File templates.obscpio of Package kubevirt-chart
07070100000000000081a400000000000000000000000168e8e3240000006b000000000000000000000000000000000000001400000000templates/NOTES.txtVerify that all KubeVirt components are installed correctly:
kubectl get all -n {{ .Release.Namespace }}
07070100000001000081a400000000000000000000000168e8e32400000700000000000000000000000000000000000000001700000000templates/_helpers.tpl{{/*
Expand the name of the chart.
*/}}
{{- define "kubevirt.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "kubevirt.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "kubevirt.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "kubevirt.labels" -}}
helm.sh/chart: {{ include "kubevirt.chart" . }}
{{ include "kubevirt.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "kubevirt.selectorLabels" -}}
app.kubernetes.io/name: {{ include "kubevirt.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "kubevirt.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "kubevirt.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
07070100000002000081a400000000000000000000000168e8e32400000660000000000000000000000000000000000000001500000000templates/_hooks.tpl{{/* Hook annotations */}}
{{- define "kubevirt.hook.annotations" -}}
annotations:
"helm.sh/hook": {{ .hookType }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": {{ .hookWeight | quote }}
{{- end -}}
{{/* Namespace modifying hook annotations */}}
{{- define "kubevirt.namespaceHook.annotations" -}}
{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-install") . }}
{{- end -}}
{{/* CRD upgrading hook annotations */}}
{{- define "kubevirt.crdUpgradeHook.annotations" -}}
{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-upgrade") . }}
{{- end -}}
{{/* Custom resource uninstalling hook annotations */}}
{{- define "kubevirt.crUninstallHook.annotations" -}}
{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-delete") . }}
{{- end -}}
{{/* CRD uninstalling hook annotations */}}
{{- define "kubevirt.crdUninstallHook.annotations" -}}
{{ template "kubevirt.hook.annotations" merge (dict "hookType" "post-delete") . }}
{{- end -}}
{{/* Namespace modifying hook name */}}
{{- define "kubevirt.namespaceHook.name" -}}
{{ include "kubevirt.fullname" . }}-namespace-modify
{{- end }}
{{/* CRD upgrading hook name */}}
{{- define "kubevirt.crdUpgradeHook.name" -}}
{{ include "kubevirt.fullname" . }}-crd-upgrade
{{- end }}
{{/* Custom resource uninstalling hook name */}}
{{- define "kubevirt.crUninstallHook.name" -}}
{{ include "kubevirt.fullname" . }}-uninstall
{{- end }}
{{/* CRD uninstalling hook name */}}
{{- define "kubevirt.crdUninstallHook.name" -}}
{{ include "kubevirt.fullname" . }}-crd-uninstall
{{- end }}
07070100000003000081a400000000000000000000000168e8e32400000748000000000000000000000000000000000000002300000000templates/crd-uninstall-hooks.yamlapiVersion: v1
kind: ServiceAccount
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crdUninstallHook.name" . }}
{{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 1) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "kubevirt.crdUninstallHook.name" . }}
{{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 1) }}
rules:
- apiGroups: [ "apiextensions.k8s.io" ]
resources: [ "customresourcedefinitions" ]
resourceNames:
- "kubevirts.kubevirt.io"
verbs: [ "delete" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "kubevirt.crdUninstallHook.name" . }}
{{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 2) }}
subjects:
- kind: ServiceAccount
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crdUninstallHook.name" . }}
roleRef:
kind: ClusterRole
name: {{ template "kubevirt.crdUninstallHook.name" . }}
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crdUninstallHook.name" . }}
{{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 3) }}
spec:
template:
metadata:
name: {{ template "kubevirt.crdUninstallHook.name" . }}
spec:
serviceAccountName: {{ template "kubevirt.crdUninstallHook.name" . }}
restartPolicy: {{ .Values.hookRestartPolicy }}
containers:
- name: {{ template "kubevirt.crdUninstallHook.name" . }}
image: {{ .Values.hookImage }}
args:
- delete
- customresourcedefinitions
- kubevirts.kubevirt.io
securityContext:
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
07070100000004000081a400000000000000000000000168e8e324000009b2000000000000000000000000000000000000002100000000templates/crd-upgrade-hooks.yamlapiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ .Release.Namespace }}
name: kubevirt-crd-manifest
{{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 1) }}
data:
crd: |-
{{ $.Files.Get "crds/kubevirt.yaml" | nindent 4 }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
{{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 2) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
{{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 2) }}
rules:
- apiGroups: [ "" ]
resources: [ "configmaps" ]
resourceNames:
- "kubevirt-crd-manifest"
verbs: [ "get" ]
- apiGroups: [ "apiextensions.k8s.io" ]
resources: [ "customresourcedefinitions" ]
resourceNames:
- "kubevirts.kubevirt.io"
verbs: [ "get", "patch" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
{{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 3) }}
subjects:
- kind: ServiceAccount
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
roleRef:
kind: ClusterRole
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
{{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 4) }}
spec:
template:
metadata:
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
spec:
serviceAccountName: {{ template "kubevirt.crdUpgradeHook.name" . }}
restartPolicy: {{ .Values.hookRestartPolicy }}
containers:
- name: {{ template "kubevirt.crdUpgradeHook.name" . }}
securityContext:
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
image: {{ .Values.hookImage }}
args:
- apply
- -f
- /etc/manifests/crd.yaml
volumeMounts:
- name: crd-volume
mountPath: /etc/manifests
volumes:
- name: crd-volume
configMap:
name: kubevirt-crd-manifest
items:
- key: crd
path: crd.yaml
07070100000005000081a400000000000000000000000168e8e324000068e3000000000000000000000000000000000000002100000000templates/kubevirt-operator.yamlapiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: kubevirt-cluster-critical
value: 1000000000
globalDefault: false
description: "This priority class should be used for core kubevirt components only."
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubevirt.io:operator
labels:
operator.kubevirt.io: ""
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups:
- kubevirt.io
resources:
- kubevirts
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
kubevirt.io: ""
name: kubevirt-operator
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
kubevirt.io: ""
name: kubevirt-operator
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- ""
resourceNames:
- kubevirt-ca
- kubevirt-export-ca
- kubevirt-virt-handler-certs
- kubevirt-virt-handler-server-certs
- kubevirt-operator-certs
- kubevirt-virt-api-certs
- kubevirt-controller-certs
- kubevirt-exportproxy-certs
resources:
- secrets
verbs:
- create
- get
- list
- watch
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- get
- list
- watch
- patch
- delete
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- create
- get
- list
- watch
- patch
- delete
- apiGroups:
- route.openshift.io
resources:
- routes/custom-host
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- delete
- update
- create
- patch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- list
- get
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- list
- get
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- list
- get
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- delete
- update
- create
- patch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- ""
resourceNames:
- kubevirt-export-ca
resources:
- configmaps
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
kubevirt.io: ""
name: kubevirt-operator-rolebinding
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubevirt-operator
subjects:
- kind: ServiceAccount
name: kubevirt-operator
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubevirt.io: ""
name: kubevirt-operator
rules:
- apiGroups:
- kubevirt.io
resources:
- kubevirts
verbs:
- get
- list
- watch
- patch
- update
- patch
- apiGroups:
- ""
resources:
- serviceaccounts
- services
- endpoints
- pods/exec
verbs:
- get
- list
- watch
- create
- update
- delete
- patch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- patch
- delete
- apiGroups:
- batch
resources:
- jobs
verbs:
- get
- list
- watch
- create
- delete
- patch
- apiGroups:
- apps
resources:
- controllerrevisions
verbs:
- watch
- list
- create
- delete
- patch
- apiGroups:
- apps
resources:
- deployments
- daemonsets
verbs:
- get
- list
- watch
- create
- delete
- patch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
- clusterrolebindings
- roles
- rolebindings
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- create
- delete
- patch
- apiGroups:
- security.openshift.io
resources:
- securitycontextconstraints
verbs:
- create
- get
- list
- watch
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- get
- patch
- update
- apiGroups:
- security.openshift.io
resourceNames:
- kubevirt-handler
- kubevirt-controller
resources:
- securitycontextconstraints
verbs:
- get
- list
- watch
- update
- delete
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
- validatingadmissionpolicybindings
- validatingadmissionpolicies
verbs:
- get
- list
- watch
- create
- delete
- update
- patch
- apiGroups:
- apiregistration.k8s.io
resources:
- apiservices
verbs:
- get
- list
- watch
- create
- delete
- update
- patch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
- prometheusrules
verbs:
- get
- list
- watch
- create
- delete
- update
- patch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- patch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- delete
- patch
- apiGroups:
- kubevirt.io
resources:
- virtualmachines
- virtualmachineinstances
verbs:
- get
- list
- watch
- patch
- update
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- apiGroups:
- kubevirt.io
resources:
- virtualmachines/status
verbs:
- patch
- apiGroups:
- kubevirt.io
resources:
- virtualmachineinstancemigrations
verbs:
- create
- get
- list
- watch
- patch
- apiGroups:
- kubevirt.io
resources:
- virtualmachineinstancepresets
verbs:
- watch
- list
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- limitranges
verbs:
- watch
- list
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- kubevirt.io
resources:
- kubevirts
verbs:
- get
- list
- watch
- apiGroups:
- snapshot.kubevirt.io
resources:
- virtualmachinesnapshots
- virtualmachinerestores
- virtualmachinesnapshotcontents
verbs:
- get
- list
- watch
- apiGroups:
- cdi.kubevirt.io
resources:
- datasources
- datavolumes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- instancetype.kubevirt.io
resources:
- virtualmachineinstancetypes
- virtualmachineclusterinstancetypes
- virtualmachinepreferences
- virtualmachineclusterpreferences
verbs:
- get
- list
- watch
- apiGroups:
- migrations.kubevirt.io
resources:
- migrationpolicies
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- controllerrevisions
verbs:
- create
- list
- get
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- patch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- get
- list
- watch
- delete
- create
- patch
- apiGroups:
- ""
resources:
- pods
- configmaps
- endpoints
- services
verbs:
- get
- list
- watch
- delete
- update
- create
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- update
- create
- patch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- apiGroups:
- ""
resources:
- pods/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
- pods/eviction
verbs:
- create
- apiGroups:
- ""
resources:
- pods/status
verbs:
- patch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- list
- apiGroups:
- apps
resources:
- controllerrevisions
verbs:
- watch
- list
- create
- delete
- get
- update
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- create
- update
- delete
- patch
- apiGroups:
- snapshot.kubevirt.io
resources:
- virtualmachinesnapshots
- virtualmachinesnapshots/status
- virtualmachinesnapshotcontents
- virtualmachinesnapshotcontents/status
- virtualmachinesnapshotcontents/finalizers
- virtualmachinerestores
- virtualmachinerestores/status
verbs:
- get
- list
- watch
- create
- update
- delete
- patch
- apiGroups:
- export.kubevirt.io
resources:
- virtualmachineexports
- virtualmachineexports/status
- virtualmachineexports/finalizers
verbs:
- get
- list
- watch
- create
- update
- delete
- patch
- apiGroups:
- pool.kubevirt.io
resources:
- virtualmachinepools
- virtualmachinepools/finalizers
- virtualmachinepools/status
- virtualmachinepools/scale
verbs:
- watch
- list
- create
- delete
- update
- patch
- get
- apiGroups:
- kubevirt.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- kubevirt.io
resources:
- virtualmachines/finalizers
verbs:
- update
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/addvolume
- virtualmachineinstances/removevolume
- virtualmachineinstances/freeze
- virtualmachineinstances/unfreeze
- virtualmachineinstances/softreboot
- virtualmachineinstances/sev/setupsession
- virtualmachineinstances/sev/injectlaunchsecret
verbs:
- update
- apiGroups:
- cdi.kubevirt.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- k8s.cni.cncf.io
resources:
- network-attachment-definitions
verbs:
- get
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotclasses
verbs:
- get
- list
- watch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- instancetype.kubevirt.io
resources:
- virtualmachineinstancetypes
- virtualmachineclusterinstancetypes
- virtualmachinepreferences
- virtualmachineclusterpreferences
verbs:
- get
- list
- watch
- apiGroups:
- migrations.kubevirt.io
resources:
- migrationpolicies
verbs:
- get
- list
- watch
- apiGroups:
- clone.kubevirt.io
resources:
- virtualmachineclones
- virtualmachineclones/status
- virtualmachineclones/finalizers
verbs:
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- resourcequotas
verbs:
- list
- watch
- apiGroups:
- kubevirt.io
resources:
- virtualmachineinstances
verbs:
- update
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- patch
- list
- watch
- get
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- kubevirt.io
resources:
- kubevirts
verbs:
- get
- list
- watch
- apiGroups:
- migrations.kubevirt.io
resources:
- migrationpolicies
verbs:
- get
- list
- watch
- apiGroups:
- export.kubevirt.io
resources:
- virtualmachineexports
verbs:
- get
- list
- watch
- apiGroups:
- kubevirt.io
resources:
- kubevirts
verbs:
- list
- watch
- apiGroups:
- kubevirt.io
resources:
- kubevirts
verbs:
- get
- list
- apiGroups:
- subresources.kubevirt.io
resources:
- version
- guestfs
verbs:
- get
- list
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/console
- virtualmachineinstances/vnc
- virtualmachineinstances/vnc/screenshot
- virtualmachineinstances/portforward
- virtualmachineinstances/guestosinfo
- virtualmachineinstances/filesystemlist
- virtualmachineinstances/userlist
- virtualmachineinstances/sev/fetchcertchain
- virtualmachineinstances/sev/querylaunchmeasurement
- virtualmachineinstances/usbredir
verbs:
- get
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/pause
- virtualmachineinstances/unpause
- virtualmachineinstances/addvolume
- virtualmachineinstances/removevolume
- virtualmachineinstances/freeze
- virtualmachineinstances/unfreeze
- virtualmachineinstances/softreboot
- virtualmachineinstances/sev/setupsession
- virtualmachineinstances/sev/injectlaunchsecret
verbs:
- update
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachines/expand-spec
- virtualmachines/portforward
verbs:
- get
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachines/start
- virtualmachines/stop
- virtualmachines/restart
- virtualmachines/addvolume
- virtualmachines/removevolume
- virtualmachines/migrate
- virtualmachines/memorydump
verbs:
- update
- apiGroups:
- subresources.kubevirt.io
resources:
- expand-vm-spec
verbs:
- update
- apiGroups:
- kubevirt.io
resources:
- virtualmachines
- virtualmachineinstances
- virtualmachineinstancepresets
- virtualmachineinstancereplicasets
- virtualmachineinstancemigrations
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection
- apiGroups:
- snapshot.kubevirt.io
resources:
- virtualmachinesnapshots
- virtualmachinesnapshotcontents
- virtualmachinerestores
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection
- apiGroups:
- export.kubevirt.io
resources:
- virtualmachineexports
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection
- apiGroups:
- clone.kubevirt.io
resources:
- virtualmachineclones
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection
- apiGroups:
- instancetype.kubevirt.io
resources:
- virtualmachineinstancetypes
- virtualmachineclusterinstancetypes
- virtualmachinepreferences
- virtualmachineclusterpreferences
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection
- apiGroups:
- pool.kubevirt.io
resources:
- virtualmachinepools
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection
- apiGroups:
- migrations.kubevirt.io
resources:
- migrationpolicies
verbs:
- get
- list
- watch
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/console
- virtualmachineinstances/vnc
- virtualmachineinstances/vnc/screenshot
- virtualmachineinstances/portforward
- virtualmachineinstances/guestosinfo
- virtualmachineinstances/filesystemlist
- virtualmachineinstances/userlist
- virtualmachineinstances/sev/fetchcertchain
- virtualmachineinstances/sev/querylaunchmeasurement
- virtualmachineinstances/usbredir
verbs:
- get
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/pause
- virtualmachineinstances/unpause
- virtualmachineinstances/addvolume
- virtualmachineinstances/removevolume
- virtualmachineinstances/freeze
- virtualmachineinstances/unfreeze
- virtualmachineinstances/softreboot
- virtualmachineinstances/sev/setupsession
- virtualmachineinstances/sev/injectlaunchsecret
verbs:
- update
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachines/expand-spec
- virtualmachines/portforward
verbs:
- get
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachines/start
- virtualmachines/stop
- virtualmachines/restart
- virtualmachines/addvolume
- virtualmachines/removevolume
- virtualmachines/migrate
- virtualmachines/memorydump
verbs:
- update
- apiGroups:
- subresources.kubevirt.io
resources:
- expand-vm-spec
verbs:
- update
- apiGroups:
- kubevirt.io
resources:
- virtualmachines
- virtualmachineinstances
- virtualmachineinstancepresets
- virtualmachineinstancereplicasets
- virtualmachineinstancemigrations
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- apiGroups:
- snapshot.kubevirt.io
resources:
- virtualmachinesnapshots
- virtualmachinesnapshotcontents
- virtualmachinerestores
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- apiGroups:
- export.kubevirt.io
resources:
- virtualmachineexports
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- apiGroups:
- clone.kubevirt.io
resources:
- virtualmachineclones
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- apiGroups:
- instancetype.kubevirt.io
resources:
- virtualmachineinstancetypes
- virtualmachineclusterinstancetypes
- virtualmachinepreferences
- virtualmachineclusterpreferences
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- apiGroups:
- pool.kubevirt.io
resources:
- virtualmachinepools
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- apiGroups:
- kubevirt.io
resources:
- kubevirts
verbs:
- get
- list
- apiGroups:
- migrations.kubevirt.io
resources:
- migrationpolicies
verbs:
- get
- list
- watch
- apiGroups:
- kubevirt.io
resources:
- kubevirts
verbs:
- get
- list
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachines/expand-spec
- virtualmachineinstances/guestosinfo
- virtualmachineinstances/filesystemlist
- virtualmachineinstances/userlist
- virtualmachineinstances/sev/fetchcertchain
- virtualmachineinstances/sev/querylaunchmeasurement
verbs:
- get
- apiGroups:
- subresources.kubevirt.io
resources:
- expand-vm-spec
verbs:
- update
- apiGroups:
- kubevirt.io
resources:
- virtualmachines
- virtualmachineinstances
- virtualmachineinstancepresets
- virtualmachineinstancereplicasets
- virtualmachineinstancemigrations
verbs:
- get
- list
- watch
- apiGroups:
- snapshot.kubevirt.io
resources:
- virtualmachinesnapshots
- virtualmachinesnapshotcontents
- virtualmachinerestores
verbs:
- get
- list
- watch
- apiGroups:
- export.kubevirt.io
resources:
- virtualmachineexports
verbs:
- get
- list
- watch
- apiGroups:
- clone.kubevirt.io
resources:
- virtualmachineclones
verbs:
- get
- list
- watch
- apiGroups:
- instancetype.kubevirt.io
resources:
- virtualmachineinstancetypes
- virtualmachineclusterinstancetypes
- virtualmachinepreferences
- virtualmachineclusterpreferences
verbs:
- get
- list
- watch
- apiGroups:
- pool.kubevirt.io
resources:
- virtualmachinepools
verbs:
- get
- list
- watch
- apiGroups:
- migrations.kubevirt.io
resources:
- migrationpolicies
verbs:
- get
- list
- watch
- apiGroups:
- instancetype.kubevirt.io
resources:
- virtualmachineclusterinstancetypes
- virtualmachineclusterpreferences
verbs:
- get
- list
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
kubevirt.io: ""
name: kubevirt-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt-operator
subjects:
- kind: ServiceAccount
name: kubevirt-operator
namespace: {{ .Release.Namespace }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
kubevirt.io: virt-operator
name: virt-operator
namespace: {{ .Release.Namespace }}
spec:
replicas: {{ .Values.operator.replicas }}
selector:
matchLabels:
kubevirt.io: virt-operator
strategy:
type: RollingUpdate
template:
metadata:
labels:
kubevirt.io: virt-operator
name: virt-operator
prometheus.kubevirt.io: "true"
name: virt-operator
spec:
affinity:
{{- .Values.operator.affinity | toYaml | nindent 8 }}
containers:
- args:
- --port
- "8443"
- -v
- "2"
command:
- virt-operator
env:
- name: VIRT_OPERATOR_IMAGE
value: {{ .Values.operator.image }}:{{ .Values.operator.version }}
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.annotations['olm.targetNamespaces']
- name: KUBEVIRT_VERSION
value: {{ .Values.operator.version }}
image: {{ .Values.operator.image }}:{{ .Values.operator.version }}
imagePullPolicy: {{ .Values.operator.pullPolicy }}
name: virt-operator
ports:
- containerPort: 8443
name: metrics
protocol: TCP
- containerPort: 8444
name: webhooks
protocol: TCP
readinessProbe:
httpGet:
path: /metrics
port: 8443
scheme: HTTPS
initialDelaySeconds: 5
timeoutSeconds: 10
resources:
{{- .Values.operator.resources | toYaml | nindent 12 }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /etc/virt-operator/certificates
name: kubevirt-operator-certs
readOnly: true
- mountPath: /profile-data
name: profile-data
nodeSelector:
kubernetes.io/os: linux
priorityClassName: kubevirt-cluster-critical
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccountName: kubevirt-operator
tolerations:
- key: CriticalAddonsOnly
operator: Exists
volumes:
- name: kubevirt-operator-certs
secret:
optional: true
secretName: kubevirt-operator-certs
- emptyDir: {}
name: profile-data
07070100000006000081a400000000000000000000000168e8e32400000940000000000000000000000000000000000000002800000000templates/kubevirt-uninstall-hooks.yamlapiVersion: v1
kind: ServiceAccount
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crUninstallHook.name" . }}
{{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 1) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crUninstallHook.name" . }}
{{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 1) }}
rules:
- apiGroups: [ "kubevirt.io" ]
resources: [ "kubevirts" ]
resourceNames:
- "kubevirt"
verbs: [ "get", "list", "delete" ]
- apiGroups: [ "apps" ]
resources: [ "deployments", "daemonsets" ]
verbs: [ "get", "list" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crUninstallHook.name" . }}
{{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 2) }}
subjects:
- kind: ServiceAccount
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crUninstallHook.name" . }}
roleRef:
kind: Role
name: {{ template "kubevirt.crUninstallHook.name" . }}
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crUninstallHook.name" . }}
{{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 3) }}
spec:
template:
metadata:
name: {{ template "kubevirt.crUninstallHook.name" . }}
spec:
serviceAccountName: {{ template "kubevirt.crUninstallHook.name" . }}
restartPolicy: {{ .Values.hookRestartPolicy }}
containers:
- name: {{ template "kubevirt.crUninstallHook.name" . }}
image: {{ .Values.hookImage }}
securityContext:
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
args:
- delete
- kubevirt
- kubevirt
- name: {{ template "kubevirt.crUninstallHook.name" . }}-cleanup
image: {{ .Values.hookImage }}
securityContext:
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
args:
- wait
- --for=delete
- deployments/virt-api
- deployments/virt-controller
- daemonsets/virt-handler
- --timeout=60s
07070100000007000081a400000000000000000000000168e8e32400000420000000000000000000000000000000000000001800000000templates/kubevirt.yamlapiVersion: kubevirt.io/v1
kind: KubeVirt
metadata:
name: kubevirt
namespace: {{ .Release.Namespace }}
spec:
{{- with .Values.kubevirt.configuration }}
configuration:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.kubevirt.customizeComponents }}
customizeComponents:
{{- toYaml . | nindent 4 }}
{{- end }}
imagePullPolicy: {{ .Values.kubevirt.imagePullPolicy }}
{{- with .Values.kubevirt.infra }}
infra:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.kubevirt.uninstallStrategy }}
uninstallStrategy: {{ .Values.kubevirt.uninstallStrategy }}
{{- end }}
{{- with .Values.kubevirt.workloads }}
workloads:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.kubevirt.workloadUpdateStrategy }}
workloadUpdateStrategy:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.kubevirt.monitorNamespace }}
monitorNamespace: {{ .Values.kubevirt.monitorNamespace }}
{{- end }}
{{- if .Values.kubevirt.monitorAccount }}
monitorAccount: {{ .Values.kubevirt.monitorAccount }}
{{- end }}
07070100000008000081a400000000000000000000000168e8e324000007c3000000000000000000000000000000000000001f00000000templates/namespace-hooks.yamlapiVersion: v1
kind: ServiceAccount
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.namespaceHook.name" . }}
{{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 1) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "kubevirt.namespaceHook.name" . }}
{{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 1) }}
rules:
- apiGroups: [ "" ]
resources: [ "namespaces" ]
resourceNames:
- {{ .Release.Namespace | quote }}
verbs: [ "get", "patch" ]
- apiGroups: [ "management.cattle.io" ] # Rancher
resources: [ "projects" ]
verbs: [ "updatepsa" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "kubevirt.namespaceHook.name" . }}
{{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 2) }}
subjects:
- kind: ServiceAccount
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.namespaceHook.name" . }}
roleRef:
kind: ClusterRole
name: {{ template "kubevirt.namespaceHook.name" . }}
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.namespaceHook.name" . }}
{{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 3) }}
spec:
template:
metadata:
name: {{ template "kubevirt.namespaceHook.name" . }}
spec:
serviceAccountName: {{ template "kubevirt.namespaceHook.name" . }}
restartPolicy: {{ .Values.hookRestartPolicy }}
containers:
- name: {{ template "kubevirt.namespaceHook.name" . }}
securityContext:
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
image: {{ .Values.hookImage }}
args:
- label
- namespace
- {{ .Release.Namespace }}
- kubevirt.io=
- pod-security.kubernetes.io/enforce=privileged
07070100000009000041ed00000000000000000000000168e8e32400000000000000000000000000000000000000000000000a00000000templates07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000b00000000TRAILER!!!
