diff --git a/all_in_one.yaml b/all_in_one.yaml new file mode 100644 index 0000000..00e299c --- /dev/null +++ b/all_in_one.yaml @@ -0,0 +1,580 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: nfs-operator + app.kubernetes.io/instance: system + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: namespace + app.kubernetes.io/part-of: nfs-operator + control-plane: controller-manager + name: nfspvc-operator-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: nfspvc-operator-system/nfspvc-operator-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + name: nfspvcs.nfspvc.dana.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: nfspvc-operator-webhook-service + namespace: nfspvc-operator-system + path: /convert + conversionReviewVersions: + - v1 + group: nfspvc.dana.io + names: + kind: NfsPvc + listKind: NfsPvcList + plural: nfspvcs + singular: nfspvc + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: NfsPvc is the Schema for the nfspvcs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: NfsPvcSpec defines the desired state of NfsPvc. + properties: + accessModes: + description: accessModes contains the desired access modes the volume + should have(RWX, RWO, ROX). + items: + type: string + type: array + x-kubernetes-validations: + - message: AccessModes is immutable + rule: self == oldSelf + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity is the description of the persistent volume's + resources and capacity. + type: object + x-kubernetes-validations: + - message: Capacity is immutable + rule: self == oldSelf + path: + description: path that is exported by the NFS server. + pattern: ^/ + type: string + x-kubernetes-validations: + - message: Path is immutable + rule: self == oldSelf + server: + description: server is the hostname or IP address of the NFS server + minLength: 1 + type: string + x-kubernetes-validations: + - message: Server is immutable + rule: self == oldSelf + required: + - accessModes + - capacity + - path + - server + type: object + status: + description: NfsPvcStatus defines the observed state of NfsPvc. + properties: + pvPhase: + description: pvPhase indicates if a volume is available, bound to + a claim, or released by a claim. + type: string + pvcPhase: + description: pvcPhase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: nfs-operator + app.kubernetes.io/instance: controller-manager-sa + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: serviceaccount + app.kubernetes.io/part-of: nfs-operator + name: nfspvc-operator-controller-manager + namespace: nfspvc-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: nfspvc-operator + app.kubernetes.io/instance: leader-election-role + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: role + app.kubernetes.io/part-of: nfspvc-operator + name: nfspvc-operator-leader-election-role + namespace: nfspvc-operator-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: nfspvc-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - nfspvc.dana.io + resources: + - nfspvcs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - nfspvc.dana.io + resources: + - nfspvcs/finalizers + verbs: + - update +- apiGroups: + - nfspvc.dana.io + resources: + - nfspvcs/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: nfs-operator + app.kubernetes.io/instance: metrics-reader + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: nfs-operator + name: nfspvc-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: nfspvc-operator + app.kubernetes.io/instance: nfspvc-aggregate-to-admin + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: nfspvc-operator + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: nfspvc-operator-nfspvc-aggregate-to-admin +rules: +- apiGroups: + - nfspvc.dana.io + resources: + - nfspvcs + verbs: + - get + - list + - watch + - create + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: nfs-operator + app.kubernetes.io/instance: proxy-role + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: nfs-operator + name: nfspvc-operator-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: nfspvc-operator + app.kubernetes.io/instance: leader-election-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: rolebinding + app.kubernetes.io/part-of: nfspvc-operator + name: nfspvc-operator-leader-election-rolebinding + namespace: nfspvc-operator-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: nfspvc-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: nfspvc-operator-controller-manager + namespace: nfspvc-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: nfspvc-operator + app.kubernetes.io/instance: manager-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/part-of: nfspvc-operator + name: nfspvc-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nfspvc-operator-manager-role +subjects: +- kind: ServiceAccount + name: nfspvc-operator-controller-manager + namespace: nfspvc-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: nfs-operator + app.kubernetes.io/instance: proxy-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/part-of: nfs-operator + name: nfspvc-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nfspvc-operator-proxy-role +subjects: +- kind: ServiceAccount + name: nfspvc-operator-controller-manager + namespace: nfspvc-operator-system +--- +apiVersion: v1 +data: + RECLAIM_POLICY: Retain + STORAGE_CLASS: brown +kind: ConfigMap +metadata: + name: nfspvc-operator-configuration-nfspvc + namespace: nfspvc-operator-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: nfspvc-operator + app.kubernetes.io/instance: controller-manager-metrics-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: nfspvc-operator + control-plane: controller-manager + name: nfspvc-operator-controller-manager-metrics-service + namespace: nfspvc-operator-system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/created-by: nfspvc-operator + app.kubernetes.io/instance: webhook-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: nfspvc-operator + name: nfspvc-operator-webhook-service + namespace: nfspvc-operator-system +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: nfs-operator + app.kubernetes.io/instance: controller-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: deployment + app.kubernetes.io/part-of: nfs-operator + control-plane: controller-manager + name: nfspvc-operator-controller-manager + namespace: nfspvc-operator-system +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + envFrom: + - configMapRef: + name: nfspvc-operator-configuration-nfspvc + image: ghcr.io/dana-team/nfspvc-operator:main + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: nfspvc-operator-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + app.kubernetes.io/component: certificate + app.kubernetes.io/created-by: nfspvc-operator + app.kubernetes.io/instance: serving-cert + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: certificate + app.kubernetes.io/part-of: nfspvc-operator + name: nfspvc-operator-serving-cert + namespace: nfspvc-operator-system +spec: + dnsNames: + - nfspvc-operator-webhook-service.nfspvc-operator-system.svc + - nfspvc-operator-webhook-service.nfspvc-operator-system.svc.cluster.local + issuerRef: + kind: Issuer + name: nfspvc-operator-selfsigned-issuer + secretName: webhook-server-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + app.kubernetes.io/component: certificate + app.kubernetes.io/created-by: nfspvc-operator + app.kubernetes.io/instance: serving-cert + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: certificate + app.kubernetes.io/part-of: nfspvc-operator + name: nfspvc-operator-selfsigned-issuer + namespace: nfspvc-operator-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: nfspvc-operator-system/nfspvc-operator-serving-cert + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/created-by: nfspvc-operator + app.kubernetes.io/instance: validating-webhook-configuration + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: validatingwebhookconfiguration + app.kubernetes.io/part-of: nfspvc-operator + name: nfspvc-operator-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: nfspvc-operator-webhook-service + namespace: nfspvc-operator-system + path: /validate-nfspvc-dana-io-v1alpha1-nfspvc + failurePolicy: Fail + name: vnfspvc.kb.io + rules: + - apiGroups: + - nfspvc.dana.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - nfspvcs + sideEffects: None