diff --git a/exp/clusterclass/config/default/kustomization.yaml b/exp/clusterclass/config/default/kustomization.yaml index 6d54097a..a3c3605a 100644 --- a/exp/clusterclass/config/default/kustomization.yaml +++ b/exp/clusterclass/config/default/kustomization.yaml @@ -1,41 +1,19 @@ # Adds namespace to all resources. -namespace: turtles-clusterclass +namespace: rancher-turtles-system -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: clusterclass +namePrefix: rancher-turtles-clusterclass- -# Labels to add to all resources and selectors. -#labels: -#- includeSelectors: true -# pairs: -# someName: someValue +commonLabels: + turtles-capi.cattle.io: "clusterclass" resources: - ../crd - ../rbac - ../manager -- ../namespace -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- ../webhook -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -#- ../certmanager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus # Protect the /metrics endpoint by putting it behind auth. # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. patches: -- path: manager_image_patch.yaml -- path: manager_pull_policy.yaml -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -images: -- name: controller - newName: ghcr.io/rancher/turtles/exp/clusterclass - newTag: v0.0.1 + - path: manager_image_patch.yaml + - path: manager_pull_policy.yaml diff --git a/exp/clusterclass/config/default/manager_image_patch.yaml b/exp/clusterclass/config/default/manager_image_patch.yaml index 084f2aa0..8185d1f5 100644 --- a/exp/clusterclass/config/default/manager_image_patch.yaml +++ b/exp/clusterclass/config/default/manager_image_patch.yaml @@ -7,5 +7,5 @@ spec: template: spec: containers: - - image: controller + - image: ghcr.io/rancher/turtles-clusterclass-operations:dev name: manager diff --git a/exp/clusterclass/config/manager/kustomization.yaml b/exp/clusterclass/config/manager/kustomization.yaml index 52cf0695..5c5f0b84 100644 --- a/exp/clusterclass/config/manager/kustomization.yaml +++ b/exp/clusterclass/config/manager/kustomization.yaml @@ -1,8 +1,2 @@ resources: - manager.yaml -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -images: -- name: controller - newName: ghcr.io/rancher/turtles/exp/clusterclass - newTag: v0.0.1 diff --git a/exp/clusterclass/config/manager/manager.yaml b/exp/clusterclass/config/manager/manager.yaml index afe5d632..bf1f3bcf 100644 --- a/exp/clusterclass/config/manager/manager.yaml +++ b/exp/clusterclass/config/manager/manager.yaml @@ -5,12 +5,6 @@ metadata: namespace: system labels: control-plane: controller-manager - app.kubernetes.io/name: deployment - app.kubernetes.io/instance: controller-manager - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: turtles-rollout-poc - app.kubernetes.io/part-of: turtles-rollout-poc - app.kubernetes.io/managed-by: kustomize spec: selector: matchLabels: @@ -23,35 +17,6 @@ spec: labels: control-plane: controller-manager spec: - # TODO(user): Uncomment the following code to configure the nodeAffinity expression - # according to the platforms which are supported by your solution. - # It is considered best practice to support multiple architectures. You can - # build your manager image using the makefile target docker-buildx. - # affinity: - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: kubernetes.io/arch - # operator: In - # values: - # - amd64 - # - arm64 - # - ppc64le - # - s390x - # - key: kubernetes.io/os - # operator: In - # values: - # - linux - securityContext: - runAsNonRoot: true - # TODO(user): For common cases that do not require escalating privileges - # it is recommended to ensure that all your Pods/Containers are restrictive. - # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted - # Please uncomment the following code if your project does NOT have to work on old Kubernetes - # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). - # seccompProfile: - # type: RuntimeDefault containers: - command: - /manager @@ -59,11 +24,19 @@ spec: - --leader-elect image: controller:latest name: manager - # securityContext: - # allowPrivilegeEscalation: false - # capabilities: - # drop: - # - "ALL" + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid livenessProbe: httpGet: path: /healthz @@ -76,8 +49,6 @@ spec: port: 8081 initialDelaySeconds: 5 periodSeconds: 10 - # TODO(user): Configure the resources accordingly based on the project requirements. - # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: limits: cpu: 500m @@ -87,3 +58,8 @@ spec: memory: 64Mi serviceAccountName: manager terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane diff --git a/exp/clusterclass/config/namespace/kustomization.yaml b/exp/clusterclass/config/namespace/kustomization.yaml deleted file mode 100644 index 9233397c..00000000 --- a/exp/clusterclass/config/namespace/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- namespace.yaml \ No newline at end of file diff --git a/exp/clusterclass/config/namespace/namespace.yaml b/exp/clusterclass/config/namespace/namespace.yaml deleted file mode 100644 index 8b55c3cd..00000000 --- a/exp/clusterclass/config/namespace/namespace.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - name: system