
resources:
- jobs
verbs:
- create
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/status
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machines
- machines/status
verbs:
- get
- list
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- tinkerbellclusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- tinkerbellclusters/status
verbs:
- get
- patch
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- tinkerbellmachines
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- tinkerbellmachines/status
verbs:
- get
- patch
- update
- apiGroups:
- tinkerbell.org
resources:
- hardware
- hardware/status
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- tinkerbell.org
resources:
- templates
- templates/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- tinkerbell.org
resources:
- workflows
- workflows/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-tinkerbell
name: capt-leader-election-rolebinding
namespace: capt-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: capt-leader-election-role
subjects:
- kind: ServiceAccount
name: capt-controller-manager
namespace: capt-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-tinkerbell
name: capt-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: capt-manager-role
subjects:
- kind: ServiceAccount
name: capt-controller-manager
namespace: capt-system
---
apiVersion: v1
kind: Service
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-tinkerbell
name: capt-webhook-service
namespace: capt-system
spec:
ports:
- port: 443
targetPort: webhook-server
selector:
cluster.x-k8s.io/provider: infrastructure-tinkerbell
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-tinkerbell
control-plane: controller-manager
name: capt-controller-manager
namespace: capt-system
spec:
replicas: 1
selector:
matchLabels:
cluster.x-k8s.io/provider: infrastructure-tinkerbell
control-plane: controller-manager
template:
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-tinkerbell
control-plane: controller-manager
spec:
containers:
- args:
- --leader-elect
command:
- /manager
env:
- name: TINKERBELL_IP
value: ${TINKERBELL_IP}
image: ghcr.io/jacobweinstock/cluster-api-provider-tinkerbell:v0.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
resources:
limits:
cpu: 200m
memory: 200Mi
requests:
cpu: 100m
memory: 20Mi
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
serviceAccountName: capt-controller-manager
terminationGracePeriodSeconds: 10
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
volumes:
- name: cert
secret:
defaultMode: 420
secretName: capt-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-tinkerbell
name: capt-serving-cert
namespace: capt-system
spec:
dnsNames:
- capt-webhook-service.capt-system.svc
- capt-webhook-service.capt-system.svc.cluster.local
issuerRef:
kind: Issuer
name: capt-selfsigned-issuer
secretName: capt-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
cluster.x-k8s.io/provider: infrastructure-tinkerbell
name: capt-selfsigned-issuer
namespace: capt-system
spec:
selfSigned: {}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: capt-system/capt-serving-cert
labels:
cluster.x-k8s.io/provider: infrastructure-tinkerbell
name: capt-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: capt-webhook-service
namespace: capt-system
path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-tinkerbellcluster
failurePolicy: Fail
matchPolicy: Equivalent
name: default.tinkerbellcluster.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- tinkerbellclusters
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: capt-system/capt-serving-cert
labels:
cluster.x-k8s.io/provider: infrastructure-tinkerbell
name: capt-validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: capt-webhook-service
namespace: capt-system
path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-tinkerbellcluster
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.tinkerbellcluster.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- tinkerbellclusters
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: capt-webhook-service
namespace: capt-system
path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-tinkerbellmachine
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.tinkerbellmachine.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- tinkerbellmachines
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: capt-webhook-service
namespace: capt-system
path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-tinkerbellmachinetemplate
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.tinkerbellmachinetemplate.infrastructure.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- tinkerbellmachinetemplates
sideEffects: None
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment