diff --git a/charts/Chart.yaml b/charts/Chart.yaml new file mode 100644 index 000000000..172ba8594 --- /dev/null +++ b/charts/Chart.yaml @@ -0,0 +1,28 @@ +apiVersion: v2 +name: karmada +description: A Helm chart for karmada + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# The optional kubeVersion field can define semver constraints on supported Kubernetes versions. +# Helm will validate the version constraints when installing the chart and fail if the cluster +# runs an unsupported Kubernetes version. +kubeVersion: ">=1.16.0" + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: v0.8.0 diff --git a/charts/README.md b/charts/README.md new file mode 100644 index 000000000..cb6b133d8 --- /dev/null +++ b/charts/README.md @@ -0,0 +1,141 @@ +# Karmada + +Karmada (Kubernetes Armada) is a Kubernetes management system that enables you to run your cloud-native applications across multiple Kubernetes clusters and clouds, with no changes to your applications. By speaking Kubernetes-native APIs and providing advanced scheduling capabilities, Karmada enables truly open, multi-cloud Kubernetes. + +Karmada aims to provide turnkey automation for multi-cluster application management in multi-cloud and hybrid cloud scenarios, with key features such as centralized multi-cloud management, high availability, failure recovery, and traffic scheduling. + +## TL;DR + +Switch to the `root` directory of the repo. +```console +$ helm install karmada -n karmada-system --create-namespace ./charts +``` + +## Prerequisites + +- Kubernetes 1.16+ +- helm v3+ + +## Installing the Chart + +To install the chart with the release name `karmada` in namespace `karmada-system`: + +Switch to the `root` directory of the repo. +```console +$ helm install karmada -n karmada-system --create-namespace ./charts +``` + +Get kubeconfig from the cluster: + +```console +$ kubectl get secret -n karmada-system karmada-kubeconfig -o jsonpath={.data.kubeconfig} | base64 -d +``` + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart +To uninstall/delete the `karmada` helm release in namespace `karmada-system`: + +```console +$ helm uninstall karmada -n karmada-system +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. +## Configuration +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `installMode` | InstallMode "host" and "agent" are provided, "host" means install karmada in the control-cluster, "agent" means install agent client in the member cluster | `"host"`| +| `clusterDomain` | Default cluster domain for karmada | `"cluster.local"` | +|`certs.mode`| Mode "auto" and "custom" are provided, "auto" means auto generate certificate, "custom" means use user certificate |`"auto"`| +|`certs.auto.expiry`| Expiry of the certificate |`"43800h"`| +|`certs.auto.hosts`| Hosts of the certificate |`["kubernetes.default.svc","*.etcd.karmada-system.svc.cluster.local","*.karmada-system.svc.cluster.local","*.karmada-system.svc","localhost","127.0.0.1"]`| +|`certs.custom.caCrt`|CA CRT of the certificate|`""`| +|`certs.custom.crt`|CRT of the certificate|`""`| +|`certs.custom.key`|KEY of the certificate|`""`| +|`etcd.mode`| Mode "external" and "internal" are provided, "external" means use external ectd, "internal" means install a etcd in the cluster |`"internal"`| +|`etcd.external.servers`| Servers of etcd |`""`| +|`etcd.external.registryPrefix`| Use to registry prefix of etcd |`"/registry/karmada"`| +|`etcd.external.certs.caCrt`| CA CRT of the etcd certificate |`""`| +|`etcd.external.certs.crt`| CRT of the etcd certificate |`""`| +|`etcd.external.certs.key`| KEY of the etcd certificate |`""`| +|`etcd.internal.replicaCount`| Target replicas of the etcd |`1`| +|`etcd.internal.image.repository`| Image of the etcd |`"k8s.gcr.io/etcd"`| +|`etcd.internal.image.pullPolicy`| Image pull policy of the etcd |`"IfNotPresent"`| +|`etcd.internal.image.tag`| Image tag of the etcd |`"3.4.13-0"`| +|`agent.clusterName`| Name of the member cluster |`""`| +|`agent.kubeconfig.caCrt`| CA CRT of the karmada certificate |`""`| +|`agent.kubeconfig.crt`| CRT of the karmada certificate |`""`| +|`agent.kubeconfig.key`| KEY of the karmada certificate |`""`| +|`agent.kubeconfig.server`| API-server of the karmada |`""`| +|`agent.labels`| Labels of the agent deployment |`{"app": "karmada-agent"}`| +|`agent.replicaCount`| Target replicas of the agent |`1`| +|`agent.podLabels`| Labels of the agent pods |`{}`| +|`agent.podAnnotations`| Annotaions of the agent pods |`{}`| +|`agent.imagePullSecrets`| Image pull secret of the agent |`[]`| +|`agent.image.repository`| Image of the agent |`"swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-agent"`| +|`agent.image.tag`| Image tag of the agent |`"latest"`| +|`agent.image.pullPolicy`| Image pull policy of the agent |`"IfNotPresent"`| +|`agent.resources`| Resource quota of the agent |`{}`| +|`agent.nodeSelector`| Node selector of the agent |`{}`| +|`agent.affinity`| Affinity of the agent |`{}`| +|`agent.tolerations`| Tolerations of the agent |`[]`| +|`scheduler.labels`| Labels of the schedeler deployment |`{"app": "karmada-scheduler"}`| +|`scheduler.replicaCount`| Target replicas of the scheduler |`1`| +|`scheduler.podLabels`| Labels of the scheduler pods |`{}`| +|`scheduler.podAnnotations`| Annotaions of the scheduler pods |`{}`| +|`scheduler.imagePullSecrets`| Image pull secret of the scheduler |`[]`| +|`scheduler.image.repository`| Image of the scheduler |`"swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-scheduler"`| +|`scheduler.image.tag`| Image tag of the scheduler |`"latest"`| +|`scheduler.image.pullPolicy`| Image pull policy of the scheduler |`"IfNotPresent"`| +|`scheduler.resources`| Resource quota of the scheduler |`{}`| +|`scheduler.nodeSelector`| Node selector of the scheduler |`{}`| +|`scheduler.affinity`| Affinity of the scheduler |`{}`| +|`scheduler.tolerations`| Tolerations of the scheduler |`[]`| +|`webhook.labels`| Labels of the webhook deployment |`{"app": "karmada-webhook"}`| +|`webhook.replicaCount`| Target replicas of the webhook |`1`| +|`webhook.podLabels`| Labels of the webhook pods |`{}`| +|`webhook.podAnnotations`| Annotaions of the webhook pods |`{}`| +|`webhook.imagePullSecrets`| Image pull secret of the webhook |`[]`| +|`webhook.image.repository`| Image of the webhook |`"swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-webhook"`| +|`webhook.image.tag`| Image tag of the webhook |`"latest"`| +|`webhook.image.pullPolicy`| Image pull policy of the webhook |`"IfNotPresent"`| +|`webhook.resources`| Resource quota of the webhook |`{}`| +|`webhook.nodeSelector`| Node selector of the webhook |`{}`| +|`webhook.affinity`| Affinity of the webhook |`{}`| +|`webhook.tolerations`| Tolerations of the webhook |`[]`| +|`controllerManager.labels`| Labels of the karmada-controller-manager deployment |`{"app": "karmada-controller-manager"}`| +|`controllerManager.replicaCount`| Target replicas of the karmada-controller-manager |`1`| +|`controllerManager.podLabels`| Labels of the karmada-controller-manager pods |`{}`| +|`controllerManager.podAnnotations`| Annotaions of the karmada-controller-manager pods |`{}`| +|`controllerManager.imagePullSecrets`| Image pull secret of the karmada-controller-manager |`[]`| +|`controllerManager.image.repository`| Image of the karmada-controller-manager |`"swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-controller-manager"`| +|`controllerManager.image.tag`| Image tag of the karmada-controller-manager |`"latest"`| +|`controllerManager.image.pullPolicy`| Image pull policy of the karmada-controller-manager |`"IfNotPresent"`| +|`controllerManager.resources`| Resource quota of the karmada-controller-manager |`{}`| +|`controllerManager.nodeSelector`| Node selector of the karmada-controller-manager |`{}`| +|`controllerManager.affinity`| Affinity of the karmada-controller-manager |`{}`| +|`controllerManager.tolerations`| Tolerations of the karmada-controller-manager |`[]`| +|`apiServer.labels`| Labels of the karmada-apiserver deployment |`{"app": "karmada-apiserver"}`| +|`apiServer.replicaCount`| Target replicas of the karmada-apiserver |`1`| +|`apiServer.podLabels`| Labels of the karmada-apiserver pods |`{}`| +|`apiServer.podAnnotations`| Annotaions of the karmada-apiserver pods |`{}`| +|`apiServer.imagePullSecrets`| Image pull secret of the karmada-apiserver |`[]`| +|`apiServer.image.repository`| Image of the karmada-apiserver |`"k8s.gcr.io/kube-apiserver"`| +|`apiServer.image.tag`| Image tag of the karmada-apiserver |`"v1.19.1"`| +|`apiServer.image.pullPolicy`| Image pull policy of the karmada-apiserver |`"IfNotPresent"`| +|`apiServer.resources`| Resource quota of the karmada-apiserver |`{}`| +|`apiServer.nodeSelector`| Node selector of the karmada-apiserver |`{}`| +|`apiServer.affinity`| Affinity of the karmada-apiserver |`{}`| +|`apiServer.tolerations`| Tolerations of the karmada-apiserver |`[]`| +|`kubeControllerManager.labels`| Labels of the kube-controller-manager deployment |`{"app": "kube-controller-manager"}`| +|`kubeControllerManager.replicaCount`| Target replicas of the kube-controller-manager |`1`| +|`kubeControllerManager.podLabels`| Labels of the kube-controller-manager pods |`{}`| +|`kubeControllerManager.podAnnotations`| Annotaions of the kube-controller-manager pods |`{}`| +|`kubeControllerManager.imagePullSecrets`| Image pull secret of the kube-controller-manager |`[]`| +|`kubeControllerManager.image.repository`| Image of the kube-controller-manager |`"k8s.gcr.io/kube-controller-manager"`| +|`kubeControllerManager.image.tag`| Image tag of the kube-controller-manager |`"v1.19.1"`| +|`kubeControllerManager.image.pullPolicy`| Image pull policy of the kube-controller-manager |`"IfNotPresent"`| +|`kubeControllerManager.resources`| Resource quota of the kube-controller-manager |`{}`| +|`kubeControllerManager.nodeSelector`| Node selector of the kube-controller-manager |`{}`| +|`kubeControllerManager.affinity`| Affinity of the kube-controller-manager |`{}`| +|`kubeControllerManager.tolerations`| Tolerations of the kube-controller-manager |`[]`| diff --git a/charts/_crds/cluster.karmada.io_clusters.yaml b/charts/_crds/cluster.karmada.io_clusters.yaml new file mode 100644 index 000000000..2813da346 --- /dev/null +++ b/charts/_crds/cluster.karmada.io_clusters.yaml @@ -0,0 +1,310 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: clusters.cluster.karmada.io +spec: + group: cluster.karmada.io + names: + kind: Cluster + listKind: ClusterList + plural: clusters + singular: cluster + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.kubernetesVersion + name: Version + type: string + - jsonPath: .spec.syncMode + name: Mode + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Cluster represents the desire state and status of a member cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec represents the specification of the desired behavior + of member cluster. + properties: + apiEndpoint: + description: The API endpoint of the member cluster. This can be a + hostname, hostname:port, IP or IP:port. + type: string + insecureSkipTLSVerification: + description: InsecureSkipTLSVerification indicates that the karmada + control plane should not confirm the validity of the serving certificate + of the cluster it is connecting to. This will make the HTTPS connection + between the karmada control plane and the member cluster insecure. + Defaults to false. + type: boolean + provider: + description: Provider represents the cloud provider name of the member + cluster. + type: string + proxyURL: + description: 'ProxyURL is the proxy URL for the cluster. If not empty, + the karmada control plane will use this proxy to talk to the cluster. + More details please refer to: https://github.com/kubernetes/client-go/issues/351' + type: string + region: + description: Region represents the region of the member cluster locate + in. + type: string + secretRef: + description: 'SecretRef represents the secret contains mandatory credentials + to access the member cluster. The secret should hold credentials + as follows: - secret.data.token - secret.data.caBundle' + properties: + name: + description: Name is the name of resource being referenced. + type: string + namespace: + description: Namespace is the namespace for the resource being + referenced. + type: string + required: + - name + - namespace + type: object + syncMode: + description: SyncMode describes how a cluster sync resources from + karmada control plane. + enum: + - Push + - Pull + type: string + taints: + description: Taints attached to the member cluster. Taints on the + cluster have the "effect" on any resource that does not tolerate + the Taint. + items: + description: The node this Taint is attached to has the "effect" + on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods that + do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which the taint + was added. It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint key. + type: string + required: + - effect + - key + type: object + type: array + zone: + description: Zone represents the zone of the member cluster locate + in. + type: string + required: + - syncMode + type: object + status: + description: Status represents the status of member cluster. + properties: + apiEnablements: + description: APIEnablements represents the list of APIs installed + in the member cluster. + items: + description: APIEnablement is a list of API resource, it is used + to expose the name of the resources supported in a specific group + and version. + properties: + groupVersion: + description: GroupVersion is the group and version this APIEnablement + is for. + type: string + resources: + description: Resources is a list of APIResource. + items: + description: APIResource specifies the name and kind names + for the resource. + properties: + kind: + description: Kind is the kind for the resource (e.g. 'Deployment' + is the kind for resource 'deployments') + type: string + name: + description: Name is the plural name of the resource. + type: string + required: + - kind + - name + type: object + type: array + required: + - groupVersion + type: object + type: array + conditions: + description: Conditions is an array of current cluster conditions. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + kubernetesVersion: + description: KubernetesVersion represents version of the member cluster. + type: string + nodeSummary: + description: NodeSummary represents the summary of nodes status in + the member cluster. + properties: + readyNum: + description: ReadyNum is the number of ready nodes in the cluster. + format: int32 + type: integer + totalNum: + description: TotalNum is the total number of nodes in the cluster. + format: int32 + type: integer + type: object + resourceSummary: + description: ResourceSummary represents the summary of resources in + the member cluster. + properties: + allocatable: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Allocatable represents the resources of a cluster + that are available for scheduling. Total amount of allocatable + resources on all nodes. + type: object + allocated: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Allocated represents the resources of a cluster that + have been scheduled. Total amount of required resources of all + Pods that have been scheduled to nodes. + type: object + allocating: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Allocating represents the resources of a cluster + that are pending for scheduling. Total amount of required resources + of all Pods that are waiting for scheduling. + type: object + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/_crds/multicluster.x-k8s.io_serviceexports.yaml b/charts/_crds/multicluster.x-k8s.io_serviceexports.yaml new file mode 100644 index 000000000..8dda38c2f --- /dev/null +++ b/charts/_crds/multicluster.x-k8s.io_serviceexports.yaml @@ -0,0 +1,133 @@ +# Copyright 2020 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: serviceexports.multicluster.x-k8s.io +spec: + group: multicluster.x-k8s.io + scope: Namespaced + names: + plural: serviceexports + singular: serviceexport + kind: ServiceExport + shortNames: + - svcex + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + "schema": + "openAPIV3Schema": + description: ServiceExport declares that the Service with the same name and + namespace as this export should be consumable from other clusters. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: status describes the current state of an exported service. + Service configuration comes from the Service that had the same name + and namespace as this ServiceExport. Populated by the multi-cluster + service implementation's controller. + type: object + properties: + conditions: + type: array + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map diff --git a/charts/_crds/multicluster.x-k8s.io_serviceimports.yaml b/charts/_crds/multicluster.x-k8s.io_serviceimports.yaml new file mode 100644 index 000000000..d0e26e9ec --- /dev/null +++ b/charts/_crds/multicluster.x-k8s.io_serviceimports.yaml @@ -0,0 +1,161 @@ +# Copyright 2020 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: serviceimports.multicluster.x-k8s.io +spec: + group: multicluster.x-k8s.io + scope: Namespaced + names: + plural: serviceimports + singular: serviceimport + kind: ServiceImport + shortNames: + - svcim + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Type + type: string + description: The type of this ServiceImport + jsonPath: .spec.type + - name: IP + type: string + description: The VIP for this ServiceImport + jsonPath: .spec.ips + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + "schema": + "openAPIV3Schema": + description: ServiceImport describes a service imported from clusters in a + ClusterSet. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the behavior of a ServiceImport. + type: object + required: + - ports + - type + properties: + ips: + description: ip will be used as the VIP for this service when type + is ClusterSetIP. + type: array + maxItems: 1 + items: + type: string + ports: + type: array + items: + description: ServicePort represents the port on which the service + is exposed + type: object + required: + - port + properties: + appProtocol: + description: The application protocol for this port. This field + follows standard Kubernetes label syntax. Un-prefixed names + are reserved for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). Non-standard + protocols should use prefixed names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. This + must be a DNS_LABEL. All ports within a ServiceSpec must have + unique names. When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. Optional + if only one ServicePort is defined on this service. + type: string + port: + description: The port that will be exposed by this service. + type: integer + format: int32 + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + x-kubernetes-list-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain session + affinity. Enable client IP based session affinity. Must be ClientIP + or None. Defaults to None. Ignored when type is Headless More info: + https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains session affinity configuration. + type: object + properties: + clientIP: + description: clientIP contains the configurations of Client IP + based session affinity. + type: object + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds of ClientIP + type session sticky time. The value must be >0 && <=86400(for + 1 day) if ServiceAffinity == "ClientIP". Default value is + 10800(for 3 hours). + type: integer + format: int32 + type: + description: type defines the type of this service. Must be ClusterSetIP + or Headless. + type: string + enum: + - ClusterSetIP + - Headless + status: + description: status contains information about the exported services that + form the multi-cluster service referenced by this ServiceImport. + type: object + properties: + clusters: + description: clusters is the list of exporting clusters from which + this service was derived. + type: array + items: + description: ClusterStatus contains service configuration mapped + to a specific source cluster + type: object + required: + - cluster + properties: + cluster: + description: cluster is the name of the exporting cluster. Must + be a valid RFC-1123 DNS label. + type: string + x-kubernetes-list-map-keys: + - cluster + x-kubernetes-list-type: map diff --git a/charts/_crds/policy.karmada.io_clusteroverridepolicies.yaml b/charts/_crds/policy.karmada.io_clusteroverridepolicies.yaml new file mode 100644 index 000000000..580bc3fbd --- /dev/null +++ b/charts/_crds/policy.karmada.io_clusteroverridepolicies.yaml @@ -0,0 +1,375 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: clusteroverridepolicies.policy.karmada.io +spec: + group: policy.karmada.io + names: + kind: ClusterOverridePolicy + listKind: ClusterOverridePolicyList + plural: clusteroverridepolicies + shortNames: + - cop + singular: clusteroverridepolicy + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterOverridePolicy represents the cluster-wide policy that + overrides a group of resources to one or more clusters. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec represents the desired behavior of ClusterOverridePolicy. + properties: + overriders: + description: Overriders represents the override rules that would apply + on resources + properties: + argsOverrider: + description: ArgsOverrider represents the rules dedicated to handling + container args + items: + description: CommandArgsOverrider represents the rules dedicated + to handling command/args overrides. + properties: + containerName: + description: The name of container + type: string + operator: + description: Operator represents the operator which will + apply on the command/args. + enum: + - add + - remove + type: string + value: + description: Value to be applied to command/args. Items + in Value which will be appended after command/args when + Operator is 'add'. Items in Value which match in command/args + will be deleted when Operator is 'remove'. If Value is + empty, then the command/args will remain the same. + items: + type: string + type: array + required: + - containerName + - operator + type: object + type: array + commandOverrider: + description: CommandOverrider represents the rules dedicated to + handling container command + items: + description: CommandArgsOverrider represents the rules dedicated + to handling command/args overrides. + properties: + containerName: + description: The name of container + type: string + operator: + description: Operator represents the operator which will + apply on the command/args. + enum: + - add + - remove + type: string + value: + description: Value to be applied to command/args. Items + in Value which will be appended after command/args when + Operator is 'add'. Items in Value which match in command/args + will be deleted when Operator is 'remove'. If Value is + empty, then the command/args will remain the same. + items: + type: string + type: array + required: + - containerName + - operator + type: object + type: array + imageOverrider: + description: ImageOverrider represents the rules dedicated to + handling image overrides. + items: + description: ImageOverrider represents the rules dedicated to + handling image overrides. + properties: + component: + description: 'Component is part of image name. Basically + we presume an image can be made of ''[registry/]repository[:tag]''. + The registry could be: - k8s.gcr.io - fictional.registry.example:10443 + The repository could be: - kube-apiserver - fictional/nginx + The tag cloud be: - latest - v1.19.1 - @sha256:dbcc1c35ac38df41fd2f5e4130b32ffdb93ebae8b3dbe638c23575912276fc9c' + enum: + - Registry + - Repository + - Tag + type: string + operator: + description: Operator represents the operator which will + apply on the image. + enum: + - add + - remove + - replace + type: string + predicate: + description: "Predicate filters images before applying the + rule. \n Defaults to nil, in that case, the system will + automatically detect image fields if the resource type + is Pod, ReplicaSet, Deployment or StatefulSet by following + rule: - Pod: spec/containers//image - ReplicaSet: + spec/template/spec/containers//image - Deployment: + spec/template/spec/containers//image - StatefulSet: + spec/template/spec/containers//image In addition, all + images will be processed if the resource object has more + than one containers. \n If not nil, only images matches + the filters will be processed." + properties: + path: + description: Path indicates the path of target field + type: string + required: + - path + type: object + value: + description: Value to be applied to image. Must not be empty + when operator is 'add' or 'replace'. Defaults to empty + and ignored when operator is 'remove'. + type: string + required: + - component + - operator + type: object + type: array + plaintext: + description: Plaintext represents override rules defined with + plaintext overriders. + items: + description: PlaintextOverrider is a simple overrider that overrides + target fields according to path, operator and value. + properties: + operator: + description: 'Operator indicates the operation on target + field. Available operators are: add, update and remove.' + enum: + - add + - remove + - replace + type: string + path: + description: Path indicates the path of target field + type: string + value: + description: Value to be applied to target field. Must be + empty when operator is Remove. + x-kubernetes-preserve-unknown-fields: true + required: + - operator + - path + type: object + type: array + type: object + resourceSelectors: + description: ResourceSelectors restricts resource types that this + override policy applies to. nil means matching all resources. + items: + description: ResourceSelector the resources will be selected. + properties: + apiVersion: + description: APIVersion represents the API version of the target + resources. + type: string + kind: + description: Kind represents the Kind of the target resources. + type: string + labelSelector: + description: A label query over a set of resources. If name + is not empty, labelSelector will be ignored. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + name: + description: Name of the target resource. Default is empty, + which means selecting all resources. + type: string + namespace: + description: Namespace of the target resource. Default is empty, + which means inherit from the parent object scope. + type: string + required: + - apiVersion + - kind + type: object + type: array + targetCluster: + description: TargetCluster defines restrictions on this override policy + that only applies to resources propagated to the matching clusters. + nil means matching all clusters. + properties: + clusterNames: + description: ClusterNames is the list of clusters to be selected. + items: + type: string + type: array + exclude: + description: ExcludedClusters is the list of clusters to be ignored. + items: + type: string + type: array + fieldSelector: + description: FieldSelector is a filter to select member clusters + by fields. If non-nil and non-empty, only the clusters match + this filter will be selected. + properties: + matchExpressions: + description: A list of field selector requirements. + items: + description: A node selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: Represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. If the operator is Gt or Lt, + the values array must have a single element, which + will be interpreted as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + labelSelector: + description: LabelSelector is a filter to select member clusters + by labels. If non-nil and non-empty, only the clusters match + this filter will be selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + type: object + required: + - overriders + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/_crds/policy.karmada.io_clusterpropagationpolicies.yaml b/charts/_crds/policy.karmada.io_clusterpropagationpolicies.yaml new file mode 100644 index 000000000..faafbc112 --- /dev/null +++ b/charts/_crds/policy.karmada.io_clusterpropagationpolicies.yaml @@ -0,0 +1,512 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: clusterpropagationpolicies.policy.karmada.io +spec: + group: policy.karmada.io + names: + kind: ClusterPropagationPolicy + listKind: ClusterPropagationPolicyList + plural: clusterpropagationpolicies + shortNames: + - cpp + singular: clusterpropagationpolicy + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'ClusterPropagationPolicy represents the cluster-wide policy + that propagates a group of resources to one or more clusters. Different + with PropagationPolicy that could only propagate resources in its own namespace, + ClusterPropagationPolicy is able to propagate cluster level resources and + resources in any namespace other than system reserved ones. System reserved + namespaces are: karmada-system, karmada-cluster, karmada-es-*.' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec represents the desired behavior of ClusterPropagationPolicy. + properties: + association: + description: Association tells if relevant resources should be selected + automatically. e.g. a ConfigMap referred by a Deployment. default + false. + type: boolean + dependentOverrides: + description: "DependentOverrides represents the list of overrides(OverridePolicy) + which must present before the current PropagationPolicy takes effect. + \n It used to explicitly specify overrides which current PropagationPolicy + rely on. A typical scenario is the users create OverridePolicy(ies) + and resources at the same time, they want to ensure the new-created + policies would be adopted. \n Note: For the overrides, OverridePolicy(ies) + in current namespace and ClusterOverridePolicy(ies), which not present + in this list will still be applied if they matches the resources." + items: + type: string + type: array + placement: + description: Placement represents the rule for select clusters to + propagate resources. + properties: + clusterAffinity: + description: ClusterAffinity represents scheduling restrictions + to a certain set of clusters. If not set, any cluster can be + scheduling candidate. + properties: + clusterNames: + description: ClusterNames is the list of clusters to be selected. + items: + type: string + type: array + exclude: + description: ExcludedClusters is the list of clusters to be + ignored. + items: + type: string + type: array + fieldSelector: + description: FieldSelector is a filter to select member clusters + by fields. If non-nil and non-empty, only the clusters match + this filter will be selected. + properties: + matchExpressions: + description: A list of field selector requirements. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: Represents a key's relationship to + a set of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the + values array must be empty. If the operator is + Gt or Lt, the values array must have a single + element, which will be interpreted as an integer. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + labelSelector: + description: LabelSelector is a filter to select member clusters + by labels. If non-nil and non-empty, only the clusters match + this filter will be selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: object + clusterTolerations: + description: ClusterTolerations represents the tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + replicaScheduling: + description: ReplicaScheduling represents the scheduling policy + on dealing with the number of replicas when propagating resources + that have replicas in spec (e.g. deployments, statefulsets) + to member clusters. + properties: + replicaDivisionPreference: + description: ReplicaDivisionPreference determines how the + replicas is divided when ReplicaSchedulingType is "Divided". + Valid options are Aggregated and Weighted. "Aggregated" + divides replicas into clusters as few as possible, while + respecting clusters' resource availabilities during the + division. "Weighted" divides replicas by weight according + to WeightPreference. + enum: + - Aggregated + - Weighted + type: string + replicaSchedulingType: + description: ReplicaSchedulingType determines how the replicas + is scheduled when karmada propagating a resource. Valid + options are Duplicated and Divided. "Duplicated" duplicates + the same replicas to each candidate member cluster from + resource. "Divided" divides replicas into parts according + to number of valid candidate member clusters, and exact + replicas for each cluster are determined by ReplicaDivisionPreference. + enum: + - Duplicated + - Divided + type: string + weightPreference: + description: WeightPreference describes weight for each cluster + or for each group of cluster If ReplicaDivisionPreference + is set to "Weighted", and WeightPreference is not set, scheduler + will weight all clusters the same. + properties: + staticWeightList: + description: StaticWeightList defines the static cluster + weight. + items: + description: StaticClusterWeight defines the static + cluster weight. + properties: + targetCluster: + description: TargetCluster describes the filter + to select clusters. + properties: + clusterNames: + description: ClusterNames is the list of clusters + to be selected. + items: + type: string + type: array + exclude: + description: ExcludedClusters is the list of + clusters to be ignored. + items: + type: string + type: array + fieldSelector: + description: FieldSelector is a filter to select + member clusters by fields. If non-nil and + non-empty, only the clusters match this filter + will be selected. + properties: + matchExpressions: + description: A list of field selector requirements. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + labelSelector: + description: LabelSelector is a filter to select + member clusters by labels. If non-nil and + non-empty, only the clusters match this filter + will be selected. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: object + weight: + description: Weight expressing the preference to + the cluster(s) specified by 'TargetCluster'. + format: int64 + minimum: 1 + type: integer + required: + - targetCluster + - weight + type: object + type: array + required: + - staticWeightList + type: object + type: object + spreadConstraints: + description: SpreadConstraints represents a list of the scheduling + constraints. + items: + description: SpreadConstraint represents the spread constraints + on resources. + properties: + maxGroups: + description: MaxGroups restricts the maximum number of cluster + groups to be selected. + type: integer + minGroups: + description: MinGroups restricts the minimum number of cluster + groups to be selected. Defaults to 1. + type: integer + spreadByField: + description: 'SpreadByField represents the fields on Karmada + cluster API used for dynamically grouping member clusters + into different groups. Resources will be spread among + different cluster groups. Available fields for spreading + are: cluster, region, zone, and provider. SpreadByField + should not co-exist with SpreadByLabel. If both SpreadByField + and SpreadByLabel are empty, SpreadByField will be set + to "cluster" by system.' + enum: + - cluster + - region + - zone + - provider + type: string + spreadByLabel: + description: SpreadByLabel represents the label key used + for grouping member clusters into different groups. Resources + will be spread among different cluster groups. SpreadByLabel + should not co-exist with SpreadByField. + type: string + type: object + type: array + type: object + resourceSelectors: + description: ResourceSelectors used to select resources. + items: + description: ResourceSelector the resources will be selected. + properties: + apiVersion: + description: APIVersion represents the API version of the target + resources. + type: string + kind: + description: Kind represents the Kind of the target resources. + type: string + labelSelector: + description: A label query over a set of resources. If name + is not empty, labelSelector will be ignored. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + name: + description: Name of the target resource. Default is empty, + which means selecting all resources. + type: string + namespace: + description: Namespace of the target resource. Default is empty, + which means inherit from the parent object scope. + type: string + required: + - apiVersion + - kind + type: object + type: array + schedulerName: + description: SchedulerName represents which scheduler to proceed the + scheduling. If specified, the policy will be dispatched by specified + scheduler. If not specified, the policy will be dispatched by default + scheduler. + type: string + required: + - resourceSelectors + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/_crds/policy.karmada.io_overridepolicies.yaml b/charts/_crds/policy.karmada.io_overridepolicies.yaml new file mode 100644 index 000000000..739441fef --- /dev/null +++ b/charts/_crds/policy.karmada.io_overridepolicies.yaml @@ -0,0 +1,375 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: overridepolicies.policy.karmada.io +spec: + group: policy.karmada.io + names: + kind: OverridePolicy + listKind: OverridePolicyList + plural: overridepolicies + shortNames: + - op + singular: overridepolicy + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OverridePolicy represents the policy that overrides a group of + resources to one or more clusters. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec represents the desired behavior of OverridePolicy. + properties: + overriders: + description: Overriders represents the override rules that would apply + on resources + properties: + argsOverrider: + description: ArgsOverrider represents the rules dedicated to handling + container args + items: + description: CommandArgsOverrider represents the rules dedicated + to handling command/args overrides. + properties: + containerName: + description: The name of container + type: string + operator: + description: Operator represents the operator which will + apply on the command/args. + enum: + - add + - remove + type: string + value: + description: Value to be applied to command/args. Items + in Value which will be appended after command/args when + Operator is 'add'. Items in Value which match in command/args + will be deleted when Operator is 'remove'. If Value is + empty, then the command/args will remain the same. + items: + type: string + type: array + required: + - containerName + - operator + type: object + type: array + commandOverrider: + description: CommandOverrider represents the rules dedicated to + handling container command + items: + description: CommandArgsOverrider represents the rules dedicated + to handling command/args overrides. + properties: + containerName: + description: The name of container + type: string + operator: + description: Operator represents the operator which will + apply on the command/args. + enum: + - add + - remove + type: string + value: + description: Value to be applied to command/args. Items + in Value which will be appended after command/args when + Operator is 'add'. Items in Value which match in command/args + will be deleted when Operator is 'remove'. If Value is + empty, then the command/args will remain the same. + items: + type: string + type: array + required: + - containerName + - operator + type: object + type: array + imageOverrider: + description: ImageOverrider represents the rules dedicated to + handling image overrides. + items: + description: ImageOverrider represents the rules dedicated to + handling image overrides. + properties: + component: + description: 'Component is part of image name. Basically + we presume an image can be made of ''[registry/]repository[:tag]''. + The registry could be: - k8s.gcr.io - fictional.registry.example:10443 + The repository could be: - kube-apiserver - fictional/nginx + The tag cloud be: - latest - v1.19.1 - @sha256:dbcc1c35ac38df41fd2f5e4130b32ffdb93ebae8b3dbe638c23575912276fc9c' + enum: + - Registry + - Repository + - Tag + type: string + operator: + description: Operator represents the operator which will + apply on the image. + enum: + - add + - remove + - replace + type: string + predicate: + description: "Predicate filters images before applying the + rule. \n Defaults to nil, in that case, the system will + automatically detect image fields if the resource type + is Pod, ReplicaSet, Deployment or StatefulSet by following + rule: - Pod: spec/containers//image - ReplicaSet: + spec/template/spec/containers//image - Deployment: + spec/template/spec/containers//image - StatefulSet: + spec/template/spec/containers//image In addition, all + images will be processed if the resource object has more + than one containers. \n If not nil, only images matches + the filters will be processed." + properties: + path: + description: Path indicates the path of target field + type: string + required: + - path + type: object + value: + description: Value to be applied to image. Must not be empty + when operator is 'add' or 'replace'. Defaults to empty + and ignored when operator is 'remove'. + type: string + required: + - component + - operator + type: object + type: array + plaintext: + description: Plaintext represents override rules defined with + plaintext overriders. + items: + description: PlaintextOverrider is a simple overrider that overrides + target fields according to path, operator and value. + properties: + operator: + description: 'Operator indicates the operation on target + field. Available operators are: add, update and remove.' + enum: + - add + - remove + - replace + type: string + path: + description: Path indicates the path of target field + type: string + value: + description: Value to be applied to target field. Must be + empty when operator is Remove. + x-kubernetes-preserve-unknown-fields: true + required: + - operator + - path + type: object + type: array + type: object + resourceSelectors: + description: ResourceSelectors restricts resource types that this + override policy applies to. nil means matching all resources. + items: + description: ResourceSelector the resources will be selected. + properties: + apiVersion: + description: APIVersion represents the API version of the target + resources. + type: string + kind: + description: Kind represents the Kind of the target resources. + type: string + labelSelector: + description: A label query over a set of resources. If name + is not empty, labelSelector will be ignored. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + name: + description: Name of the target resource. Default is empty, + which means selecting all resources. + type: string + namespace: + description: Namespace of the target resource. Default is empty, + which means inherit from the parent object scope. + type: string + required: + - apiVersion + - kind + type: object + type: array + targetCluster: + description: TargetCluster defines restrictions on this override policy + that only applies to resources propagated to the matching clusters. + nil means matching all clusters. + properties: + clusterNames: + description: ClusterNames is the list of clusters to be selected. + items: + type: string + type: array + exclude: + description: ExcludedClusters is the list of clusters to be ignored. + items: + type: string + type: array + fieldSelector: + description: FieldSelector is a filter to select member clusters + by fields. If non-nil and non-empty, only the clusters match + this filter will be selected. + properties: + matchExpressions: + description: A list of field selector requirements. + items: + description: A node selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: Represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. If the operator is Gt or Lt, + the values array must have a single element, which + will be interpreted as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + labelSelector: + description: LabelSelector is a filter to select member clusters + by labels. If non-nil and non-empty, only the clusters match + this filter will be selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + type: object + required: + - overriders + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/_crds/policy.karmada.io_propagationpolicies.yaml b/charts/_crds/policy.karmada.io_propagationpolicies.yaml new file mode 100644 index 000000000..c98702b3e --- /dev/null +++ b/charts/_crds/policy.karmada.io_propagationpolicies.yaml @@ -0,0 +1,508 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: propagationpolicies.policy.karmada.io +spec: + group: policy.karmada.io + names: + kind: PropagationPolicy + listKind: PropagationPolicyList + plural: propagationpolicies + shortNames: + - pp + singular: propagationpolicy + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: PropagationPolicy represents the policy that propagates a group + of resources to one or more clusters. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec represents the desired behavior of PropagationPolicy. + properties: + association: + description: Association tells if relevant resources should be selected + automatically. e.g. a ConfigMap referred by a Deployment. default + false. + type: boolean + dependentOverrides: + description: "DependentOverrides represents the list of overrides(OverridePolicy) + which must present before the current PropagationPolicy takes effect. + \n It used to explicitly specify overrides which current PropagationPolicy + rely on. A typical scenario is the users create OverridePolicy(ies) + and resources at the same time, they want to ensure the new-created + policies would be adopted. \n Note: For the overrides, OverridePolicy(ies) + in current namespace and ClusterOverridePolicy(ies), which not present + in this list will still be applied if they matches the resources." + items: + type: string + type: array + placement: + description: Placement represents the rule for select clusters to + propagate resources. + properties: + clusterAffinity: + description: ClusterAffinity represents scheduling restrictions + to a certain set of clusters. If not set, any cluster can be + scheduling candidate. + properties: + clusterNames: + description: ClusterNames is the list of clusters to be selected. + items: + type: string + type: array + exclude: + description: ExcludedClusters is the list of clusters to be + ignored. + items: + type: string + type: array + fieldSelector: + description: FieldSelector is a filter to select member clusters + by fields. If non-nil and non-empty, only the clusters match + this filter will be selected. + properties: + matchExpressions: + description: A list of field selector requirements. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: Represents a key's relationship to + a set of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the + values array must be empty. If the operator is + Gt or Lt, the values array must have a single + element, which will be interpreted as an integer. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + labelSelector: + description: LabelSelector is a filter to select member clusters + by labels. If non-nil and non-empty, only the clusters match + this filter will be selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: object + clusterTolerations: + description: ClusterTolerations represents the tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + replicaScheduling: + description: ReplicaScheduling represents the scheduling policy + on dealing with the number of replicas when propagating resources + that have replicas in spec (e.g. deployments, statefulsets) + to member clusters. + properties: + replicaDivisionPreference: + description: ReplicaDivisionPreference determines how the + replicas is divided when ReplicaSchedulingType is "Divided". + Valid options are Aggregated and Weighted. "Aggregated" + divides replicas into clusters as few as possible, while + respecting clusters' resource availabilities during the + division. "Weighted" divides replicas by weight according + to WeightPreference. + enum: + - Aggregated + - Weighted + type: string + replicaSchedulingType: + description: ReplicaSchedulingType determines how the replicas + is scheduled when karmada propagating a resource. Valid + options are Duplicated and Divided. "Duplicated" duplicates + the same replicas to each candidate member cluster from + resource. "Divided" divides replicas into parts according + to number of valid candidate member clusters, and exact + replicas for each cluster are determined by ReplicaDivisionPreference. + enum: + - Duplicated + - Divided + type: string + weightPreference: + description: WeightPreference describes weight for each cluster + or for each group of cluster If ReplicaDivisionPreference + is set to "Weighted", and WeightPreference is not set, scheduler + will weight all clusters the same. + properties: + staticWeightList: + description: StaticWeightList defines the static cluster + weight. + items: + description: StaticClusterWeight defines the static + cluster weight. + properties: + targetCluster: + description: TargetCluster describes the filter + to select clusters. + properties: + clusterNames: + description: ClusterNames is the list of clusters + to be selected. + items: + type: string + type: array + exclude: + description: ExcludedClusters is the list of + clusters to be ignored. + items: + type: string + type: array + fieldSelector: + description: FieldSelector is a filter to select + member clusters by fields. If non-nil and + non-empty, only the clusters match this filter + will be selected. + properties: + matchExpressions: + description: A list of field selector requirements. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + labelSelector: + description: LabelSelector is a filter to select + member clusters by labels. If non-nil and + non-empty, only the clusters match this filter + will be selected. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: object + weight: + description: Weight expressing the preference to + the cluster(s) specified by 'TargetCluster'. + format: int64 + minimum: 1 + type: integer + required: + - targetCluster + - weight + type: object + type: array + required: + - staticWeightList + type: object + type: object + spreadConstraints: + description: SpreadConstraints represents a list of the scheduling + constraints. + items: + description: SpreadConstraint represents the spread constraints + on resources. + properties: + maxGroups: + description: MaxGroups restricts the maximum number of cluster + groups to be selected. + type: integer + minGroups: + description: MinGroups restricts the minimum number of cluster + groups to be selected. Defaults to 1. + type: integer + spreadByField: + description: 'SpreadByField represents the fields on Karmada + cluster API used for dynamically grouping member clusters + into different groups. Resources will be spread among + different cluster groups. Available fields for spreading + are: cluster, region, zone, and provider. SpreadByField + should not co-exist with SpreadByLabel. If both SpreadByField + and SpreadByLabel are empty, SpreadByField will be set + to "cluster" by system.' + enum: + - cluster + - region + - zone + - provider + type: string + spreadByLabel: + description: SpreadByLabel represents the label key used + for grouping member clusters into different groups. Resources + will be spread among different cluster groups. SpreadByLabel + should not co-exist with SpreadByField. + type: string + type: object + type: array + type: object + resourceSelectors: + description: ResourceSelectors used to select resources. + items: + description: ResourceSelector the resources will be selected. + properties: + apiVersion: + description: APIVersion represents the API version of the target + resources. + type: string + kind: + description: Kind represents the Kind of the target resources. + type: string + labelSelector: + description: A label query over a set of resources. If name + is not empty, labelSelector will be ignored. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + name: + description: Name of the target resource. Default is empty, + which means selecting all resources. + type: string + namespace: + description: Namespace of the target resource. Default is empty, + which means inherit from the parent object scope. + type: string + required: + - apiVersion + - kind + type: object + type: array + schedulerName: + description: SchedulerName represents which scheduler to proceed the + scheduling. If specified, the policy will be dispatched by specified + scheduler. If not specified, the policy will be dispatched by default + scheduler. + type: string + required: + - resourceSelectors + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/_crds/policy.karmada.io_replicaschedulingpolicies.yaml b/charts/_crds/policy.karmada.io_replicaschedulingpolicies.yaml new file mode 100644 index 000000000..69f4844cb --- /dev/null +++ b/charts/_crds/policy.karmada.io_replicaschedulingpolicies.yaml @@ -0,0 +1,263 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: replicaschedulingpolicies.policy.karmada.io +spec: + group: policy.karmada.io + names: + kind: ReplicaSchedulingPolicy + listKind: ReplicaSchedulingPolicyList + plural: replicaschedulingpolicies + shortNames: + - rsp + singular: replicaschedulingpolicy + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ReplicaSchedulingPolicy represents the policy that propagates + total number of replicas for deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec represents the desired behavior of ReplicaSchedulingPolicy. + properties: + preferences: + description: Preferences describes weight for each cluster or for + each group of cluster. + properties: + staticWeightList: + description: StaticWeightList defines the static cluster weight. + items: + description: StaticClusterWeight defines the static cluster + weight. + properties: + targetCluster: + description: TargetCluster describes the filter to select + clusters. + properties: + clusterNames: + description: ClusterNames is the list of clusters to + be selected. + items: + type: string + type: array + exclude: + description: ExcludedClusters is the list of clusters + to be ignored. + items: + type: string + type: array + fieldSelector: + description: FieldSelector is a filter to select member + clusters by fields. If non-nil and non-empty, only + the clusters match this filter will be selected. + properties: + matchExpressions: + description: A list of field selector requirements. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + labelSelector: + description: LabelSelector is a filter to select member + clusters by labels. If non-nil and non-empty, only + the clusters match this filter will be selected. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + type: object + weight: + description: Weight expressing the preference to the cluster(s) + specified by 'TargetCluster'. + format: int64 + minimum: 1 + type: integer + required: + - targetCluster + - weight + type: object + type: array + required: + - staticWeightList + type: object + resourceSelectors: + description: ResourceSelectors used to select resources. + items: + description: ResourceSelector the resources will be selected. + properties: + apiVersion: + description: APIVersion represents the API version of the target + resources. + type: string + kind: + description: Kind represents the Kind of the target resources. + type: string + labelSelector: + description: A label query over a set of resources. If name + is not empty, labelSelector will be ignored. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + name: + description: Name of the target resource. Default is empty, + which means selecting all resources. + type: string + namespace: + description: Namespace of the target resource. Default is empty, + which means inherit from the parent object scope. + type: string + required: + - apiVersion + - kind + type: object + type: array + totalReplicas: + description: TotalReplicas represents the total number of replicas + across member clusters. The replicas(spec.replicas) specified for + deployment template will be discarded. + format: int32 + type: integer + required: + - preferences + - resourceSelectors + - totalReplicas + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/_crds/work.karmada.io_clusterresourcebindings.yaml b/charts/_crds/work.karmada.io_clusterresourcebindings.yaml new file mode 100644 index 000000000..a914735ec --- /dev/null +++ b/charts/_crds/work.karmada.io_clusterresourcebindings.yaml @@ -0,0 +1,375 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: clusterresourcebindings.work.karmada.io +spec: + group: work.karmada.io + names: + kind: ClusterResourceBinding + listKind: ClusterResourceBindingList + plural: clusterresourcebindings + shortNames: + - crb + singular: clusterresourcebinding + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterResourceBinding represents a binding of a kubernetes resource + with a ClusterPropagationPolicy. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec represents the desired behavior. + properties: + clusters: + description: Clusters represents target member clusters where the + resource to be deployed. + items: + description: TargetCluster represents the identifier of a member + cluster. + properties: + name: + description: Name of target cluster. + type: string + replicas: + description: Replicas in target cluster + format: int32 + type: integer + required: + - name + type: object + type: array + replicaRequirements: + description: ReplicaRequirements represents the requirements required + by each replica. + properties: + nodeClaim: + description: NodeClaim represents the node claim HardNodeAffinity, + NodeSelector and Tolerations required by each replica. + properties: + hardNodeAffinity: + description: A node selector represents the union of the results + of one or more label queries over a set of nodes; that is, + it represents the OR of the selectors represented by the + node selector terms. Note that only PodSpec.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution + is included here because it has a hard limit on pod scheduling. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector is a selector which must be true + for the pod to fit on a node. Selector which must match + a node's labels for the pod to be scheduled on that node. + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + resourceRequest: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: ResourceRequest represents the resources required + by each replica. + type: object + type: object + replicas: + description: Replicas represents the replica number of the referencing + resource. + format: int32 + type: integer + resource: + description: Resource represents the Kubernetes resource to be propagated. + properties: + apiVersion: + description: APIVersion represents the API version of the referent. + type: string + kind: + description: Kind represents the Kind of the referent. + type: string + name: + description: Name represents the name of the referent. + type: string + namespace: + description: Namespace represents the namespace for the referent. + For non-namespace scoped resources(e.g. 'ClusterRole'),do not + need specify Namespace, and for namespace scoped resources, + Namespace is required. If Namespace is not specified, means + the resource is non-namespace scoped. + type: string + resourceVersion: + description: ResourceVersion represents the internal version of + the referenced object, that can be used by clients to determine + when object has changed. + type: string + required: + - apiVersion + - kind + - name + type: object + required: + - resource + type: object + status: + description: Status represents the most recently observed status of the + ResourceBinding. + properties: + aggregatedStatus: + description: AggregatedStatus represents status list of the resource + running in each member cluster. + items: + description: AggregatedStatusItem represents status of the resource + running in a member cluster. + properties: + applied: + description: Applied represents if the resource referencing + by ResourceBinding or ClusterResourceBinding is successfully + applied on the cluster. + type: boolean + appliedMessage: + description: AppliedMessage is a human readable message indicating + details about the applied status. This is usually holds the + error message in case of apply failed. + type: string + clusterName: + description: ClusterName represents the member cluster name + which the resource deployed on. + type: string + status: + description: Status reflects running status of current manifest. + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - clusterName + type: object + type: array + conditions: + description: Conditions contain the different condition statuses. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/_crds/work.karmada.io_resourcebindings.yaml b/charts/_crds/work.karmada.io_resourcebindings.yaml new file mode 100644 index 000000000..1902dc401 --- /dev/null +++ b/charts/_crds/work.karmada.io_resourcebindings.yaml @@ -0,0 +1,375 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: resourcebindings.work.karmada.io +spec: + group: work.karmada.io + names: + kind: ResourceBinding + listKind: ResourceBindingList + plural: resourcebindings + shortNames: + - rb + singular: resourcebinding + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ResourceBinding represents a binding of a kubernetes resource + with a propagation policy. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec represents the desired behavior. + properties: + clusters: + description: Clusters represents target member clusters where the + resource to be deployed. + items: + description: TargetCluster represents the identifier of a member + cluster. + properties: + name: + description: Name of target cluster. + type: string + replicas: + description: Replicas in target cluster + format: int32 + type: integer + required: + - name + type: object + type: array + replicaRequirements: + description: ReplicaRequirements represents the requirements required + by each replica. + properties: + nodeClaim: + description: NodeClaim represents the node claim HardNodeAffinity, + NodeSelector and Tolerations required by each replica. + properties: + hardNodeAffinity: + description: A node selector represents the union of the results + of one or more label queries over a set of nodes; that is, + it represents the OR of the selectors represented by the + node selector terms. Note that only PodSpec.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution + is included here because it has a hard limit on pod scheduling. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector is a selector which must be true + for the pod to fit on a node. Selector which must match + a node's labels for the pod to be scheduled on that node. + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + resourceRequest: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: ResourceRequest represents the resources required + by each replica. + type: object + type: object + replicas: + description: Replicas represents the replica number of the referencing + resource. + format: int32 + type: integer + resource: + description: Resource represents the Kubernetes resource to be propagated. + properties: + apiVersion: + description: APIVersion represents the API version of the referent. + type: string + kind: + description: Kind represents the Kind of the referent. + type: string + name: + description: Name represents the name of the referent. + type: string + namespace: + description: Namespace represents the namespace for the referent. + For non-namespace scoped resources(e.g. 'ClusterRole'),do not + need specify Namespace, and for namespace scoped resources, + Namespace is required. If Namespace is not specified, means + the resource is non-namespace scoped. + type: string + resourceVersion: + description: ResourceVersion represents the internal version of + the referenced object, that can be used by clients to determine + when object has changed. + type: string + required: + - apiVersion + - kind + - name + type: object + required: + - resource + type: object + status: + description: Status represents the most recently observed status of the + ResourceBinding. + properties: + aggregatedStatus: + description: AggregatedStatus represents status list of the resource + running in each member cluster. + items: + description: AggregatedStatusItem represents status of the resource + running in a member cluster. + properties: + applied: + description: Applied represents if the resource referencing + by ResourceBinding or ClusterResourceBinding is successfully + applied on the cluster. + type: boolean + appliedMessage: + description: AppliedMessage is a human readable message indicating + details about the applied status. This is usually holds the + error message in case of apply failed. + type: string + clusterName: + description: ClusterName represents the member cluster name + which the resource deployed on. + type: string + status: + description: Status reflects running status of current manifest. + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - clusterName + type: object + type: array + conditions: + description: Conditions contain the different condition statuses. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/_crds/work.karmada.io_works.yaml b/charts/_crds/work.karmada.io_works.yaml new file mode 100644 index 000000000..6d09ee1f3 --- /dev/null +++ b/charts/_crds/work.karmada.io_works.yaml @@ -0,0 +1,197 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: works.work.karmada.io +spec: + group: work.karmada.io + names: + kind: Work + listKind: WorkList + plural: works + singular: work + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Work defines a list of resources to be deployed on the member + cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec represents the desired behavior of Work. + properties: + workload: + description: Workload represents the manifest workload to be deployed + on managed cluster. + properties: + manifests: + description: Manifests represents a list of Kubernetes resources + to be deployed on the managed cluster. + items: + description: Manifest represents a resource to be deployed on + managed cluster. + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + status: + description: Status represents the status of PropagationStatus. + properties: + conditions: + description: 'Conditions contain the different condition statuses + for this work. Valid condition types are: 1. Applied represents + workload in Work is applied successfully on a managed cluster. 2. + Progressing represents workload in Work is being applied on a managed + cluster. 3. Available represents workload in Work exists on the + managed cluster. 4. Degraded represents the current state of workload + does not match the desired state for a certain period.' + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + manifestStatuses: + description: ManifestStatuses contains running status of manifests + in spec. + items: + description: ManifestStatus contains running status of a specific + manifest in spec. + properties: + identifier: + description: Identifier represents the identity of a resource + linking to manifests in spec. + properties: + group: + description: Group is the group of the resource. + type: string + kind: + description: Kind is the kind of the resource. + type: string + name: + description: Name is the name of the resource + type: string + namespace: + description: Namespace is the namespace of the resource, + the resource is cluster scoped if the value is empty + type: string + ordinal: + description: Ordinal represents an index in manifests list, + so the condition can still be linked to a manifest even + though manifest cannot be parsed successfully. + type: integer + resource: + description: Resource is the resource type of the resource + type: string + version: + description: Version is the version of the resource. + type: string + required: + - kind + - name + - ordinal + - resource + - version + type: object + status: + description: Status reflects running status of current manifest. + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - identifier + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/templates/_helpers.tpl b/charts/templates/_helpers.tpl new file mode 100644 index 000000000..a76c35763 --- /dev/null +++ b/charts/templates/_helpers.tpl @@ -0,0 +1,151 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "karmada.name" -}} +{{- default .Release.Name -}} +{{- end -}} + +{{- define "karmada.namespace" -}} +{{- default .Release.Namespace -}} +{{- end -}} + +{{- define "karmada.apiserver.labels" -}} +{{- if .Values.apiServer.labels }} +{{- range $key, $value := .Values.apiServer.labels}} +{{ $key }}: {{ $value }} +{{- end}} +{{- else}} +app: {{- include "karmada.name" .}}-apiserver +{{- end }} +{{- end -}} + +{{- define "karmada.apiserver.podLabels" -}} +{{- if .Values.apiServer.podLabels }} +{{- range $key, $value := .Values.apiServer.podLabels}} +{{ $key }}: {{ $value }} +{{- end}} +{{- end }} +{{- end -}} + +{{- define "karmada.kube-cm.labels" -}} +{{- if .Values.kubeControllerManager.labels }} +{{- range $key, $value := .Values.kubeControllerManager.labels}} +{{ $key }}: {{ $value }} +{{- end}} +{{- else}} +app: {{- include "karmada.name" .}}-kube-controller-manager +{{- end }} +{{- end -}} + +{{- define "karmada.kube-cm.podLabels" -}} +{{- if .Values.kubeControllerManager.podLabels }} +{{- range $key, $value := .Values.kubeControllerManager.podLabels}} +{{ $key }}: {{ $value }} +{{- end}} +{{- end }} +{{- end -}} + +{{- define "karmada.kubeconfig.volume" -}} +{{- $name := include "karmada.name" . -}} +- name: kubeconfig-secret + secret: + secretName: {{ $name }}-kubeconfig +{{- end -}} + +{{- define "karmada.kubeconfig.volumeMount" -}} +{{- $name := include "karmada.name" . -}} +- name: kubeconfig-secret + subPath: kubeconfig + mountPath: /etc/kubeconfig +{{- end -}} + +{{- define "karmada.cm.labels" -}} +{{ $name := include "karmada.name" . }} +{{- if .Values.controllerManager.labels -}} +{{- range $key, $value := .Values.controllerManager.labels}} +{{ $key }}: {{ $value }} +{{- end -}} +{{- else -}} +app: {{$name}}-controller-manager +{{- end -}} +{{- end -}} + +{{- define "karmada.cm.podLabels" -}} +{{ $name := include "karmada.name" .}} +{{- if .Values.controllerManager.podLabels }} +{{- range $key, $value := .Values.controllerManager.podLabels}} +{{ $key }}: {{ $value }} +{{- end}} +{{- end }} +{{- end -}} + + +{{- define "karmada.scheduler.labels" -}} +{{ $name := include "karmada.name" . }} +{{- if .Values.scheduler.labels -}} +{{- range $key, $value := .Values.scheduler.labels}} +{{ $key }}: {{ $value }} +{{- end -}} +{{- else -}} +app: {{$name}}-scheduler +{{- end -}} +{{- end -}} + +{{- define "karmada.scheduler.podLabels" -}} +{{ $name := include "karmada.name" .}} +{{- if .Values.scheduler.podLabels }} +{{- range $key, $value := .Values.scheduler.podLabels}} +{{ $key }}: {{ $value }} +{{- end}} +{{- end }} +{{- end -}} + + +{{- define "karmada.webhook.labels" -}} +{{ $name := include "karmada.name" .}} +{{- if .Values.webhook.labels }} +{{- range $key, $value := .Values.webhook.labels}} +{{ $key }}: {{ $value }} +{{- end}} +{{- else}} +app: {{$name}}-webhook +{{- end }} +{{- end -}} + +{{- define "karmada.webhook.podLabels" -}} +{{ $name := include "karmada.name" .}} +{{- if .Values.webhook.podLabels }} +{{- range $key, $value := .Values.webhook.podLabels}} +{{ $key }}: {{ $value }} +{{- end}} +{{- end }} +{{- end -}} + + +{{- define "karmada.agent.labels" -}} +{{ $name := include "karmada.name" .}} +{{- if .Values.agent.labels }} +{{- range $key, $value := .Values.agent.labels}} +{{ $key }}: {{ $value }} +{{- end}} +{{- else}} +app: {{$name}} +{{- end }} +{{- end -}} + +{{- define "karmada.agent.podLabels" -}} +{{ $name := include "karmada.name" .}} +{{- if .Values.agent.podLabels }} +{{- range $key, $value := .Values.agent.podLabels }} +{{ $key }}: {{ $value }} +{{- end}} +{{- end }} +{{- end -}} + +{{- define "karmada.webhook.caBundle" -}} +{{- if eq .Values.certs.mode "auto" }} +caBundle: {{ print "{{ ca_crt }}" }} +{{- end }} +{{- if eq .Values.certs.mode "custom" }} +caBundle: {{ b64enc .Values.certs.custom.caCrt }} +{{- end }} +{{- end -}} diff --git a/charts/templates/_karmada_system_namespace.tpl b/charts/templates/_karmada_system_namespace.tpl new file mode 100644 index 000000000..ce91705c7 --- /dev/null +++ b/charts/templates/_karmada_system_namespace.tpl @@ -0,0 +1,12 @@ +{{- define "karmada.systemNamespace" -}} +--- +apiVersion: v1 +kind: Namespace +metadata: + name: karmada-system +--- +apiVersion: v1 +kind: Namespace +metadata: + name: karmada-cluster +{{- end -}} diff --git a/charts/templates/_karmada_webhook_configuration.tpl b/charts/templates/_karmada_webhook_configuration.tpl new file mode 100644 index 000000000..821e1c813 --- /dev/null +++ b/charts/templates/_karmada_webhook_configuration.tpl @@ -0,0 +1,118 @@ +{{- define "karmada.webhook.configuration" -}} +{{ $name := include "karmada.name" .}} +{{ $namespace := include "karmada.namespace" .}} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: mutating-config + labels: + app: mutating-config +webhooks: + - name: propagationpolicy.karmada.io + rules: + - operations: ["CREATE", "UPDATE"] + apiGroups: ["policy.karmada.io"] + apiVersions: ["*"] + resources: ["propagationpolicies"] + scope: "Namespaced" + clientConfig: + url: https://{{ $name }}-webhook.{{ $namespace }}.svc:443/mutate-propagationpolicy + {{- include "karmada.webhook.caBundle" . | nindent 6 }} + failurePolicy: Fail + sideEffects: None + admissionReviewVersions: ["v1"] + timeoutSeconds: 3 + - name: clusterpropagationpolicy.karmada.io + rules: + - operations: ["CREATE", "UPDATE"] + apiGroups: ["policy.karmada.io"] + apiVersions: ["*"] + resources: ["clusterpropagationpolicies"] + scope: "Cluster" + clientConfig: + url: https://{{ $name }}-webhook.{{ $namespace }}.svc:443/mutate-clusterpropagationpolicy + {{- include "karmada.webhook.caBundle" . | nindent 6 }} + failurePolicy: Fail + sideEffects: None + admissionReviewVersions: ["v1"] + timeoutSeconds: 3 + - name: overridepolicy.karmada.io + rules: + - operations: ["CREATE", "UPDATE"] + apiGroups: ["policy.karmada.io"] + apiVersions: ["*"] + resources: ["overridepolicies"] + scope: "Namespaced" + clientConfig: + url: https://{{ $name }}-webhook.{{ $namespace }}.svc:443/mutate-overridepolicy + {{- include "karmada.webhook.caBundle" . | nindent 6 }} + failurePolicy: Fail + sideEffects: None + admissionReviewVersions: ["v1"] + timeoutSeconds: 3 + - name: work.karmada.io + rules: + - operations: ["CREATE", "UPDATE"] + apiGroups: ["work.karmada.io"] + apiVersions: ["*"] + resources: ["works"] + scope: "Namespaced" + clientConfig: + url: https://{{ $name }}-webhook.{{ $namespace }}.svc:443/mutate-work + {{- include "karmada.webhook.caBundle" . | nindent 6 }} + failurePolicy: Fail + sideEffects: None + admissionReviewVersions: ["v1"] + timeoutSeconds: 3 +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validating-config + labels: + app: validating-config +webhooks: + - name: cluster.karmada.io + rules: + - operations: ["CREATE", "UPDATE"] + apiGroups: ["cluster.karmada.io"] + apiVersions: ["*"] + resources: ["clusters"] + scope: "Cluster" + clientConfig: + url: https://{{ $name }}-webhook.{{ $namespace }}.svc:443/validate-cluster + {{- include "karmada.webhook.caBundle" . | nindent 6 }} + failurePolicy: Fail + sideEffects: None + admissionReviewVersions: ["v1"] + timeoutSeconds: 3 + - name: propagationpolicy.karmada.io + rules: + - operations: ["CREATE", "UPDATE"] + apiGroups: ["policy.karmada.io"] + apiVersions: ["*"] + resources: ["propagationpolicies"] + scope: "Namespaced" + clientConfig: + url: https://{{ $name }}-webhook.{{ $namespace }}.svc:443/validate-propagationpolicy + {{- include "karmada.webhook.caBundle" . | nindent 6 }} + failurePolicy: Fail + sideEffects: None + admissionReviewVersions: ["v1"] + timeoutSeconds: 3 + - name: clusterpropagationpolicy.karmada.io + rules: + - operations: ["CREATE", "UPDATE"] + apiGroups: ["policy.karmada.io"] + apiVersions: ["*"] + resources: ["clusterpropagationpolicies"] + scope: "Cluster" + clientConfig: + url: https://{{ $name }}-webhook.{{ $namespace }}.svc:443/validate-clusterpropagationpolicy + {{- include "karmada.webhook.caBundle" . | nindent 6 }} + failurePolicy: Fail + sideEffects: None + admissionReviewVersions: ["v1"] + timeoutSeconds: 3 +{{- end -}} diff --git a/charts/templates/etcd.yaml b/charts/templates/etcd.yaml new file mode 100644 index 000000000..5f6092657 --- /dev/null +++ b/charts/templates/etcd.yaml @@ -0,0 +1,127 @@ +{{- if and (eq .Values.etcd.mode "internal") (eq .Values.installMode "host")}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: etcd + namespace: {{ include "karmada.namespace" . }} + labels: + app: etcd +spec: + replicas: {{ .Values.etcd.internal.replicaCount }} + serviceName: etcd + selector: + matchLabels: + app: etcd + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app: etcd + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - etcd + topologyKey: kubernetes.io/hostname + tolerations: + - operator: Exists + containers: + - name: etcd + image: "{{ .Values.etcd.internal.image.repository }}:{{ .Values.etcd.internal.image.tag | default "latest" }}" + imagePullPolicy: {{ .Values.etcd.internal.image.pullPolicy }} + livenessProbe: + exec: + command: + - /bin/sh + - -ec + - 'etcdctl get /registry --prefix --keys-only --endpoints https://127.0.0.1:2379 --cacert /etc/kubernetes/pki/etcd/server-ca.crt --cert /etc/kubernetes/pki/etcd/karmada.crt --key /etc/kubernetes/pki/etcd/karmada.key' + failureThreshold: 3 + initialDelaySeconds: 600 + periodSeconds: 60 + successThreshold: 1 + timeoutSeconds: 10 + ports: + - containerPort: 2369 + name: client + protocol: TCP + - containerPort: 2370 + name: server + protocol: TCP + volumeMounts: + - mountPath: /var/lib/etcd + name: etcd-data + - name: etcd-cert + mountPath: /etc/kubernetes/pki/etcd + readOnly: true + command: + - /usr/local/bin/etcd + - --name + - etcd0 + - --listen-peer-urls + - http://0.0.0.0:2380 + - --listen-client-urls + - https://0.0.0.0:2379 + - --advertise-client-urls + - https://etcd-client.{{ include "karmada.namespace" . }}.svc.{{ .Values.clusterDomain }}:2379 + - --initial-cluster + - etcd0=http://etcd-0.etcd.{{ include "karmada.namespace" . }}.svc.{{ .Values.clusterDomain }}:2380 + - --initial-cluster-state + - new + - --cert-file=/etc/kubernetes/pki/etcd/karmada.crt + - --client-cert-auth=true + - --key-file=/etc/kubernetes/pki/etcd/karmada.key + - --trusted-ca-file=/etc/kubernetes/pki/etcd/server-ca.crt + - --data-dir=/var/lib/etcd + volumes: + - name: etcd-cert + secret: + secretName: {{ include "karmada.name" . }}-cert + - hostPath: + path: /var/lib/karmada-etcd + type: DirectoryOrCreate + name: etcd-data +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: etcd + name: etcd-client + namespace: {{ include "karmada.namespace" . }} +spec: + ports: + - name: etcd-client-port + port: 2379 + protocol: TCP + targetPort: 2379 + selector: + app: etcd +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: etcd + name: etcd + namespace: {{ include "karmada.namespace" . }} +spec: + ports: + - name: client + port: 2379 + protocol: TCP + targetPort: 2379 + - name: server + port: 2380 + protocol: TCP + targetPort: 2380 + clusterIP: None + selector: + app: etcd + +{{- end }} diff --git a/charts/templates/karmada_agent.yaml b/charts/templates/karmada_agent.yaml new file mode 100644 index 000000000..9f4c2237a --- /dev/null +++ b/charts/templates/karmada_agent.yaml @@ -0,0 +1,117 @@ +{{- if eq .Values.installMode "agent" }} +{{- $name := include "karmada.name" . -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $name }} + namespace: {{ include "karmada.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ $name }} +rules: + - apiGroups: ['*'] + resources: ['*'] + verbs: ["get", "watch", "list", "create", "update", "delete"] + - nonResourceURLs: ['*'] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ $name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $name }} +subjects: + - kind: ServiceAccount + name: {{ $name }} + namespace: {{ include "karmada.namespace" . }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $name }}-kubeconfig + namespace: {{ include "karmada.namespace" . }} +stringData: + kubeconfig: |- + apiVersion: v1 + kind: Config + clusters: + - cluster: + certificate-authority-data: {{ b64enc .Values.agent.kubeconfig.caCrt }} + insecure-skip-tls-verify: false + server: {{ .Values.agent.kubeconfig.server }} + name: {{ $name }}-apiserver + users: + - user: + client-certificate-data: {{ b64enc .Values.agent.kubeconfig.crt }} + client-key-data: {{ b64enc .Values.agent.kubeconfig.key }} + name: {{ $name }}-apiserver + contexts: + - context: + cluster: {{ $name }}-apiserver + user: {{ $name }}-apiserver + name: {{ $name }}-apiserver + current-context: {{ $name }}-apiserver +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $name }} + namespace: {{ include "karmada.namespace" . }} + labels: + {{- include "karmada.agent.labels" . | indent 4}} +spec: + replicas: {{ .Values.agent.replicaCount }} + selector: + matchLabels: + {{- include "karmada.agent.labels" . | indent 6}} + template: + metadata: + {{- with .Values.agent.podAnnotations}} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "karmada.agent.labels" . | indent 8}} + {{- include "karmada.agent.podLabels" . | indent 8}} + spec: + {{- with .Values.agent.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.agent.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.agent.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.agent.tolerations}} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ $name }} + containers: + - name: {{ $name }} + image: {{ .Values.agent.image.repository}}:{{ .Values.agent.image.tag | default "latest" }} + imagePullPolicy: {{ .Values.agent.image.pullPolicy }} + command: + - /bin/karmada-agent + - --karmada-kubeconfig=/etc/kubeconfig/kubeconfig + - --cluster-name={{ .Values.agent.clusterName }} + - --cluster-status-update-frequency=10s + - --v=4 + volumeMounts: + - name: kubeconfig + mountPath: /etc/kubeconfig + volumes: + - name: kubeconfig + secret: + secretName: {{ $name }}-kubeconfig +{{- end }} diff --git a/charts/templates/karmada_apiserver.yaml b/charts/templates/karmada_apiserver.yaml new file mode 100644 index 000000000..181a76f83 --- /dev/null +++ b/charts/templates/karmada_apiserver.yaml @@ -0,0 +1,155 @@ +{{- if eq .Values.installMode "host" }} +{{- $name := include "karmada.name" . -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $name }}-apiserver + namespace: {{ include "karmada.namespace" . }} + labels: + {{- include "karmada.apiserver.labels" . | nindent 4}} +spec: + replicas: {{ .Values.apiServer.replicaCount }} + selector: + matchLabels: + {{- include "karmada.apiserver.labels" . | nindent 6}} + template: + metadata: + {{- with .Values.apiServer.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "karmada.apiserver.labels" . | nindent 8}} + {{- include "karmada.apiserver.podLabels" . | nindent 8}} + spec: + {{- with .Values.apiServer.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ $name }}-apiserver + image: "{{ .Values.apiServer.image.repository }}:{{ .Values.apiServer.image.tag | default "latest" }}" + imagePullPolicy: {{ .Values.apiServer.image.pullPolicy }} + command: + - kube-apiserver + - --allow-privileged=true + - --authorization-mode=Node,RBAC + - --client-ca-file=/etc/kubernetes/pki/server-ca.crt + - --enable-admission-plugins=NodeRestriction + - --enable-bootstrap-token-auth=true + {{- if eq .Values.etcd.mode "external" }} + - --etcd-cafile=/etc/etcd/pki/ca.crt + - --etcd-certfile=/etc/etcd/pki/tls.crt + - --etcd-keyfile=/etc/etcd/pki/tls.key + - --etcd-servers={{ .Values.etcd.external.servers }} + - --etcd-prefix={{ .Values.etcd.external.registryPrefix }} + {{- end }} + {{- if eq .Values.etcd.mode "internal" }} + - --etcd-cafile=/etc/etcd/pki/server-ca.crt + - --etcd-certfile=/etc/etcd/pki/karmada.crt + - --etcd-keyfile=/etc/etcd/pki/karmada.key + - --etcd-servers=https://etcd-client.{{ include "karmada.namespace" . }}.svc.{{ .Values.clusterDomain }}:2379 + {{- end }} + - --bind-address=0.0.0.0 + - --insecure-port=8080 + - --kubelet-client-certificate=/etc/kubernetes/pki/karmada.crt + - --kubelet-client-key=/etc/kubernetes/pki/karmada.key + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --runtime-config= + - --secure-port=5443 + - --service-cluster-ip-range=10.96.0.0/12 + - --proxy-client-cert-file=/etc/kubernetes/pki/karmada.crt + - --proxy-client-key-file=/etc/kubernetes/pki/karmada.key + - --requestheader-allowed-names=front-proxy-client + - --requestheader-client-ca-file=/etc/kubernetes/pki/server-ca.crt + - --requestheader-extra-headers-prefix=X-Remote-Extra- + - --requestheader-group-headers=X-Remote-Group + - --requestheader-username-headers=X-Remote-User + - --tls-cert-file=/etc/kubernetes/pki/karmada.crt + - --tls-private-key-file=/etc/kubernetes/pki/karmada.key + ports: + - name: http + containerPort: 5443 + protocol: TCP + livenessProbe: + failureThreshold: 8 + httpGet: + path: /livez + port: 5443 + scheme: HTTPS + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 15 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 5443 + scheme: HTTPS + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 15 + resources: + {{- toYaml .Values.apiServer.resources | nindent 12 }} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - name: apiserver-cert + mountPath: /etc/kubernetes/pki + readOnly: true + - name: etcd-cert + mountPath: /etc/etcd/pki + readOnly: true + dnsPolicy: ClusterFirstWithHostNet + enableServiceLinks: true + hostNetwork: true + preemptionPolicy: PreemptLowerPriority + priority: 2000001000 + priorityClassName: system-node-critical + restartPolicy: Always + schedulerName: default-scheduler + terminationGracePeriodSeconds: 30 + {{- with .Values.apiServer.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.apiServer.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.apiServer.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: apiserver-cert + secret: + secretName: {{ $name }}-cert + - name: etcd-cert + secret: + {{- if eq .Values.etcd.mode "internal" }} + secretName: {{ $name }}-cert + {{- end }} + {{- if eq .Values.etcd.mode "external" }} + secretName: external-etcd-cert + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ $name }}-apiserver + namespace: {{ include "karmada.namespace" . }} + labels: + {{- include "karmada.apiserver.labels" . | nindent 4}} +spec: + type: ClusterIP + ports: + - name: {{ $name }}-apiserver + port: 5443 + protocol: TCP + targetPort: 5443 + selector: + {{- include "karmada.apiserver.labels" . | nindent 4}} + +{{- end}} diff --git a/charts/templates/karmada_cert.yaml b/charts/templates/karmada_cert.yaml new file mode 100644 index 000000000..219773fe4 --- /dev/null +++ b/charts/templates/karmada_cert.yaml @@ -0,0 +1,45 @@ +{{- if and (eq .Values.installMode "host") (eq .Values.certs.mode "custom") }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "karmada.name" . }}-cert + namespace: {{ include "karmada.namespace" . }} +type: Opaque +data: + server-ca.crt: | + {{ b64enc .Values.certs.custom.caCrt }} + karmada.crt: | + {{ b64enc .Values.certs.custom.crt }} + karmada.key: | + {{ b64enc .Values.certs.custom.key }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "karmada.name" . }}-webhook-cert + namespace: {{ include "karmada.namespace" . }} +type: kubernetes.io/tls +data: + tls.crt: | + {{ b64enc .Values.certs.custom.crt }} + tls.key: | + {{ b64enc .Values.certs.custom.key }} +--- +{{- end }} + +{{- if and (eq .Values.installMode "host") (eq .Values.etcd.mode "external")}} +apiVersion: v1 +kind: Secret +metadata: + name: external-etcd-cert + namespace: {{ include "karmada.namespace" . }} +type: Opaque +data: + ca.crt: | + {{ b64enc .Values.etcd.external.certs.caCrt }} + tls.crt: | + {{ b64enc .Values.etcd.external.certs.crt }} + tls.key: | + {{ b64enc .Values.etcd.external.certs.key }} +--- +{{- end }} diff --git a/charts/templates/karmada_controller_manager.yaml b/charts/templates/karmada_controller_manager.yaml new file mode 100644 index 000000000..d0ea08e64 --- /dev/null +++ b/charts/templates/karmada_controller_manager.yaml @@ -0,0 +1,90 @@ +{{- if eq .Values.installMode "host" }} +{{- $name := include "karmada.name" . -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $name }}-controller-manager + namespace: {{ include "karmada.namespace" . }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $name }}-controller-manager + namespace: {{ include "karmada.namespace" . }} + labels: + {{- include "karmada.cm.labels" . | nindent 4}} +spec: + replicas: {{ .Values.controllerManager.replicaCount }} + selector: + matchLabels: + {{- include "karmada.cm.labels" . | nindent 6}} + template: + metadata: + {{- with .Values.controllerManager.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "karmada.cm.labels" . | nindent 8}} + {{- include "karmada.cm.podLabels" . | nindent 8}} + spec: + {{- with .Values.controllerManager.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ $name }}-controller-manager + {{- with .Values.controllerManager.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controllerManager.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controllerManager.tolerations}} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + {{- include "karmada.kubeconfig.volume" . | nindent 8}} + containers: + - name: {{ $name }}-controller-manager + image: "{{ .Values.controllerManager.image.repository }}:{{ .Values.controllerManager.image.tag | default "latest" }}" + imagePullPolicy: {{ .Values.controllerManager.image.pullPolicy }} + command: + - /bin/karmada-controller-manager + - --kubeconfig=/etc/kubeconfig + - --bind-address=0.0.0.0 + - --cluster-status-update-frequency=10s + - --secure-port=10357 + - --v=2 + volumeMounts: + {{- include "karmada.kubeconfig.volumeMount" . | nindent 12}} + resources: + {{- toYaml .Values.controllerManager.resources | nindent 12 }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ $name }}-controller-manager +rules: + - apiGroups: ['*'] + resources: ['*'] + verbs: ["get", "watch", "list", "create", "patch", "update", "delete"] + - nonResourceURLs: ['*'] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ $name }}-controller-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $name }}-controller-manager +subjects: + - kind: ServiceAccount + name: {{ $name }}-controller-manager + namespace: {{ include "karmada.namespace" . }} +--- +{{- end }} diff --git a/charts/templates/karmada_kubeconfig.yaml b/charts/templates/karmada_kubeconfig.yaml new file mode 100644 index 000000000..9e33e3811 --- /dev/null +++ b/charts/templates/karmada_kubeconfig.yaml @@ -0,0 +1,29 @@ +{{- if and (eq .Values.installMode "host") (eq .Values.certs.mode "custom") }} +{{- $name := include "karmada.name" . -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $name }}-kubeconfig + namespace: {{ include "karmada.namespace" . }} +stringData: + kubeconfig: |- + apiVersion: v1 + kind: Config + clusters: + - cluster: + certificate-authority-data: {{ b64enc .Values.certs.custom.caCrt }} + insecure-skip-tls-verify: false + server: https://{{ $name }}-apiserver.{{ include "karmada.namespace" . }}.svc.{{ .Values.clusterDomain }}:5443 + name: {{ $name }}-apiserver + users: + - user: + client-certificate-data: {{ b64enc .Values.certs.custom.crt }} + client-key-data: {{ b64enc .Values.certs.custom.key }} + name: {{ $name }}-apiserver + contexts: + - context: + cluster: {{ $name }}-apiserver + user: {{ $name }}-apiserver + name: {{ $name }}-apiserver + current-context: {{ $name }}-apiserver +{{- end }} diff --git a/charts/templates/karmada_scheduler.yaml b/charts/templates/karmada_scheduler.yaml new file mode 100644 index 000000000..eca2ec6e1 --- /dev/null +++ b/charts/templates/karmada_scheduler.yaml @@ -0,0 +1,67 @@ +{{- $name := include "karmada.name" . -}} + +{{- if eq .Values.installMode "host" }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $name}}-scheduler + namespace: {{ include "karmada.namespace" . }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $name }}-scheduler + namespace: {{ include "karmada.namespace" . }} + labels: + {{- include "karmada.scheduler.labels" . | nindent 4}} +spec: + replicas: {{ .Values.scheduler.replicaCount }} + selector: + matchLabels: + {{- include "karmada.scheduler.labels" . | nindent 6}} + template: + metadata: + {{- with .Values.scheduler.podAnnotations}} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "karmada.scheduler.labels" . | nindent 8}} + {{- include "karmada.scheduler.podLabels" . | nindent 8}} + spec: + {{- with .Values.scheduler.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.scheduler.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.scheduler.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.scheduler.tolerations}} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ $name}}-scheduler + containers: + - name: {{ $name }}-scheduler + image: {{ .Values.scheduler.image.repository}}:{{ .Values.scheduler.image.tag | default "latest" }} + imagePullPolicy: {{ .Values.scheduler.image.pullPolicy }} + command: + - /bin/karmada-scheduler + - --kubeconfig=/etc/kubeconfig + - --bind-address=0.0.0.0 + - --secure-port=10351 + - --failover=true + volumeMounts: + {{- include "karmada.kubeconfig.volumeMount" . | nindent 12 }} + resources: + {{- toYaml .Values.scheduler.resources | nindent 12 }} + volumes: + {{- include "karmada.kubeconfig.volume" . | nindent 8}} +--- + +{{- end }} diff --git a/charts/templates/karmada_webhook.yaml b/charts/templates/karmada_webhook.yaml new file mode 100644 index 000000000..690111edc --- /dev/null +++ b/charts/templates/karmada_webhook.yaml @@ -0,0 +1,91 @@ +{{- $name := include "karmada.name" . -}} + +{{- if eq .Values.installMode "host" }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $name }}-webhook + namespace: {{ include "karmada.namespace" . }} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $name }}-webhook + namespace: {{ include "karmada.namespace" . }} + labels: + {{- include "karmada.webhook.labels" . | nindent 4}} +spec: + replicas: {{ .Values.webhook.replicaCount }} + selector: + matchLabels: + {{- include "karmada.webhook.labels" . | nindent 6}} + template: + metadata: + {{- with .Values.webhook.podAnnotations}} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "karmada.webhook.labels" . | nindent 8}} + {{- include "karmada.webhook.podLabels" . | nindent 8}} + spec: + {{- with .Values.webhook.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ $name }}-webhook + {{- with .Values.webhook.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.tolerations}} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ $name }}-webhook + image: {{ .Values.webhook.image.repository}}:{{ .Values.webhook.image.tag | default "latest" }} + imagePullPolicy: {{ .Values.webhook.image.pullPolicy }} + command: + - /bin/karmada-webhook + - --kubeconfig=/etc/kubeconfig + - --bind-address=0.0.0.0 + - --secure-port=8443 + - --cert-dir=/var/serving-cert + ports: + - containerPort: 8443 + volumeMounts: + {{- include "karmada.kubeconfig.volumeMount" . | nindent 12 }} + - name: {{ $name }}-webhook-cert-secret + mountPath: /var/serving-cert + readOnly: true + readinessProbe: + httpGet: + path: /readyz + port: 8443 + scheme: HTTPS + volumes: + {{- include "karmada.kubeconfig.volume" . | nindent 8}} + - name: {{ $name }}-webhook-cert-secret + secret: + secretName: {{ $name }}-webhook-cert +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ $name }}-webhook + namespace: {{ include "karmada.namespace" . }} +spec: + selector: + {{- include "karmada.webhook.podLabels" . | nindent 8}} + app: {{ $name }}-webhook + ports: + - port: 443 + targetPort: 8443 + +{{- end }} diff --git a/charts/templates/kube_controller_manager.yaml b/charts/templates/kube_controller_manager.yaml new file mode 100644 index 000000000..7faa5b371 --- /dev/null +++ b/charts/templates/kube_controller_manager.yaml @@ -0,0 +1,92 @@ +{{- $name := include "karmada.name" . -}} + +{{- if eq .Values.installMode "host" }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $name }}-kube-controller-manager + namespace: {{ include "karmada.namespace" . }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $name }}-kube-controller-manager + namespace: {{ include "karmada.namespace" . }} + labels: + {{- include "karmada.kube-cm.labels" . | nindent 4}} +spec: + replicas: {{ .Values.kubeControllerManager.replicaCount }} + selector: + matchLabels: + {{- include "karmada.kube-cm.labels" . | nindent 6}} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + {{- with .Values.kubeControllerManager.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "karmada.kube-cm.labels" . | nindent 8}} + {{- include "karmada.kube-cm.podLabels" . | nindent 8}} + spec: + {{- with .Values.kubeControllerManager.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ $name }}-kube-controller-manager + {{- with .Values.kubeControllerManager.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.kubeControllerManager.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.kubeControllerManager.tolerations}} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - command: + - kube-controller-manager + - --allocate-node-cidrs=true + - --authentication-kubeconfig=/etc/kubeconfig + - --authorization-kubeconfig=/etc/kubeconfig + - --bind-address=0.0.0.0 + - --client-ca-file=/etc/karmada/pki/server-ca.crt + - --cluster-cidr=10.244.0.0/16 + - --cluster-name=karmada + - --cluster-signing-cert-file=/etc/karmada/pki/karmada.crt + - --cluster-signing-key-file=/etc/karmada/pki/karmada.key + - --controllers=namespace,garbagecollector,serviceaccount-token + - --kubeconfig=/etc/kubeconfig + - --leader-elect=true + - --node-cidr-mask-size=24 + - --port=0 + - --root-ca-file=/etc/karmada/pki/server-ca.crt + - --service-account-private-key-file=/etc/karmada/pki/karmada.key + - --service-cluster-ip-range=10.96.0.0/12 + - --use-service-account-credentials=true + - --v=5 + image: {{ .Values.kubeControllerManager.image.repository}}:{{ .Values.kubeControllerManager.image.tag | default "latest" }} + imagePullPolicy: {{ .Values.kubeControllerManager.image.pullPolicy }} + name: kube-controller-manager + resources: + {{- toYaml .Values.kubeControllerManager.resources | nindent 12 }} + volumeMounts: + - mountPath: /etc/karmada/pki + name: apisever-cert + readOnly: true + {{- include "karmada.kubeconfig.volumeMount" . | nindent 12}} + priorityClassName: system-node-critical + volumes: + - name: apisever-cert + secret: + secretName: {{ $name }}-cert + {{- include "karmada.kubeconfig.volume" . | nindent 8}} +{{- end }} diff --git a/charts/templates/post-install-job.yaml b/charts/templates/post-install-job.yaml new file mode 100644 index 000000000..baa08d562 --- /dev/null +++ b/charts/templates/post-install-job.yaml @@ -0,0 +1,68 @@ +{{- $name := include "karmada.name" . -}} + +{{- if eq .Values.installMode "host" }} +{{- if eq .Values.certs.mode "custom" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $name }}-crds + namespace: {{ include "karmada.namespace" . }} +data: + {{- print "webhook-configuration.yaml: " | nindent 2 }} |- + {{- include "karmada.webhook.configuration" . | nindent 4 }} + {{- print "system-namespace.yaml: " | nindent 2 }} |- + {{- include "karmada.systemNamespace" . | nindent 4 }} + {{ range $path, $bytes := .Files.Glob (printf "_crds/**")}} + {{ $name := base $path }} + {{- (printf "%s: " $name) | nindent 2 }} |- + {{- $.Files.Get $path | nindent 4 }} + {{ end }} +--- +{{- end }} +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ $name }}-install-crds" + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ $name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": post-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + parallelism: 1 + completions: 1 + template: + metadata: + name: {{ $name }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ $name | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + spec: + restartPolicy: Never + containers: + - name: post-install-job + image: bitnami/kubectl:latest + command: + - "kubectl" + - "apply" + - "-f" + - "/crds" + - "--kubeconfig" + - "/etc/kubeconfig" + volumeMounts: + - name: {{ $name }}-crds + mountPath: /crds + {{ include "karmada.kubeconfig.volumeMount" . | nindent 10 }} + volumes: + - name: {{ $name }}-crds + configMap: + name: {{ $name }}-crds + {{ include "karmada.kubeconfig.volume" . | nindent 8 }} +{{- end }} diff --git a/charts/templates/pre-install-job.yaml b/charts/templates/pre-install-job.yaml new file mode 100644 index 000000000..b0515fcd3 --- /dev/null +++ b/charts/templates/pre-install-job.yaml @@ -0,0 +1,207 @@ +{{- if and (eq .Values.installMode "host") (eq .Values.certs.mode "auto") }} +{{- $name := include "karmada.name" . -}} +{{- $namespace := include "karmada.namespace" . -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $name }}-config + namespace: {{ $namespace }} + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "2" +data: + install.sh: |- + #!/bin/bash + set -ex + function join() { + local IFS=$1 + shift + echo "$*" + } + kubectl apply -f $(join ',' /opt/configs/*.yaml) + generator.sh: |- + #!/bin/bash + set -ex + mkdir -p /opt/configs + mkdir -p /opt/certs + cp -r -L /opt/mount/* /opt/configs/ + openssl req -x509 -sha256 -new -nodes -days 365 -newkey rsa:2048 -keyout "/opt/certs/server-ca.key" -out "/opt/certs/server-ca.crt" -subj "/C=xx/ST=x/L=x/O=x/OU=x/CN=ca/emailAddress=x/" + echo '{"signing":{"default":{"expiry":{{ printf `"%s"` .Values.certs.auto.expiry }},"usages":["signing","key encipherment","client auth","server auth"]}}}' > "/opt/certs/server-ca-config.json" + echo '{"CN":"system:admin","hosts":{{ toJson .Values.certs.auto.hosts }},"names":[{"O":"system:masters"}],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -ca=/opt/certs/server-ca.crt -ca-key=/opt/certs/server-ca.key -config=/opt/certs/server-ca-config.json - | cfssljson -bare /opt/certs/karmada + karmada_ca=$(base64 /opt/certs/server-ca.crt | tr -d '\r\n') + karmada_crt=$(base64 /opt/certs/karmada.pem | tr -d '\r\n') + karmada_key=$(base64 /opt/certs/karmada-key.pem | tr -d '\r\n') + sed -i'' -e "s/{{ print "{{ ca_crt }}" }}/${karmada_ca}/g" /opt/configs/cert.yaml + sed -i'' -e "s/{{ print "{{ crt }}" }}/${karmada_crt}/g" /opt/configs/cert.yaml + sed -i'' -e "s/{{ print "{{ key }}" }}/${karmada_key}/g" /opt/configs/cert.yaml + sed -i'' -e "s/{{ print "{{ ca_crt }}" }}/${karmada_ca}/g" /opt/configs/kubeconfig.yaml + sed -i'' -e "s/{{ print "{{ crt }}" }}/${karmada_crt}/g" /opt/configs/kubeconfig.yaml + sed -i'' -e "s/{{ print "{{ key }}" }}/${karmada_key}/g" /opt/configs/kubeconfig.yaml + sed -i'' -e "s/{{ print "{{ crt }}" }}/${karmada_crt}/g" /opt/configs/webhook-cert.yaml + sed -i'' -e "s/{{ print "{{ key }}" }}/${karmada_key}/g" /opt/configs/webhook-cert.yaml + sed -i'' -e "s/{{ print "{{ ca_crt }}" }}/${karmada_ca}/g" /opt/configs/crds-configmap.yaml + cert.yaml: |- + apiVersion: v1 + kind: Secret + metadata: + name: {{ $name }}-cert + namespace: {{ $namespace }} + type: Opaque + data: + server-ca.crt: |- + {{ print "{{ ca_crt }}" }} + karmada.crt: |- + {{ print "{{ crt }}" }} + karmada.key: |- + {{ print "{{ key }}" }} + webhook-cert.yaml: |- + apiVersion: v1 + kind: Secret + metadata: + name: {{ $name }}-webhook-cert + namespace: {{ include "karmada.namespace" . }} + type: kubernetes.io/tls + data: + tls.crt: |- + {{ print "{{ crt }}" }} + tls.key: |- + {{ print "{{ key }}" }} + kubeconfig.yaml: |- + apiVersion: v1 + kind: Secret + metadata: + name: {{ $name }}-kubeconfig + namespace: {{ include "karmada.namespace" . }} + stringData: + kubeconfig: |- + apiVersion: v1 + kind: Config + clusters: + - cluster: + certificate-authority-data: {{ print "{{ ca_crt }}" }} + insecure-skip-tls-verify: false + server: https://{{ $name }}-apiserver.{{ include "karmada.namespace" . }}.svc.{{ .Values.clusterDomain }}:5443 + name: {{ $name }}-apiserver + users: + - user: + client-certificate-data: {{ print "{{ crt }}" }} + client-key-data: {{ print "{{ key }}" }} + name: {{ $name }}-apiserver + contexts: + - context: + cluster: {{ $name }}-apiserver + user: {{ $name }}-apiserver + name: {{ $name }}-apiserver + current-context: {{ $name }}-apiserver + crds-configmap.yaml: |- + apiVersion: v1 + kind: ConfigMap + metadata: + name: {{ $name }}-crds + namespace: {{ include "karmada.namespace" . }} + data: + {{- print "webhook-configuration.yaml: " | nindent 6 }} |- + {{- include "karmada.webhook.configuration" . | nindent 8 }} + {{- print "system-namespace.yaml: " | nindent 6 }} |- + {{- include "karmada.systemNamespace" . | nindent 8 }} + {{ range $path, $bytes := .Files.Glob (printf "_crds/**")}} + {{ $name := base $path }} + {{- (printf "%s: " $name) | nindent 6 }} |- + {{- $.Files.Get $path | nindent 8 }} + {{ end }} + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ $name }}-config-generator" + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "3" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + parallelism: 1 + completions: 1 + template: + metadata: + name: {{ $name }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ $name | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + spec: + serviceAccountName: {{ $name }}-pre-job + restartPolicy: Never + initContainers: + - name: generator + image: cfssl/cfssl + workingDir: /opt/mount + command: + - "./generator.sh" + volumeMounts: + - name: mount + mountPath: /opt/mount + - name: configs + mountPath: /opt/configs + containers: + - name: pre-install-job + image: bitnami/kubectl:latest + workingDir: /opt/mount + command: + - "./install.sh" + volumeMounts: + - name: mount + mountPath: /opt/mount + - name: configs + mountPath: /opt/configs + volumes: + - name: mount + configMap: + name: {{ $name }}-config + defaultMode: 0777 + - name: configs + emptyDir: {} + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $name }}-pre-job + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" + namespace: {{ include "karmada.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ $name }}-pre-job + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +rules: + - apiGroups: ['*'] + resources: ['*'] + verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] + - nonResourceURLs: ['*'] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ $name }}-pre-job + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $name }}-pre-job +subjects: + - kind: ServiceAccount + name: {{ $name }}-pre-job + namespace: {{ include "karmada.namespace" . }} +--- +{{- end }} diff --git a/charts/values.yaml b/charts/values.yaml new file mode 100644 index 000000000..884a53e30 --- /dev/null +++ b/charts/values.yaml @@ -0,0 +1,339 @@ +## Default values for charts. +## This is a YAML-formatted file. +## Declare variables to be passed into your templates. + +## @param installMode "host" and "agent" are provided +## "host" means install karmada in the control-cluster +## "agent" means install agent client in the member cluster +installMode: "host" + +## @param clusterDomain default domain for karmada +clusterDomain: "cluster.local" + +## karmada certificate config +certs: + ## @param certs.mode "auto" and "custom" are provided + ## "auto" means auto generate certificate + ## "custom" means use user certificate + mode: auto + auto: + ## @param certs.auto.expiry expiry of the certificate + expiry: 43800h + ## @param certs.auto.hosts hosts of the certificate + hosts: [ + "kubernetes.default.svc", + "*.etcd.karmada-system.svc.cluster.local", + "*.karmada-system.svc.cluster.local", + "*.karmada-system.svc", + "localhost", + "127.0.0.1" + ] + custom: + ## @param certs.custom.caCrt ca of the certificate + caCrt: | + -----BEGIN CERTIFICATE----- + XXXXXXXXXXXXXXXXXXXXXXXXXXX + -----END CERTIFICATE----- + ## @param certs.custom.crt crt of the certificate + crt: | + -----BEGIN CERTIFICATE----- + XXXXXXXXXXXXXXXXXXXXXXXXXXX + -----END CERTIFICATE----- + ## @param certs.custom.key key of the certificate + key: | + -----BEGIN RSA PRIVATE KEY----- + XXXXXXXXXXXXXXXXXXXXXXXXXXX + -----END RSA PRIVATE KEY----- + +## scheduler config +scheduler: + ## @param scheduler.labels + labels: + app: karmada-scheduler + ## @param scheduler.replicaCount target replicas + replicaCount: 1 + ## @param scheduler.podAnnotations + podAnnotations: { } + ## @param scheduler.podLabels + podLabels: { } + ## @param scheduler.imagePullSecrets + imagePullSecrets: [ ] + image: + ## @param scheduler.image.repository image of the scheduler + repository: swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-scheduler + ## @param scheduler.image.pullPolicy pull policy of image + pullPolicy: IfNotPresent + ## @param scheduler.image.tag verrides the image tag whose default is the latest + tag: latest + ## @param scheduler.resources + resources: { } + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + ## @param scheduler.nodeSelector + nodeSelector: { } + ## @param scheduler.affinity + affinity: { } + ## @param scheduler.tolerations + tolerations: [ ] + # - key: node-role.kubernetes.io/master + # operator: Exists + +## webhook config +webhook: + ## @param webhook.labels + labels: + app: karmada-webhook + ## @param webhook.replicaCount target replicas + replicaCount: 1 + ## @param webhook.podAnnotations + podAnnotations: { } + ## @param webhook.podLabels + podLabels: { } + ## @param webhook.imagePullSecrets + imagePullSecrets: [ ] + image: + ## @param webhook.image.repository image of the webhook + repository: swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-webhook + ## @param webhook.image.pullPolicy pull policy of image + pullPolicy: IfNotPresent + ## @param webhook.image.tag verrides the image tag whose default is the latest + tag: latest + ## @param webhook.resources + resources: { } + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + ## @param webhook.nodeSelector + nodeSelector: { } + ## @param webhook.affinity + affinity: { } + ## @param webhook.tolerations + tolerations: [ ] + # - key: node-role.kubernetes.io/master + # operator: Exists + +## controller manager config +controllerManager: + ## @param controllerManager.labels + labels: + app: karmada-controller-manager + ## @param controllerManager.replicaCount target replicas + replicaCount: 1 + ## @param controllerManager.podAnnotations + podAnnotations: { } + ## @param controllerManager.podLabels + podLabels: { } + ## @param controllerManager.imagePullSecrets + imagePullSecrets: [ ] + image: + ## @param controllerManager.image.repository image of the controller manager + repository: swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-controller-manager + ## @param controllerManager.image.pullPolicy pull policy of image + pullPolicy: IfNotPresent + ## @param controllerManager.image.tag verrides the image tag whose default is the latest + tag: latest + ## @param controllerManager.resources + resources: { } + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + ## @param controllerManager.nodeSelector + nodeSelector: { } + ## @param controllerManager.affinity + affinity: { } + ## @param controllerManager.tolerations + tolerations: [ ] + # - key: node-role.kubernetes.io/master + # operator: Exists + +## karmada apiserver config +apiServer: + ## @param apiServer.labels + labels: + app: karmada-apiserver + ## @param apiServer.replicaCount target replicas + replicaCount: 1 + ## @param apiServer.podAnnotations + podAnnotations: { } + ## @param apiServer.podLabels + podLabels: { } + ## @param apiServer.imagePullSecrets + imagePullSecrets: [] + image: + ## @param apiServer.image.repository image of the apiserver + repository: k8s.gcr.io/kube-apiserver + ## @param apiServer.image.pullPolicy pull policy of image + pullPolicy: IfNotPresent + ## @param apiServer.image.tag verrides the image tag whose default is the latest + tag: "v1.19.1" + ## @param apiServer.resources + resources: { } + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + ## @param apiServer.nodeSelector + nodeSelector: { } + ## @param apiServer.affinity + affinity: { } + ## @param apiServer.tolerations + tolerations: [ ] + # - key: node-role.kubernetes.io/master + # operator: Exists + +## kubernetes controller manager config +kubeControllerManager: + ## @param kubeControllerManager.labels + labels: + app: kube-controller-manager + ## @param kubeControllerManager.replicaCount target replicas + replicaCount: 1 + ## @param kubeControllerManager.podAnnotations + podAnnotations: {} + ## @param kubeControllerManager.podLabels + podLabels: {} + ## @param kubeControllerManager.imagePullSecrets + imagePullSecrets: [] + image: + ## @param kubeControllerManager.image.repository image of the kube controller manager + repository: k8s.gcr.io/kube-controller-manager + ## @param kubeControllerManager.image.pullPolicy pull policy of image + pullPolicy: IfNotPresent + ## @param kubeControllerManager.image.tag verrides the image tag whose default is the latest + tag: "v1.19.1" + ## @param kubeControllerManager.resources + resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + ## @param kubeControllerManager.nodeSelector + nodeSelector: {} + ## @param kubeControllerManager.affinity + affinity: {} + ## @param kubeControllerManager.tolerations + tolerations: [ ] + # - key: node-role.kubernetes.io/master + # operator: Exists + +## etcd config +etcd: + ## @param etcd.mode "external" and "internal" are provided + ## "external" means use external ectd + ## "internal" means install a etcd in the cluster + mode: "internal" + external: + ## @param etcd.external.servers servers of etcd + ## such as "https://192.168.1.1:2379,https://192.168.1.2:2379,https://192.168.1.3:2379" + servers: "" + ## @param etcd.external.registryPrefix use to registry prefix of etcd + registryPrefix: "/registry/karmada" + certs: + ## @param etcd.external.certs.caCrt ca of the certificate + caCrt: | + -----BEGIN CERTIFICATE----- + XXXXXXXXXXXXXXXXXXXXXXXXXXX + -----END CERTIFICATE----- + ## @param etcd.external.certs.crt crt of the certificate + crt: | + -----BEGIN CERTIFICATE----- + XXXXXXXXXXXXXXXXXXXXXXXXXXX + -----END CERTIFICATE----- + ## @param etcd.external.certs.key key of the certificate + key: | + -----BEGIN RSA PRIVATE KEY----- + XXXXXXXXXXXXXXXXXXXXXXXXXXX + -----END RSA PRIVATE KEY----- + internal: + ## @param etcd.internal.replicaCount target replicas + replicaCount: 1 + image: + ## @param etcd.internal.image.repository image of the etcd + repository: k8s.gcr.io/etcd + ## @param etcd.internal.image.pullPolicy pull policy of image + pullPolicy: IfNotPresent + ## @param etcd.internal.image.tag verrides the image tag whose default is the latest + tag: "3.4.13-0" + +## agent client config +agent: + ## @param agent.clusterName name of the member cluster + clusterName: "" + kubeconfig: + ## @param agent.kubeconfig.caCrt ca of the certificate + caCrt: | + -----BEGIN CERTIFICATE----- + XXXXXXXXXXXXXXXXXXXXXXXXXXX + -----END CERTIFICATE----- + ## @param agent.kubeconfig.crt crt of the certificate + crt: | + -----BEGIN CERTIFICATE----- + XXXXXXXXXXXXXXXXXXXXXXXXXXX + -----END CERTIFICATE----- + ## @param agent.kubeconfig.key key of the certificate + key: | + -----BEGIN RSA PRIVATE KEY----- + XXXXXXXXXXXXXXXXXXXXXXXXXXX + -----END RSA PRIVATE KEY----- + ## @param agent.kubeconfig.server apiserver of the karmada + server: "" + ## @param agent.labels + labels: + app: karmada-agent + ## @param agent.replicaCount target replicas + replicaCount: 1 + ## @param agent.podAnnotations + podAnnotations: { } + ## @param agent.podLabels + podLabels: { } + ## @param agent.imagePullSecrets + imagePullSecrets: [ ] + image: + ## @param agent.image.repository image of the agent + repository: swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-agent + ## @param agent.image.pullPolicy pull policy of image + pullPolicy: IfNotPresent + ## @param agent.image.tag verrides the image tag whose default is the latest + tag: latest + ## @param agent.resources + resources: { } + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + ## @param agent.nodeSelector + nodeSelector: { } + ## @param agent.affinity + affinity: { } + ## @param agent.tolerations + tolerations: { } + # - key: node-role.kubernetes.io/master + # operator: Exists