lukaszraczylo/kubernetes-images-sync-operator
1
0
Fork 0
mirror of https://github.com/lukaszraczylo/kubernetes-images-sync-operator.git synced 2026-06-09 23:19:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Initial commit for the operator

Browse Source
This commit is contained in:
Lukasz Raczylo
2024-09-04 20:46:36 +01:00
commit 180dfd1687
82 changed files with 5954 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
chart/.helmignore
+23
View File
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
chart/Chart.yaml
+21
View File
@@ -0,0 +1,21 @@
apiVersion: v2
name: kube-images-sync
description: |
A Helm chart for Kubernetes Images Sync Operator.
Kubernetes Images Sync Operator is responsible for backing up and restoring images from a Kubernetes cluster.
It's ultimate goal is to provide synchonization of images between multiple environments, quite often air-gapped.
It compiles the list of images currently present in the cluster and uploads them to the specified storage.
Whenever new CRD is created - it will try to figure out which images were already uploaded and which are new and
upload only the new ones to avoid repetition.
type: application
version: 0.0.26
appVersion: "0.0.26"
home: https://github.com/lukaszraczylo/kubernetes-images-sync-operator
maintainers:
- name: lukaszraczylo
email: github-enquiries@raczylo.com
chart/templates/_helpers.tpl
+62
View File
@@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "chart.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "chart.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "chart.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "chart.labels" -}}
helm.sh/chart: {{ include "chart.chart" . }}
{{ include "chart.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "chart.selectorLabels" -}}
app.kubernetes.io/name: {{ include "chart.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "chart.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "chart.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
chart/templates/clusterimage-crd.yaml
+108
View File
@@ -0,0 +1,108 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clusterimages.raczylo.com
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
labels:
{{- include "chart.labels" . | nindent 4 }}
spec:
group: raczylo.com
names:
kind: ClusterImage
listKind: ClusterImageList
plural: clusterimages
singular: clusterimage
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.exportName
name: Ref
type: string
- jsonPath: .spec.image
name: Image
type: string
- jsonPath: .spec.tag
name: Tag
type: string
- jsonPath: .spec.sha
name: SHA
type: string
- jsonPath: .spec.storage
name: Storage
type: string
- jsonPath: .spec.exportPath
name: Path
type: string
- jsonPath: .status.progress
name: Progress
type: string
- jsonPath: .status.retryCount
name: Retries
type: integer
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: ClusterImage is the Schema for the clusterimages API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ClusterImageSpec defines the desired state of ClusterImage
properties:
exportName:
type: string
exportPath:
type: string
fullName:
type: string
image:
type: string
sha:
type: string
storage:
type: string
tag:
type: string
required:
- exportName
type: object
status:
description: ClusterImageStatus defines the observed state of ClusterImage
properties:
progress:
type: string
retryCount:
default: 0
description: default value is 0
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
chart/templates/clusterimageexport-crd.yaml
+141
View File
@@ -0,0 +1,141 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clusterimageexports.raczylo.com
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
labels:
{{- include "chart.labels" . | nindent 4 }}
spec:
group: raczylo.com
names:
kind: ClusterImageExport
listKind: ClusterImageExportList
plural: clusterimageexports
singular: clusterimageexport
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.basePath
name: BasePath
type: string
- jsonPath: .spec.storage.target
name: Storage
type: string
- jsonPath: .status.progress
name: Progress
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: ClusterImageExport is the Schema for the clusterimageexports API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ClusterImageExportSpec defines the desired state of ClusterImageExport
properties:
basePath:
description: Base path for the export - both file and S3
maxLength: 255
minLength: 1
type: string
createdAt:
format: date-time
type: string
excludes:
description: Exclude images which contain these strings
items:
type: string
type: array
includes:
description: Include only images which contain these strings
items:
type: string
type: array
maxConcurrentJobs:
type: integer
name:
type: string
storage:
description: ClusterImageStorageSpec defines the desired state of ClusterImageStorage
properties:
s3:
properties:
accessKey:
description: S3 bucket credentials
type: string
bucket:
description: Bucket name
type: string
endpoint:
description: |-
Defines the endpoint for the S3 storage
If none specified - default AWS endpoint will be used
type: string
region:
type: string
roleARN:
description: RoleARN is the ARN of the role to be used for the
deployment
type: string
secretKey:
type: string
secretName:
description: Defines the secret name for credentials
type: string
useRole:
type: boolean
required:
- bucket
- region
type: object
target:
enum:
- file
- S3
type: string
required:
- target
type: object
required:
- basePath
- maxConcurrentJobs
- name
- storage
type: object
status:
description: ClusterImageExportStatus defines the observed state of ClusterImageExport
properties:
progress:
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
chart/templates/cm-raczylo-com-metrics-service.yaml
+14
View File
@@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "chart.fullname" . }}-cm-raczylo-com-metrics-service
labels:
control-plane: cm-raczylo-com
{{- include "chart.labels" . | nindent 4 }}
spec:
type: {{ .Values.cmRaczyloComMetricsService.type }}
selector:
control-plane: cm-raczylo-com
{{- include "chart.selectorLabels" . | nindent 4 }}
ports:
{{- .Values.cmRaczyloComMetricsService.ports | toYaml | nindent 2 }}
chart/templates/deployment.yaml
+50
View File
@@ -0,0 +1,50 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "chart.fullname" . }}-cm-raczylo-com
labels:
control-plane: cm-raczylo-com
{{- include "chart.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.cmRaczyloCom.replicas }}
selector:
matchLabels:
control-plane: cm-raczylo-com
{{- include "chart.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
control-plane: cm-raczylo-com
{{- include "chart.selectorLabels" . | nindent 8 }}
annotations:
kubectl.kubernetes.io/default-container: manager
spec:
containers:
- args: {{- toYaml .Values.cmRaczyloCom.manager.args | nindent 8 }}
command:
- /manager
env:
- name: KUBERNETES_CLUSTER_DOMAIN
value: {{ quote .Values.kubernetesClusterDomain }}
image: {{ .Values.cmRaczyloCom.manager.image.repository }}:{{ .Values.cmRaczyloCom.manager.image.tag
| default .Chart.AppVersion }}
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources: {{- toYaml .Values.cmRaczyloCom.manager.resources | nindent 10 }}
securityContext: {{- toYaml .Values.cmRaczyloCom.manager.containerSecurityContext
| nindent 10 }}
securityContext:
runAsNonRoot: true
serviceAccountName: {{ include "chart.fullname" . }}-cm-raczylo-com
terminationGracePeriodSeconds: 10
chart/templates/metrics-auth-raczylo-rbac.yaml
+19
View File
@@ -0,0 +1,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "chart.fullname" . }}-metrics-auth-raczylo
labels:
{{- include "chart.labels" . | nindent 4 }}
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
chart/templates/metrics-auth-raczylobinding-rbac.yaml
+14
View File
@@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "chart.fullname" . }}-metrics-auth-raczylobinding
labels:
{{- include "chart.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: '{{ include "chart.fullname" . }}-metrics-auth-raczylo'
subjects:
- kind: ServiceAccount
name: '{{ include "chart.fullname" . }}-cm-raczylo-com'
namespace: '{{ .Release.Namespace }}'
chart/templates/metrics-raczylo-rbac.yaml
+11
View File
@@ -0,0 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "chart.fullname" . }}-metrics-raczylo
labels:
{{- include "chart.labels" . | nindent 4 }}
rules:
- nonResourceURLs:
- /metrics
verbs:
- get
chart/templates/mr-raczylo-com-rbac.yaml
+63
View File
@@ -0,0 +1,63 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "chart.fullname" . }}-mr-raczylo-com
labels:
{{- include "chart.labels" . | nindent 4 }}
rules:
- apiGroups:
- apps
resources:
- daemonsets
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- raczylo.com
resources:
- clusterimageexports
- clusterimages
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- raczylo.com
resources:
- clusterimageexports/finalizers
verbs:
- update
- apiGroups:
- raczylo.com
resources:
- clusterimageexports/status
verbs:
- get
- patch
- update
chart/templates/mr-raczylo-combinding-rbac.yaml
+14
View File
@@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "chart.fullname" . }}-mr-raczylo-combinding
labels:
{{- include "chart.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: '{{ include "chart.fullname" . }}-mr-raczylo-com'
subjects:
- kind: ServiceAccount
name: '{{ include "chart.fullname" . }}-cm-raczylo-com'
namespace: '{{ .Release.Namespace }}'
chart/templates/raczylo-com-leader-rbac.yaml
+38
View File
@@ -0,0 +1,38 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "chart.fullname" . }}-raczylo-com-leader
labels:
{{- include "chart.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
chart/templates/raczylo-com-leaderbinding-rbac.yaml
+14
View File
@@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "chart.fullname" . }}-raczylo-com-leaderbinding
labels:
{{- include "chart.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: '{{ include "chart.fullname" . }}-raczylo-com-leader'
subjects:
- kind: ServiceAccount
name: '{{ include "chart.fullname" . }}-cm-raczylo-com'
namespace: '{{ .Release.Namespace }}'
chart/templates/raczylo.com-clusterimage-editor-rbac.yaml
+25
View File
@@ -0,0 +1,25 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "chart.fullname" . }}-raczylo.com-clusterimage-editor-role
labels:
{{- include "chart.labels" . | nindent 4 }}
rules:
- apiGroups:
- raczylo.com
resources:
- clusterimages
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- raczylo.com
resources:
- clusterimages/status
verbs:
- get
chart/templates/raczylo.com-clusterimage-viewer-rbac.yaml
+21
View File
@@ -0,0 +1,21 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "chart.fullname" . }}-raczylo.com-clusterimage-viewer-role
labels:
{{- include "chart.labels" . | nindent 4 }}
rules:
- apiGroups:
- raczylo.com
resources:
- clusterimages
verbs:
- get
- list
- watch
- apiGroups:
- raczylo.com
resources:
- clusterimages/status
verbs:
- get
chart/templates/raczylo.com-clusterimageexport-editor-rbac.yaml
+25
View File
@@ -0,0 +1,25 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "chart.fullname" . }}-raczylo.com-clusterimageexport-editor-role
labels:
{{- include "chart.labels" . | nindent 4 }}
rules:
- apiGroups:
- raczylo.com
resources:
- clusterimageexports
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- raczylo.com
resources:
- clusterimageexports/status
verbs:
- get
chart/templates/raczylo.com-clusterimageexport-viewer-rbac.yaml
+21
View File
@@ -0,0 +1,21 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "chart.fullname" . }}-raczylo.com-clusterimageexport-viewer-role
labels:
{{- include "chart.labels" . | nindent 4 }}
rules:
- apiGroups:
- raczylo.com
resources:
- clusterimageexports
verbs:
- get
- list
- watch
- apiGroups:
- raczylo.com
resources:
- clusterimageexports/status
verbs:
- get
chart/templates/serviceaccount.yaml
+8
View File
@@ -0,0 +1,8 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "chart.fullname" . }}-cm-raczylo-com
labels:
{{- include "chart.labels" . | nindent 4 }}
annotations:
{{- toYaml .Values.cmRaczyloCom.serviceAccount.annotations | nindent 4 }}
chart/values.yaml
+32
View File
@@ -0,0 +1,32 @@
cmRaczyloCom:
manager:
args:
- --metrics-bind-address=:8443
- --leader-elect
- --health-probe-bind-address=:8081
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
image:
repository: controller
tag: latest
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
replicas: 1
serviceAccount:
annotations: {}
cmRaczyloComMetricsService:
ports:
- name: https
port: 8443
protocol: TCP
targetPort: 8443
type: ClusterIP
kubernetesClusterDomain: cluster.local