feat(deploy): add virtink helm chart

deploy/helm/virtink/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

deploy/helm/virtink/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: virtink
+description: A helm chart for installing virtink
+type: application
+version: 0.9.0
+appVersion: "1.16.0"

deploy/helm/virtink/templates/_helpers.tpl

@@ -0,0 +1,63 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "virtink.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "virtink.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "virtink.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "virtink.labels" -}}
+helm.sh/chart: {{ include "virtink.chart" . }}
+{{ include "virtink.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "virtink.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "virtink.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{- define "virtink.image" -}}
+{{- $registryName := .registry -}}
+{{- $repositoryName := .repository -}}
+{{- $tag := .tag | toString -}}
+{{- $digest := .digest | toString -}}
+{{- if $digest }}
+    {{- printf "%s/%s@%s" $registryName $repositoryName $digest -}}
+{{- else -}}
+    {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+{{- end -}}
+{{- end -}}

deploy/helm/virtink/templates/virt-controller/cert.yaml

@@ -0,0 +1,20 @@
+{{- $service := .Values.virtController }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ $service.name }}-cert
+spec:
+  issuerRef:
+    kind: Issuer
+    name: {{ $service.name }}-cert-issuer
+  dnsNames:
+    - {{ $service.name }}.{{ .Release.Namespace }}.svc
+    - {{ $service.name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
+  secretName: {{ $service.name }}-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ $service.name }}-cert-issuer
+spec:
+  selfSigned: {}

deploy/helm/virtink/templates/virt-controller/deployment.yaml

@@ -0,0 +1,59 @@
+{{- $service := .Values.virtController }}
+{{- $image := merge $service.image .Values.image }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ $service.name }}
+  labels:
+    {{- include "virtink.labels" . | nindent 4 }}
+    app.kubernetes.io/component: {{ $service.name }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "virtink.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: {{ $service.name }}
+  template:
+    metadata:
+      {{- with $service.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "virtink.selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: {{ $service.name }}
+    spec:
+      serviceAccountName: {{ $service.name }}
+      securityContext:
+        {{- toYaml $service.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ $service.name }}
+          image: {{ include "virtink.image" $image }}
+          imagePullPolicy: {{ $image.pullPolicy }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          args:
+            - --zap-time-encoding=iso8601
+            - --leader-elect
+          volumeMounts:
+            - name: cert
+              mountPath: /tmp/k8s-webhook-server/serving-certs
+              readOnly: true
+          resources:
+            {{- toYaml .Values.virtController.resources | nindent 12 }}
+      volumes:
+        - name: cert
+          secret:
+            secretName: {{ $service.name }}-cert
+            defaultMode: 0644
+      {{- with .Values.virtController.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.virtController.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.virtController.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

deploy/helm/virtink/templates/virt-controller/manifests.yaml

@@ -0,0 +1,57 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ include "virtink.fullname" . }}
+  annotations:
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.virtController.name }}-cert
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: {{ .Values.virtController.name }}
+      namespace: {{ .Release.Namespace }}
+      path: /mutate-v1alpha1-virtualmachine
+  failurePolicy: Fail
+  name: mutate.virtualmachine.v1alpha1.virt.virtink.smartx.com
+  rules:
+  - apiGroups:
+    - virt.virtink.smartx.com
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - virtualmachines
+  sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: {{ include "virtink.fullname" . }}
+  annotations:
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.virtController.name }}-cert
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: {{ .Values.virtController.name }}
+      namespace: {{ .Release.Namespace }}
+      path: /validate-v1alpha1-virtualmachine
+  failurePolicy: Fail
+  name: validate.virtualmachine.v1alpha1.virt.virtink.smartx.com
+  rules:
+  - apiGroups:
+    - virt.virtink.smartx.com
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - virtualmachines
+  sideEffects: None

deploy/helm/virtink/templates/virt-controller/rbac.yaml

@@ -0,0 +1,118 @@
+{{- $service := .Values.virtController }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ $service.name }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cdi.kubevirt.io
+  resources:
+  - datavolumes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - k8s.cni.cncf.io
+  resources:
+  - network-attachment-definitions
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - virt.virtink.smartx.com
+  resources:
+  - virtualmachines
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - virt.virtink.smartx.com
+  resources:
+  - virtualmachines/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - virt.virtink.smartx.com
+  resources:
+  - virtualmachines/status
+  verbs:
+  - get
+  - patch
+  - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ $service.name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ $service.name }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ $service.name }}
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ $service.name }}

deploy/helm/virtink/templates/virt-controller/service.yaml

@@ -0,0 +1,15 @@
+{{- $service := .Values.virtDaemon }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ $service.name }}
+  labels:
+    {{- include "virtink.labels" . | nindent 4 }}
+    app.kubernetes.io/component: {{ $service.name }}
+spec:
+  selector:
+    {{- include "virtink.selectorLabels" . | nindent 4 }}
+    app.kubernetes.io/component: {{ $service.name }}
+  ports:
+    - port: 443
+      targetPort: 9443