diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 14670fe..b2f7e39 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -3,6 +3,7 @@ # It should be run by config/default resources: - bases/kamaji.clastix.io_tenantcontrolplanes.yaml +- bases/kamaji.clastix.io_datastores.yaml #+kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index 4e2232f..ffd4b49 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -25,3 +25,4 @@ spec: - "--health-probe-bind-address=:8081" - "--metrics-bind-address=127.0.0.1:8080" - "--leader-elect" + - "--datastore=kamaji-etcd" diff --git a/config/install.yaml b/config/install.yaml index bcb1a65..a4d8d0c 100644 --- a/config/install.yaml +++ b/config/install.yaml @@ -7,6 +7,234 @@ metadata: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: datastores.kamaji.clastix.io +spec: + group: kamaji.clastix.io + names: + kind: DataStore + listKind: DataStoreList + plural: datastores + singular: datastore + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Kamaji data store driver + jsonPath: .spec.driver + name: Driver + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DataStore is the Schema for the datastores API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DataStoreSpec defines the desired state of DataStore. + properties: + basicAuth: + description: In case of authentication enabled for the given data store, specifies the username and password pair. This value is optional. + properties: + password: + properties: + content: + description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value. + format: byte + type: string + secretReference: + properties: + keyPath: + description: Name of the key for the given Secret reference where the content is stored. This value is mandatory. + type: string + name: + description: name is unique within a namespace to reference a secret resource. + type: string + namespace: + description: namespace defines the space within which the secret name must be unique. + type: string + required: + - keyPath + type: object + x-kubernetes-map-type: atomic + type: object + username: + properties: + content: + description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value. + format: byte + type: string + secretReference: + properties: + keyPath: + description: Name of the key for the given Secret reference where the content is stored. This value is mandatory. + type: string + name: + description: name is unique within a namespace to reference a secret resource. + type: string + namespace: + description: namespace defines the space within which the secret name must be unique. + type: string + required: + - keyPath + type: object + x-kubernetes-map-type: atomic + type: object + required: + - password + - username + type: object + driver: + description: The driver to use to connect to the shared datastore. + type: string + endpoints: + description: List of the endpoints to connect to the shared datastore. No need for protocol, just bare IP/FQDN and port. + items: + type: string + type: array + tlsConfig: + description: Defines the TLS/SSL configuration required to connect to the data store in a secure way. + properties: + certificateAuthority: + description: Retrieve the Certificate Authority certificate and private key, such as bare content of the file, or a SecretReference. The key reference is required since etcd authentication is based on certificates, and Kamaji is responsible in creating this. + properties: + certificate: + properties: + content: + description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value. + format: byte + type: string + secretReference: + properties: + keyPath: + description: Name of the key for the given Secret reference where the content is stored. This value is mandatory. + type: string + name: + description: name is unique within a namespace to reference a secret resource. + type: string + namespace: + description: namespace defines the space within which the secret name must be unique. + type: string + required: + - keyPath + type: object + x-kubernetes-map-type: atomic + type: object + privateKey: + properties: + content: + description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value. + format: byte + type: string + secretReference: + properties: + keyPath: + description: Name of the key for the given Secret reference where the content is stored. This value is mandatory. + type: string + name: + description: name is unique within a namespace to reference a secret resource. + type: string + namespace: + description: namespace defines the space within which the secret name must be unique. + type: string + required: + - keyPath + type: object + x-kubernetes-map-type: atomic + type: object + required: + - certificate + type: object + clientCertificate: + description: Specifies the SSL/TLS key and private key pair used to connect to the data store. + properties: + certificate: + properties: + content: + description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value. + format: byte + type: string + secretReference: + properties: + keyPath: + description: Name of the key for the given Secret reference where the content is stored. This value is mandatory. + type: string + name: + description: name is unique within a namespace to reference a secret resource. + type: string + namespace: + description: namespace defines the space within which the secret name must be unique. + type: string + required: + - keyPath + type: object + x-kubernetes-map-type: atomic + type: object + privateKey: + properties: + content: + description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value. + format: byte + type: string + secretReference: + properties: + keyPath: + description: Name of the key for the given Secret reference where the content is stored. This value is mandatory. + type: string + name: + description: name is unique within a namespace to reference a secret resource. + type: string + namespace: + description: namespace defines the space within which the secret name must be unique. + type: string + required: + - keyPath + type: object + x-kubernetes-map-type: atomic + type: object + required: + - certificate + - privateKey + type: object + required: + - certificateAuthority + - clientCertificate + type: object + required: + - driver + - endpoints + - tlsConfig + type: object + status: + description: DataStoreStatus defines the observed state of DataStore. + properties: + usedBy: + description: List of the Tenant Control Planes, namespaced named, using this data store. + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -1475,6 +1703,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 - --leader-elect + - --datastore=kamaji-etcd command: - /manager image: clastix/kamaji:latest @@ -1515,9 +1744,9 @@ spec: basicAuth: null driver: etcd endpoints: - - etcd-0.etcd.kamaji-system.svc:2379 - - etcd-1.etcd.kamaji-system.svc:2379 - - etcd-2.etcd.kamaji-system.svc:2379 + - etcd-0.etcd.kamaji-system.svc.cluster.local:2379 + - etcd-1.etcd.kamaji-system.svc.cluster.local:2379 + - etcd-2.etcd.kamaji-system.svc.cluster.local:2379 tlsConfig: certificateAuthority: certificate: diff --git a/config/samples/kamaji_v1alpha1_datastore_etcd.yaml b/config/samples/kamaji_v1alpha1_datastore_etcd.yaml index ae5e2d1..43cd5f7 100644 --- a/config/samples/kamaji_v1alpha1_datastore_etcd.yaml +++ b/config/samples/kamaji_v1alpha1_datastore_etcd.yaml @@ -5,9 +5,9 @@ metadata: spec: driver: etcd endpoints: - - etcd-0.etcd.kamaji-system.svc:2379 - - etcd-1.etcd.kamaji-system.svc:2379 - - etcd-2.etcd.kamaji-system.svc:2379 + - etcd-0.etcd.kamaji-system.svc.cluster.local:2379 + - etcd-1.etcd.kamaji-system.svc.cluster.local:2379 + - etcd-2.etcd.kamaji-system.svc.cluster.local:2379 basicAuth: null tlsConfig: certificateAuthority: diff --git a/deploy/etcd/etcd-cluster.yaml b/deploy/etcd/etcd-cluster.yaml index d5fe1c9..785c8c8 100644 --- a/deploy/etcd/etcd-cluster.yaml +++ b/deploy/etcd/etcd-cluster.yaml @@ -54,13 +54,6 @@ spec: app: etcd spec: serviceAccountName: etcd - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - app: etcd volumes: - name: certs secret: