zhouqunjie
/
karmada
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

cmd/backend api dev with karmadactl 

Signed-off-by: zhouqunjie <450705171@qq.com>
This commit is contained in:
zhouqunjie 2022-05-26 11:23:34 +08:00
parent 1231143753
commit 3f904f5161
7772 changed files with 2198289 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.idea/.gitignore vendored Normal file
View File

@ -0,0 +1,8 @@
# 默认忽略的文件
/shelf/
/workspace.xml
# 基于编辑器的 HTTP 客户端请求
/httpRequests/
# Datasource local storage ignored files
/dataSources/
/dataSources.local.xml

9
.idea/karmada.iml Normal file
View File

@ -0,0 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<module type="WEB_MODULE" version="4">
<component name="Go" enabled="true" />
<component name="NewModuleRootManager">
<content url="file://$MODULE_DIR$" />
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
</component>
</module>

8
.idea/modules.xml Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectModuleManager">
<modules>
<module fileurl="file://$PROJECT_DIR$/.idea/karmada.iml" filepath="$PROJECT_DIR$/.idea/karmada.iml" />
</modules>
</component>
</project>

6
.idea/vcs.xml Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="VcsDirectoryMappings">
<mapping directory="$PROJECT_DIR$" vcs="Git" />
</component>
</project>

12
ADOPTERS.md Normal file
View File

@ -0,0 +1,12 @@
# Karmada Adopters
Karmada has been adopted by many companies.
If you are using Karmada in your organization, please feel free to add your logo to the list!
<img alt="HUAWEICLOUD" width="150px" src="https://karmada.io/img/huawei.png"><img alt="ICBC" width="150px" src="https://karmada.io/img/icbc.png">
<img alt="SPDBank" width="150px" src="https://karmada.io/img/spdb.png"><img alt="Xiaohongshu" width="150px" src="https://karmada.io/img/xiaohongshu.png">
<img alt="VIPKID" width="150px" src="https://karmada.io/img/VIPKID.png"><img alt="Qutoutiao" width="150px" src="https://karmada.io/img/qutoutiao.png">
<img alt="FAW" width="150px" src="https://karmada.io/img/faw.png"><img alt="T3" width="150px" src="https://karmada.io/img/T3-logo2.png">

6
CHANGELOG.md Normal file
View File

@ -0,0 +1,6 @@
# CHANGELOGs
- [CHANGELOG-1.1.md](./docs/CHANGELOG/CHANGELOG-1.1.md)
- [CHANGELOG-1.0.md](./docs/CHANGELOG/CHANGELOG-1.0.md)
- [CHANGELOG-0.10.md](./docs/CHANGELOG/CHANGELOG-0.10.md)
- [CHANGELOG-0.9.md](./docs/CHANGELOG/CHANGELOG-0.9.md)

78
CODE_OF_CONDUCT.md Normal file
View File

@ -0,0 +1,78 @@
# Contributor Covenant Code of Conduct
## Our Pledge
In the interest of fostering an open and welcoming environment, we as
contributors and maintainers pledge to make participation in our project and
our community a harassment-free experience for everyone, regardless of age, body
size, disability, ethnicity, sex characteristics, gender identity and expression,
level of experience, education, socio-economic status, nationality, personal
appearance, race, religion, or sexual identity and orientation.
## Our Standards
Examples of behavior that contributes to creating a positive environment
include:
* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
* Showing empathy towards other community members
Examples of unacceptable behavior by participants include:
* The use of sexualized language or imagery and unwelcome sexual attention or
advances
* Trolling, insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or electronic
address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
## Our Responsibilities
Project maintainers are responsible for clarifying the standards of acceptable
behavior and are expected to take appropriate and fair corrective action in
response to any instances of unacceptable behavior.
Project maintainers have the right and responsibility to remove, edit, or
reject comments, commits, code, wiki edits, issues, and other contributions
that are not aligned to this Code of Conduct, or to ban temporarily or
permanently any contributor for other behaviors that they deem inappropriate,
threatening, offensive, or harmful.
## Scope
This Code of Conduct applies within all project spaces, and it also applies when
an individual is representing the project or its community in public spaces.
Examples of representing a project or community include using an official
project e-mail address, posting via an official social media account, or acting
as an appointed representative at an online or offline event. Representation of
a project may be further defined and clarified by project maintainers.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting the project team at [karmadaoss@gmail.com]. All
complaints will be reviewed and investigated and will result in a response that
is deemed necessary and appropriate to the circumstances. The project team is
obligated to maintain confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
[homepage]: https://www.contributor-covenant.org
For answers to common questions about this code of conduct, see
https://www.contributor-covenant.org/faq

106
CONTRIBUTING.md Normal file
View File

@ -0,0 +1,106 @@
# Contributing
Welcome to Karmada!
- [Before you get started](#before-you-get-started)
- [Code of Conduct](#code-of-conduct)
- [Community Expectations](#community-expectations)
- [Getting started](#getting-started)
- [Your First Contribution](#your-first-contribution)
- [Find something to work on](#find-something-to-work-on)
- [Find a good first topic](#find-a-good-first-topic)
- [Work on an Issue](#work-on-an-issue)
- [File an Issue](#file-an-issue)
- [Contributor Workflow](#contributor-workflow)
- [Creating Pull Requests](#creating-pull-requests)
- [Code Review](#code-review)
- [Testing](#testing)
# Before you get started
## Code of Conduct
Please make sure to read and observe our [Code of Conduct](/CODE_OF_CONDUCT.md).
## Community Expectations
Karmada is a community project driven by its community which strives to promote a healthy, friendly and productive environment.
Karmada aims to provide turnkey automation for multi-cluster application management in multi-cloud and hybrid cloud scenarios,
and intended to realize multi-cloud centralized management, high availability, failure recovery and traffic scheduling.
# Getting started
- Fork the repository on GitHub.
- Make your changes on your fork repository.
- Submit a PR.
# Your First Contribution
We will help you to contribute in different areas like filing issues, developing features, fixing critical bugs and
getting your work reviewed and merged.
If you have questions about the development process,
feel free to [file an issue](https://github.com/karmada-io/karmada/issues/new/choose).
## Find something to work on
We are always in need of help, be it fixing documentation, reporting bugs or writing some code.
Look at places where you feel best coding practices aren't followed, code refactoring is needed or tests are missing.
Here is how you get started.
### Find a good first topic
There are [multiple repositories](https://github.com/karmada-io/) within the Karmada organization.
Each repository has beginner-friendly issues that provide a good first issue.
For example, [karmada-io/karmada](https://github.com/karmada-io/karmada) has
[help wanted](https://github.com/karmada-io/karmada/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22) and
[good first issue](https://github.com/karmada-io/karmada/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22)
labels for issues that should not need deep knowledge of the system.
We can help new contributors who wish to work on such issues.
Another good way to contribute is to find a documentation improvement, such as a missing/broken link.
Please see [Contributing](#contributing) below for the workflow.
#### Work on an issue
When you are willing to take on an issue, just reply on the issue. The maintainer will assign it to you.
### File an Issue
While we encourage everyone to contribute code, it is also appreciated when someone reports an issue.
Issues should be filed under the appropriate Karmada sub-repository.
*Example:* a Karmada issue should be opened to [karmada-io/karmada](https://github.com/karmada-io/karmada/issues).
Please follow the prompted submission guidelines while opening an issue.
# Contributor Workflow
Please do not ever hesitate to ask a question or send a pull request.
This is a rough outline of what a contributor's workflow looks like:
- Create a topic branch from where to base the contribution. This is usually master.
- Make commits of logical units.
- Push changes in a topic branch to a personal fork of the repository.
- Submit a pull request to [karmada-io/karmada](https://github.com/karmada-io/karmada).
## Creating Pull Requests
Pull requests are often called simply "PR".
Karmada generally follows the standard [github pull request](https://help.github.com/articles/about-pull-requests/) process.
To submit a proposed change, please develop the code/fix and add new test cases.
After that, run these local verifications before submitting pull request to predict the pass or
fail of continuous integration.
* Run and pass `make verify`
* Run and pass `make test`
## Code Review
To make it easier for your PR to receive reviews, consider the reviewers will need you to:
* follow [good coding guidelines](https://github.com/golang/go/wiki/CodeReviewComments).
* write [good commit messages](https://chris.beams.io/posts/git-commit/).
* break large changes into a logical series of smaller patches which individually make easily understandable changes, and in aggregate solve a broader issue.

201
LICENSE Normal file
View File

@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

17
MAINTAINERS.md Normal file
View File

@ -0,0 +1,17 @@
# Karmada Maintainers
Official list of Karmada Maintainers.
Please keep the below list sorted in ascending order.
## Maintainers
| Maintainer | GitHub ID | Affiliation | Email |
| --------------- | --------- | ----------- | ----------- |
| Hanbo Li | @mrlihanbo | Huawei | <lihanbo2@huawei.com> |
| Hongcai Ren | @RainbowMango | Huawei | <renhongcai@huawei.com> |
| Kevin Wang | @kevin-wangzefeng | Huawei | <wangzefeng@huawei.com> |
| Lei Xue | @carmark | Tencent | <vfs@live.com> |
| Shiyi Xie | @GitHubxsy | Huawei | <xieshiyi1@huawei.com> |
| Yifan Shen | @zoroyouxi | ICBC | <shenyf@sdc.icbc.com.cn> |
| Yiheng Ci | @lfbear | VIPKID | <ciyiheng@vipkid.com.cn> |

154
Makefile Normal file
View File

@ -0,0 +1,154 @@
GOOS ?= $(shell go env GOOS)
GOARCH ?= $(shell go env GOARCH)
SOURCES := $(shell find . -type f -name '*.go')
LDFLAGS='$(shell hack/version.sh)'
# Images management
REGISTRY?="swr.ap-southeast-1.myhuaweicloud.com/karmada"
REGISTRY_USER_NAME?=""
REGISTRY_PASSWORD?=""
REGISTRY_SERVER_ADDRESS?=""
# Set your version by env or using latest tags from git
VERSION?=""
ifeq ($(VERSION), "")
LATEST_TAG=$(shell git describe --tags)
ifeq ($(LATEST_TAG),)
# Forked repo may not sync tags from upstream, so give it a default tag to make CI happy.
VERSION="unknown"
else
VERSION=$(LATEST_TAG)
endif
endif
TARGETS := karmada-aggregated-apiserver \
karmada-controller-manager \
karmada-scheduler \
karmada-descheduler \
karmada-webhook \
karmada-agent \
karmada-scheduler-estimator \
karmada-interpreter-webhook-example \
karmada-search
CTL_TARGETS := karmadactl kubectl-karmada
# Build code.
#
# Args:
# GOOS: OS to build.
# GOARCH: Arch to build.
#
# Example:
# make
# make all
# make karmada-aggregated-apiserver
# make karmada-aggregated-apiserver GOOS=linux
CMD_TARGET=$(TARGETS) $(CTL_TARGETS)
.PHONY: all
all: $(CMD_TARGET)
.PHONY: $(CMD_TARGET)
$(CMD_TARGET): $(SOURCES)
LDFLAGS=$(LDFLAGS) BUILD_PLATFORMS=$(GOOS)/$(GOARCH) hack/build.sh $@
# Build image.
#
# Args:
# GOARCH: Arch to build.
# OUTPUT_TYPE: Destination to save image(docker/registry).
#
# Example:
# make images
# make image-karmada-aggregated-apiserver
# make image-karmada-aggregated-apiserver GOARCH=arm64
IMAGE_TARGET=$(addprefix image-, $(TARGETS))
.PHONY: $(IMAGE_TARGET)
$(IMAGE_TARGET):
set -e;\
target=$$(echo $(subst image-,,$@));\
make $$target GOOS=linux;\
VERSION=$(VERSION) REGISTRY=$(REGISTRY) BUILD_PLATFORMS=linux/$(GOARCH) hack/docker.sh $$target
images: $(IMAGE_TARGET)
# Build and push multi-platform image to DockerHub
#
# Example
# make multi-platform-images
# make mp-image-karmada-aggregated-apiserver
MP_TARGET=$(addprefix mp-image-, $(TARGETS))
.PHONY: $(MP_TARGET)
$(MP_TARGET):
set -e;\
target=$$(echo $(subst mp-image-,,$@));\
make $$target GOOS=linux GOARCH=amd64;\
make $$target GOOS=linux GOARCH=arm64;\
VERSION=$(VERSION) REGISTRY=$(REGISTRY) \
OUTPUT_TYPE=registry \
BUILD_PLATFORMS=linux/amd64,linux/arm64 \
hack/docker.sh $$target
multi-platform-images: $(MP_TARGET)
.PHONY: clean
clean:
rm -rf _tmp _output
.PHONY: update
update:
hack/update-all.sh
.PHONY: verify
verify:
hack/verify-all.sh
.PHONY: test
test:
go test --race --v ./pkg/...
go test --race --v ./cmd/...
go test --race --v ./examples/...
upload-images: images
@echo "push images to $(REGISTRY)"
ifneq ($(REGISTRY_USER_NAME), "")
docker login -u ${REGISTRY_USER_NAME} -p ${REGISTRY_PASSWORD} ${REGISTRY_SERVER_ADDRESS}
endif
docker push ${REGISTRY}/karmada-controller-manager:${VERSION}
docker push ${REGISTRY}/karmada-scheduler:${VERSION}
docker push ${REGISTRY}/karmada-descheduler:${VERSION}
docker push ${REGISTRY}/karmada-webhook:${VERSION}
docker push ${REGISTRY}/karmada-agent:${VERSION}
docker push ${REGISTRY}/karmada-scheduler-estimator:${VERSION}
docker push ${REGISTRY}/karmada-interpreter-webhook-example:${VERSION}
docker push ${REGISTRY}/karmada-aggregated-apiserver:${VERSION}
docker push ${REGISTRY}/karmada-search:${VERSION}
# Build and package binary
#
# Example
# make release-karmadactl
# make release-kubectl-karmada
# make release-kubectl-karmada GOOS=darwin GOARCH=amd64
RELEASE_TARGET=$(addprefix release-, $(CTL_TARGETS))
.PHONY: $(RELEASE_TARGET)
$(RELEASE_TARGET):
@set -e;\
target=$$(echo $(subst release-,,$@));\
make $$target;\
hack/release.sh $$target $(GOOS) $(GOARCH)
# Build and package binary for all platforms
#
# Example
# make release
release:
@make release-karmadactl GOOS=linux GOARCH=amd64
@make release-karmadactl GOOS=linux GOARCH=arm64
@make release-karmadactl GOOS=darwin GOARCH=amd64
@make release-karmadactl GOOS=darwin GOARCH=arm64
@make release-kubectl-karmada GOOS=linux GOARCH=amd64
@make release-kubectl-karmada GOOS=linux GOARCH=arm64
@make release-kubectl-karmada GOOS=darwin GOARCH=amd64
@make release-kubectl-karmada GOOS=darwin GOARCH=arm64

7
OWNERS Normal file
View File

@ -0,0 +1,7 @@
reviewers:
- Garrybest
- RainbowMango
- XiShanYongYe-Chang
approvers:
- kevin-wangzefeng
- RainbowMango

226
README.md
View File

@ -1,2 +1,226 @@
# karmada
# Karmada
![Karmada-logo](docs/images/Karmada-logo-horizontal-color.png)
![build](https://github.com/karmada-io/karmada/actions/workflows/ci.yml/badge.svg)
[![Go Report Card](https://goreportcard.com/badge/github.com/karmada-io/karmada)](https://goreportcard.com/report/github.com/karmada-io/karmada)
[![LICENSE](https://img.shields.io/github/license/karmada-io/karmada.svg)](/LICENSE)
[![Releases](https://img.shields.io/github/release/karmada-io/karmada/all.svg)](https://github.com/karmada-io/karmada/releases)
[![Slack](https://img.shields.io/badge/slack-join-brightgreen)](https://join.slack.com/t/karmada-io/shared_invite/zt-omhy1wfa-LmAkCLfpDMnBjVXp3_U~0w)
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/5301/badge)](https://bestpractices.coreinfrastructure.org/projects/5301)
## Karmada: Open, Multi-Cloud, Multi-Cluster Kubernetes Orchestration
Karmada (Kubernetes Armada) is a Kubernetes management system that enables you to run your cloud-native applications across multiple Kubernetes clusters and clouds, with no changes to your applications. By speaking Kubernetes-native APIs and providing advanced scheduling capabilities, Karmada enables truly open, multi-cloud Kubernetes.
Karmada aims to provide turnkey automation for multi-cluster application management in multi-cloud and hybrid cloud scenarios,
with key features such as centralized multi-cloud management, high availability, failure recovery, and traffic scheduling.
![cncf_logo](docs/images/cncf-logo.png)
Karmada is a sandbox project of the [Cloud Native Computing Foundation](https://cncf.io/) (CNCF).
## Why Karmada:
- __K8s Native API Compatible__
- Zero change upgrade, from single-cluster to multi-cluster
- Seamless integration of existing K8s tool chain
- __Out of the Box__
- Built-in policy sets for scenarios, including: Active-active, Remote DR, Geo Redundant, etc.
- Cross-cluster applications auto-scaling, failover and load-balancing on multi-cluster.
- __Avoid Vendor Lock-in__
- Integration with mainstream cloud providers
- Automatic allocation, migration across clusters
- Not tied to proprietary vendor orchestration
- __Centralized Management__
- Location agnostic cluster management
- Support clusters in Public cloud, on-prem or edge
- __Fruitful Multi-Cluster Scheduling Policies__
- Cluster Affinity, Multi Cluster Splitting/Rebalancing,
- Multi-Dimension HA: Region/AZ/Cluster/Provider
- __Open and Neutral__
- Jointly initiated by Internet, finance, manufacturing, teleco, cloud providers, etc.
- Target for open governance with CNCF
**Notice: this project is developed in continuation of Kubernetes [Federation v1](https://github.com/kubernetes-retired/federation) and [v2](https://github.com/kubernetes-sigs/kubefed). Some basic concepts are inherited from these two versions.**
## Architecture
![Architecture](docs/images/architecture.png)
The Karmada Control Plane consists of the following components:
- Karmada API Server
- Karmada Controller Manager
- Karmada Scheduler
ETCD stores the Karmada API objects, the API Server is the REST endpoint all other components talk to, and the Karmada Controller Manager performs operations based on the API objects you create through the API server.
The Karmada Controller Manager runs the various controllers, the controllers watch Karmada objects and then talk to the underlying clusters' API servers to create regular Kubernetes resources.
1. Cluster Controller: attach Kubernetes clusters to Karmada for managing the lifecycle of the clusters by creating cluster objects.
2. Policy Controller: the controller watches PropagationPolicy objects. When the PropagationPolicy object is added, it selects a group of resources matching the resourceSelector and creates ResourceBinding with each single resource object.
3. Binding Controller: the controller watches ResourceBinding object and create Work object corresponding to each cluster with a single resource manifest.
4. Execution Controller: the controller watches Work objects. When Work objects are created, it will distribute the resources to member clusters.
## Concepts
**Resource template**: Karmada uses Kubernetes Native API definition for federated resource template, to make it easy to integrate with existing tools that already adopt on Kubernetes
**Propagation Policy**: Karmada offers a standalone Propagation(placement) Policy API to define multi-cluster scheduling and spreading requirements.
- Support 1:n mapping of Policy: workload, users don't need to indicate scheduling constraints every time creating federated applications.
- With default policies, users can just interact with K8s API
**Override Policy**: Karmada provides standalone Override Policy API for specializing cluster relevant configuration automation. E.g.:
- Override image prefix according to member cluster region
- Override StorageClass according to cloud provider
The following diagram shows how Karmada resources are involved when propagating resources to member clusters.
![karmada-resource-relation](docs/images/karmada-resource-relation.png)
## Quick Start
This guide will cover:
- Install `karmada` control plane components in a Kubernetes cluster which is known as `host cluster`.
- Join a member cluster to `karmada` control plane.
- Propagate an application by using `karmada`.
### Prerequisites
- [Go](https://golang.org/) version v1.17+
- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) version v1.19+
- [kind](https://kind.sigs.k8s.io/) version v0.9.0+
### Install the Karmada control plane
#### 1. Clone this repo to your machine:
```
git clone https://github.com/karmada-io/karmada
```
#### 2. Change to the karmada directory:
```
cd karmada
```
#### 3. Deploy and run Karmada control plane:
run the following script:
```
# hack/local-up-karmada.sh
```
This script will do following tasks for you:
- Start a Kubernetes cluster to run the Karmada control plane, aka. the `host cluster`.
- Build Karmada control plane components based on a current codebase.
- Deploy Karmada control plane components on the `host cluster`.
- Create member clusters and join Karmada.
If everything goes well, at the end of the script output, you will see similar messages as follows:
```
Local Karmada is running.
To start using your Karmada environment, run:
export KUBECONFIG="$HOME/.kube/karmada.config"
Please use 'kubectl config use-context karmada-host/karmada-apiserver' to switch the host and control plane cluster.
To manage your member clusters, run:
export KUBECONFIG="$HOME/.kube/members.config"
Please use 'kubectl config use-context member1/member2/member3' to switch to the different member cluster.
```
There are two contexts in Karmada:
- karmada-apiserver `kubectl config use-context karmada-apiserver`
- karmada-host `kubectl config use-context karmada-host`
The `karmada-apiserver` is the **main kubeconfig** to be used when interacting with the Karmada control plane, while `karmada-host` is only used for debugging Karmada installation with the host cluster. You can check all clusters at any time by running: `kubectl config view`. To switch cluster contexts, run `kubectl config use-context [CONTEXT_NAME]`
### Demo
![Demo](docs/images/sample-nginx.svg)
### Propagate application
In the following steps, we are going to propagate a deployment by Karmada.
#### 1. Create nginx deployment in Karmada.
First, create a [deployment](samples/nginx/deployment.yaml) named `nginx`:
```
kubectl create -f samples/nginx/deployment.yaml
```
#### 2. Create PropagationPolicy that will propagate nginx to member cluster
Then, we need to create a policy to propagate the deployment to our member cluster.
```
kubectl create -f samples/nginx/propagationpolicy.yaml
```
#### 3. Check the deployment status from Karmada
You can check deployment status from Karmada, don't need to access member cluster:
```
$ kubectl get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 2/2 2 2 20s
```
## Kubernetes compatibility
| | Kubernetes 1.15 | Kubernetes 1.16 | Kubernetes 1.17 | Kubernetes 1.18 | Kubernetes 1.19 | Kubernetes 1.20 | Kubernetes 1.21 | Kubernetes 1.22 | Kubernetes 1.23 |
|------------------------|-----------------|-----------------|-----------------|-----------------|-----------------|-----------------|-----------------|-----------------|-----------------|
| Karmada v0.9 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Karmada v0.10 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Karmada v1.0 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Karmada HEAD (master) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Key:
* `✓` Karmada and the Kubernetes version are exactly compatible.
* `+` Karmada has features or API objects that may not be present in the Kubernetes version.
* `-` The Kubernetes version has features or API objects that Karmada can't use.
## Meeting
Regular Community Meeting:
* Tuesday at 14:30 UTC+8 (Chinese)(biweekly). [Convert to your timezone.](https://www.thetimezoneconverter.com/?t=14%3A30&tz=GMT%2B8&)
* TBD (English)(biweekly). [Please propose the time](https://github.com/karmada-io/karmada/issues/1560) if you are interested to attend.
Resources:
- [Meeting Notes and Agenda](https://docs.google.com/document/d/1y6YLVC-v7cmVAdbjedoyR5WL0-q45DBRXTvz5_I7bkA/edit)
- [Meeting Calendar](https://calendar.google.com/calendar/embed?src=karmadaoss%40gmail.com&ctz=Asia%2FShanghai) | [Subscribe](https://calendar.google.com/calendar/u/1?cid=a2FybWFkYW9zc0BnbWFpbC5jb20)
- [Meeting Link](https://zoom.com/my/karmada)
## Contact
If you have questions, feel free to reach out to us in the following ways:
- [mailing list](https://groups.google.com/forum/#!forum/karmada)
- [slack](https://cloud-native.slack.com/archives/C02MUF8QXUN) | [Join](https://slack.cncf.io/)
- [twitter](https://twitter.com/karmada_io)
## Talks and References
| | Link |
|------------------|-------------------------------------------------------------------------------------------------------------------------|
| KubeCon(EU 2021) | [Beyond federation: automating multi-cloud workloads with K8s native APIs](https://www.youtube.com/watch?v=LJJoaGszBVk) |
| KubeCon(EU 2022) | TBD |
For blogs please refer to [website](https://karmada.io/blog/).
## Contributing
If you're interested in being a contributor and want to get involved in
developing the Karmada code, please see [CONTRIBUTING](CONTRIBUTING.md) for
details on submitting patches and the contribution workflow.
## License
Karmada is under the Apache 2.0 license. See the [LICENSE](LICENSE) file for details.

40
ROADMAP.md Normal file
View File

@ -0,0 +1,40 @@
# Karmada Roadmap
This document defines a high level roadmap for Karmada development and upcoming releases.
Community and contributor involvement is vital for successfully implementing all desired items for each release.
We hope that the items listed below will inspire further engagement from the community to keep karmada progressing and shipping exciting and valuable features.
## 2022 H1
- Multi-cluster HA scheduling policy
* spread by region
* spread by zone
* spread by provider
- Multi-cluster Ingress
- Multi-cluster HPA (Horizontal Pod Autoscaling)
- Federated resource quota
- API reference
- [Karmada website](https://karmada.io/) refactor
- Policy-based governance, risk, and compliance
- Multi-cluster DNS (cluster identity)
- Global search across clusters
- Scheduling re-balancing
## 2022 H2
- Karmada Dashboard - alpha release
- Karmada scalability baseline (performance report)
- Cluster addons
- Helm chart propagation
- Multi-cluster events
- Multi-cluster Operator specifications
- Multi-cluster Application
- Multi-cluster monitoring
- Multi-cluster logging
- Multi-cluster storage
- Multi-cluster RBAC
- Multi-cluster networking
- Data migration across clusters
- Multi-cluster workflow
- Integration with ecosystem
- Cluster lifecycle management
- Image registry across clouds
- Multi-cluster Service Mesh solutions

16621
api/openapi-spec/swagger.json Normal file
View File

File diff suppressed because it is too large Load Diff

10
artifacts/agent/clusterrole.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: karmada-agent
rules:
- apiGroups: ['*']
resources: ['*']
verbs: ['*']
- nonResourceURLs: ['*']
verbs: ["get"]

12
artifacts/agent/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: karmada-agent
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: karmada-agent
subjects:
- kind: ServiceAccount
name: karmada-agent-sa
namespace: karmada-system

40
artifacts/agent/karmada-agent.yaml Normal file
View File

@ -0,0 +1,40 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: karmada-agent
namespace: karmada-system
labels:
app: karmada-agent
spec:
replicas: 2
selector:
matchLabels:
app: karmada-agent
template:
metadata:
labels:
app: karmada-agent
spec:
serviceAccountName: karmada-agent-sa
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
containers:
- name: karmada-agent
image: swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-agent:latest
imagePullPolicy: {{image_pull_policy}}
command:
- /bin/karmada-agent
- --karmada-kubeconfig=/etc/kubeconfig/karmada-kubeconfig
- --karmada-context={{karmada_context}}
- --cluster-name={{member_cluster_name}}
- --cluster-api-endpoint={{member_cluster_api_endpoint}}
- --cluster-status-update-frequency=10s
- --v=4
volumeMounts:
- name: kubeconfig
mountPath: /etc/kubeconfig
volumes:
- name: kubeconfig
secret:
secretName: karmada-kubeconfig

5
artifacts/agent/namespace.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: v1
kind: Namespace
metadata:
name: karmada-system

5
artifacts/agent/serviceaccount.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: karmada-agent-sa
namespace: karmada-system

26
artifacts/deploy/cluster-proxy-admin-rbac.yaml Normal file
View File

@ -0,0 +1,26 @@
# This configuration is used to authorize system:admin to proxy member clusters,
# if you don't need it, you can remove it from karmada control plane.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cluster-proxy-admin
rules:
- apiGroups:
- 'cluster.karmada.io'
resources:
- clusters/proxy
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cluster-proxy-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-proxy-admin
subjects:
- kind: User
name: "system:admin"

10
artifacts/deploy/clusterrole.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: karmada-controller-manager
rules:
- apiGroups: ['*']
resources: ['*']
verbs: ["get", "watch", "list", "create", "update", "delete"]
- nonResourceURLs: ['*']
verbs: ["get"]

12
artifacts/deploy/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: karmada-controller-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: karmada-controller-manager
subjects:
- kind: ServiceAccount
name: karmada-controller-manager
namespace: karmada-system

25
artifacts/deploy/karmada-aggregated-apiserver-apiservice.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
name: v1alpha1.cluster.karmada.io
labels:
app: karmada-aggregated-apiserver
apiserver: "true"
spec:
insecureSkipTLSVerify: true
group: cluster.karmada.io
groupPriorityMinimum: 2000
service:
name: karmada-aggregated-apiserver
namespace: karmada-system
version: v1alpha1
versionPriority: 10
---
apiVersion: v1
kind: Service
metadata:
name: karmada-aggregated-apiserver
namespace: karmada-system
spec:
type: ExternalName
externalName: karmada-aggregated-apiserver.karmada-system.svc.cluster.local

75
artifacts/deploy/karmada-aggregated-apiserver.yaml Normal file
View File

@ -0,0 +1,75 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: karmada-aggregated-apiserver
namespace: karmada-system
labels:
app: karmada-aggregated-apiserver
apiserver: "true"
spec:
selector:
matchLabels:
app: karmada-aggregated-apiserver
apiserver: "true"
replicas: 2
template:
metadata:
labels:
app: karmada-aggregated-apiserver
apiserver: "true"
spec:
automountServiceAccountToken: false
containers:
- name: karmada-aggregated-apiserver
image: swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-aggregated-apiserver:latest
imagePullPolicy: IfNotPresent
volumeMounts:
- name: k8s-certs
mountPath: /etc/kubernetes/pki
readOnly: true
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
command:
- /bin/karmada-aggregated-apiserver
- --kubeconfig=/etc/kubeconfig
- --authentication-kubeconfig=/etc/kubeconfig
- --authorization-kubeconfig=/etc/kubeconfig
- --karmada-config=/etc/kubeconfig
- --etcd-servers=https://etcd-client.karmada-system.svc.cluster.local:2379
- --etcd-cafile=/etc/kubernetes/pki/server-ca.crt
- --etcd-certfile=/etc/kubernetes/pki/karmada.crt
- --etcd-keyfile=/etc/kubernetes/pki/karmada.key
- --tls-cert-file=/etc/kubernetes/pki/karmada.crt
- --tls-private-key-file=/etc/kubernetes/pki/karmada.key
- --audit-log-path=-
- --feature-gates=APIPriorityAndFairness=false
- --audit-log-maxage=0
- --audit-log-maxbackup=0
resources:
requests:
cpu: 100m
volumes:
- name: k8s-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secret:
secretName: kubeconfig
---
apiVersion: v1
kind: Service
metadata:
name: karmada-aggregated-apiserver
namespace: karmada-system
labels:
app: karmada-aggregated-apiserver
apiserver: "true"
spec:
ports:
- port: 443
protocol: TCP
targetPort: 443
selector:
app: karmada-aggregated-apiserver

130
artifacts/deploy/karmada-apiserver.yaml Normal file
View File

@ -0,0 +1,130 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: karmada-apiserver
namespace: karmada-system
labels:
app: karmada-apiserver
spec:
replicas: 1
selector:
matchLabels:
app: karmada-apiserver
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app: karmada-apiserver
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- karmada-apiserver
topologyKey: kubernetes.io/hostname
containers:
- command:
- kube-apiserver
- --allow-privileged=true
- --authorization-mode=Node,RBAC
- --client-ca-file=/etc/kubernetes/pki/server-ca.crt
- --enable-admission-plugins=NodeRestriction
- --enable-bootstrap-token-auth=true
- --etcd-cafile=/etc/kubernetes/pki/server-ca.crt
- --etcd-certfile=/etc/kubernetes/pki/karmada.crt
- --etcd-keyfile=/etc/kubernetes/pki/karmada.key
- --etcd-servers=https://etcd-client.karmada-system.svc.cluster.local:2379
- --bind-address=0.0.0.0
- --insecure-port=0
- --kubelet-client-certificate=/etc/kubernetes/pki/karmada.crt
- --kubelet-client-key=/etc/kubernetes/pki/karmada.key
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --disable-admission-plugins=StorageObjectInUseProtection,ServiceAccount
- --runtime-config=
- --secure-port=5443
- --service-account-issuer=https://kubernetes.default.svc.cluster.local
- --service-account-key-file=/etc/kubernetes/pki/karmada.key
- --service-account-signing-key-file=/etc/kubernetes/pki/karmada.key
- --service-cluster-ip-range=10.96.0.0/12
- --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
- --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
- --requestheader-allowed-names=front-proxy-client
- --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
- --requestheader-extra-headers-prefix=X-Remote-Extra-
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
- --tls-cert-file=/etc/kubernetes/pki/karmada.crt
- --tls-private-key-file=/etc/kubernetes/pki/karmada.key
name: karmada-apiserver
image: k8s.gcr.io/kube-apiserver:v1.21.7
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 8
httpGet:
path: /livez
port: 5443
scheme: HTTPS
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 15
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: 5443
scheme: HTTPS
periodSeconds: 1
successThreshold: 1
timeoutSeconds: 15
resources:
requests:
cpu: 250m
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/kubernetes/pki
name: k8s-certs
readOnly: true
dnsPolicy: ClusterFirstWithHostNet
enableServiceLinks: true
hostNetwork: true
preemptionPolicy: PreemptLowerPriority
priority: 2000001000
priorityClassName: system-node-critical
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
operator: Exists
volumes:
- name: k8s-certs
secret:
secretName: karmada-cert-secret
---
apiVersion: v1
kind: Service
metadata:
name: karmada-apiserver
namespace: karmada-system
labels:
app: karmada-apiserver
spec:
ports:
- name: karmada-apiserver-kubectl
port: 5443
protocol: TCP
targetPort: 5443
selector:
app: karmada-apiserver
type: {{service_type}}

19
artifacts/deploy/karmada-cert-secret.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: v1
kind: Secret
metadata:
name: karmada-cert-secret
namespace: karmada-system
type: Opaque
data:
server-ca.crt: |
{{ca_crt}}
karmada.crt: |
{{client_cer}}
karmada.key: |
{{client_key}}
front-proxy-ca.crt: |
{{front_proxy_ca_crt}}
front-proxy-client.crt: |
{{front_proxy_client_crt}}
front-proxy-client.key: |
{{front_proxy_client_key}}

41
artifacts/deploy/karmada-controller-manager.yaml Normal file
View File

@ -0,0 +1,41 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: karmada-controller-manager
namespace: karmada-system
labels:
app: karmada-controller-manager
spec:
replicas: 2
selector:
matchLabels:
app: karmada-controller-manager
template:
metadata:
labels:
app: karmada-controller-manager
spec:
serviceAccountName: karmada-controller-manager
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
containers:
- name: karmada-controller-manager
image: swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-controller-manager:latest
imagePullPolicy: IfNotPresent
command:
- /bin/karmada-controller-manager
- --kubeconfig=/etc/kubeconfig
- --bind-address=0.0.0.0
- --cluster-status-update-frequency=10s
- --secure-port=10357
- --feature-gates=PropagateDeps=true
- --v=4
volumeMounts:
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
volumes:
- name: kubeconfig
secret:
secretName: kubeconfig

37
artifacts/deploy/karmada-descheduler.yaml Normal file
View File

@ -0,0 +1,37 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: karmada-descheduler
namespace: karmada-system
labels:
app: karmada-descheduler
spec:
replicas: 2
selector:
matchLabels:
app: karmada-descheduler
template:
metadata:
labels:
app: karmada-descheduler
spec:
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
containers:
- name: karmada-descheduler
image: swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-descheduler:latest
imagePullPolicy: IfNotPresent
command:
- /bin/karmada-descheduler
- --kubeconfig=/etc/kubeconfig
- --bind-address=0.0.0.0
- --v=4
volumeMounts:
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
volumes:
- name: kubeconfig
secret:
secretName: kubeconfig

126
artifacts/deploy/karmada-etcd.yaml Normal file
View File

@ -0,0 +1,126 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: etcd
namespace: karmada-system
labels:
app: etcd
spec:
replicas: 1
serviceName: etcd
selector:
matchLabels:
app: etcd
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: etcd
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- etcd
topologyKey: kubernetes.io/hostname
tolerations:
- operator: Exists
containers:
- name: etcd
image: k8s.gcr.io/etcd:3.4.13-0
imagePullPolicy: IfNotPresent
livenessProbe:
exec:
command:
- /bin/sh
- -ec
- 'etcdctl get /registry --prefix --keys-only --endpoints https://127.0.0.1:2379 --cacert /etc/kubernetes/pki/etcd/server-ca.crt --cert /etc/kubernetes/pki/etcd/karmada.crt --key /etc/kubernetes/pki/etcd/karmada.key'
failureThreshold: 3
initialDelaySeconds: 600
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 10
ports:
- containerPort: 2369
name: client
protocol: TCP
- containerPort: 2370
name: server
protocol: TCP
volumeMounts:
- mountPath: /var/lib/etcd
name: etcd-data
- mountPath: /etc/kubernetes/pki/etcd
name: etcd-certs
command:
- /usr/local/bin/etcd
- --name
- etcd0
- --listen-peer-urls
- http://0.0.0.0:2380
- --listen-client-urls
- https://0.0.0.0:2379
- --advertise-client-urls
- https://etcd-client.karmada-system.svc.cluster.local:2379
- --initial-cluster
- etcd0=http://etcd-0.etcd.karmada-system.svc.cluster.local:2380
- --initial-cluster-state
- new
- --cert-file=/etc/kubernetes/pki/etcd/karmada.crt
- --client-cert-auth=true
- --key-file=/etc/kubernetes/pki/etcd/karmada.key
- --trusted-ca-file=/etc/kubernetes/pki/etcd/server-ca.crt
- --data-dir=/var/lib/etcd
volumes:
- hostPath:
path: /var/lib/karmada-etcd
type: DirectoryOrCreate
name: etcd-data
- name: etcd-certs
secret:
secretName: karmada-cert-secret
---
apiVersion: v1
kind: Service
metadata:
labels:
app: etcd
name: etcd-client
namespace: karmada-system
spec:
ports:
- name: etcd-client-port
port: 2379
protocol: TCP
targetPort: 2379
selector:
app: etcd
---
apiVersion: v1
kind: Service
metadata:
labels:
app: etcd
name: etcd
namespace: karmada-system
spec:
ports:
- name: client
port: 2379
protocol: TCP
targetPort: 2379
- name: server
port: 2380
protocol: TCP
targetPort: 2380
clusterIP: None
selector:
app: etcd

51
artifacts/deploy/karmada-scheduler-estimator.yaml Normal file
View File

@ -0,0 +1,51 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: karmada-scheduler-estimator-{{member_cluster_name}}
namespace: karmada-system
labels:
cluster: {{member_cluster_name}}
spec:
replicas: 2
selector:
matchLabels:
app: karmada-scheduler-estimator-{{member_cluster_name}}
template:
metadata:
labels:
app: karmada-scheduler-estimator-{{member_cluster_name}}
spec:
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
containers:
- name: karmada-scheduler-estimator
image: swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-scheduler-estimator:latest
imagePullPolicy: IfNotPresent
command:
- /bin/karmada-scheduler-estimator
- --kubeconfig=/etc/{{member_cluster_name}}-kubeconfig
- --cluster-name={{member_cluster_name}}
volumeMounts:
- name: member-kubeconfig
subPath: {{member_cluster_name}}-kubeconfig
mountPath: /etc/{{member_cluster_name}}-kubeconfig
volumes:
- name: member-kubeconfig
secret:
secretName: {{member_cluster_name}}-kubeconfig
---
apiVersion: v1
kind: Service
metadata:
name: karmada-scheduler-estimator-{{member_cluster_name}}
namespace: karmada-system
labels:
cluster: {{member_cluster_name}}
spec:
selector:
app: karmada-scheduler-estimator-{{member_cluster_name}}
ports:
- protocol: TCP
port: 10352
targetPort: 10352

41
artifacts/deploy/karmada-scheduler.yaml Normal file
View File

@ -0,0 +1,41 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: karmada-scheduler
namespace: karmada-system
labels:
app: karmada-scheduler
spec:
replicas: 2
selector:
matchLabels:
app: karmada-scheduler
template:
metadata:
labels:
app: karmada-scheduler
spec:
serviceAccountName: karmada-scheduler
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
containers:
- name: karmada-scheduler
image: swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-scheduler:latest
imagePullPolicy: IfNotPresent
command:
- /bin/karmada-scheduler
- --kubeconfig=/etc/kubeconfig
- --bind-address=0.0.0.0
- --secure-port=10351
- --feature-gates=Failover=true
- --enable-scheduler-estimator=true
- --v=4
volumeMounts:
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
volumes:
- name: kubeconfig
secret:
secretName: kubeconfig

25
artifacts/deploy/karmada-search-apiservice.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
name: v1alpha1.search.karmada.io
labels:
app: karmada-search
apiserver: "true"
spec:
insecureSkipTLSVerify: true
group: search.karmada.io
groupPriorityMinimum: 2000
service:
name: karmada-search
namespace: karmada-system
version: v1alpha1
versionPriority: 10
---
apiVersion: v1
kind: Service
metadata:
name: karmada-search
namespace: karmada-system
spec:
type: ExternalName
externalName: karmada-search.karmada-system.svc.cluster.local

74
artifacts/deploy/karmada-search.yaml Normal file
View File

@ -0,0 +1,74 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: karmada-search
namespace: karmada-system
labels:
app: karmada-search
apiserver: "true"
spec:
selector:
matchLabels:
app: karmada-search
apiserver: "true"
replicas: 2
template:
metadata:
labels:
app: karmada-search
apiserver: "true"
spec:
automountServiceAccountToken: false
containers:
- name: karmada-search
image: swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-search:latest
imagePullPolicy: IfNotPresent
volumeMounts:
- name: k8s-certs
mountPath: /etc/kubernetes/pki
readOnly: true
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
command:
- /bin/karmada-search
- --kubeconfig=/etc/kubeconfig
- --authentication-kubeconfig=/etc/kubeconfig
- --authorization-kubeconfig=/etc/kubeconfig
- --etcd-servers=https://etcd-client.karmada-system.svc.cluster.local:2379
- --etcd-cafile=/etc/kubernetes/pki/server-ca.crt
- --etcd-certfile=/etc/kubernetes/pki/karmada.crt
- --etcd-keyfile=/etc/kubernetes/pki/karmada.key
- --tls-cert-file=/etc/kubernetes/pki/karmada.crt
- --tls-private-key-file=/etc/kubernetes/pki/karmada.key
- --audit-log-path=-
- --feature-gates=APIPriorityAndFairness=false
- --audit-log-maxage=0
- --audit-log-maxbackup=0
resources:
requests:
cpu: 100m
volumes:
- name: k8s-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secret:
secretName: kubeconfig
---
apiVersion: v1
kind: Service
metadata:
name: karmada-search
namespace: karmada-system
labels:
app: karmada-search
apiserver: "true"
spec:
ports:
- port: 443
protocol: TCP
targetPort: 443
selector:
app: karmada-search

11
artifacts/deploy/karmada-webhook-cert-secret.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: webhook-cert
namespace: karmada-system
type: kubernetes.io/tls
data:
tls.crt: |
{{server_certificate}}
tls.key: |
{{server_key}}

65
artifacts/deploy/karmada-webhook.yaml Normal file
View File

@ -0,0 +1,65 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: karmada-webhook
namespace: karmada-system
labels:
app: karmada-webhook
spec:
replicas: 2
selector:
matchLabels:
app: karmada-webhook
template:
metadata:
labels:
app: karmada-webhook
spec:
serviceAccountName: karmada-webhook
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
containers:
- name: karmada-webhook
image: swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-webhook:latest
imagePullPolicy: IfNotPresent
command:
- /bin/karmada-webhook
- --kubeconfig=/etc/kubeconfig
- --bind-address=0.0.0.0
- --secure-port=8443
- --cert-dir=/var/serving-cert
- --v=4
ports:
- containerPort: 8443
volumeMounts:
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
- name: cert
mountPath: /var/serving-cert
readOnly: true
readinessProbe:
httpGet:
path: /readyz
port: 8443
scheme: HTTPS
volumes:
- name: kubeconfig
secret:
secretName: kubeconfig
- name: cert
secret:
secretName: webhook-cert
---
apiVersion: v1
kind: Service
metadata:
name: karmada-webhook
namespace: karmada-system
spec:
selector:
app: karmada-webhook
ports:
- port: 443
targetPort: 8443

75
artifacts/deploy/kube-controller-manager.yaml Normal file
View File

@ -0,0 +1,75 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: karmada-kube-controller-manager
namespace: karmada-system
labels:
app: kube-controller-manager
spec:
replicas: 1
selector:
matchLabels:
app: kube-controller-manager
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app: kube-controller-manager
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- kube-controller-manager
topologyKey: kubernetes.io/hostname
containers:
- command:
- kube-controller-manager
- --allocate-node-cidrs=true
- --authentication-kubeconfig=/etc/kubeconfig
- --authorization-kubeconfig=/etc/kubeconfig
- --bind-address=0.0.0.0
- --client-ca-file=/etc/karmada/pki/server-ca.crt
- --cluster-cidr=10.244.0.0/16
- --cluster-name=karmada
- --cluster-signing-cert-file=/etc/karmada/pki/server-ca.crt
- --cluster-signing-key-file=/etc/karmada/pki/server-ca.key
- --controllers=namespace,garbagecollector,serviceaccount-token
- --kubeconfig=/etc/kubeconfig
- --leader-elect=true
- --node-cidr-mask-size=24
- --port=0
- --root-ca-file=/etc/karmada/pki/server-ca.crt
- --service-account-private-key-file=/etc/karmada/pki/karmada.key
- --service-cluster-ip-range=10.96.0.0/12
- --use-service-account-credentials=true
- --v=4
image: k8s.gcr.io/kube-controller-manager:v1.21.7
imagePullPolicy: IfNotPresent
name: kube-controller-manager
resources:
requests:
cpu: 200m
volumeMounts:
- mountPath: /etc/karmada/pki
name: k8s-certs
readOnly: true
- mountPath: /etc/kubeconfig
subPath: kubeconfig
name: kubeconfig
priorityClassName: system-node-critical
volumes:
- name: k8s-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secret:
secretName: kubeconfig

4
artifacts/deploy/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: karmada-system

26
artifacts/deploy/secret.yaml Normal file
View File

@ -0,0 +1,26 @@
apiVersion: v1
stringData:
kubeconfig: |-
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: {{ca_crt}}
server: https://karmada-apiserver.karmada-system.svc.cluster.local:5443
name: kind-karmada
contexts:
- context:
cluster: kind-karmada
user: kind-karmada
name: karmada
current-context: karmada
kind: Config
preferences: {}
users:
- name: kind-karmada
user:
client-certificate-data: {{client_cer}}
client-key-data: {{client_key}}
kind: Secret
metadata:
name: kubeconfig
namespace: karmada-system

17
artifacts/deploy/serviceaccount.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: karmada-controller-manager
namespace: karmada-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: karmada-scheduler
namespace: karmada-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: karmada-webhook
namespace: karmada-system

155
artifacts/deploy/webhook-configuration.yaml Normal file
View File

@ -0,0 +1,155 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: mutating-config
labels:
app: mutating-config
webhooks:
- name: propagationpolicy.karmada.io
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["policy.karmada.io"]
apiVersions: ["*"]
resources: ["propagationpolicies"]
scope: "Namespaced"
clientConfig:
url: https://karmada-webhook.karmada-system.svc:443/mutate-propagationpolicy
caBundle: {{caBundle}}
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: ["v1"]
timeoutSeconds: 3
- name: clusterpropagationpolicy.karmada.io
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["policy.karmada.io"]
apiVersions: ["*"]
resources: ["clusterpropagationpolicies"]
scope: "Cluster"
clientConfig:
url: https://karmada-webhook.karmada-system.svc:443/mutate-clusterpropagationpolicy
caBundle: {{caBundle}}
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: ["v1"]
timeoutSeconds: 3
- name: overridepolicy.karmada.io
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["policy.karmada.io"]
apiVersions: ["*"]
resources: ["overridepolicies"]
scope: "Namespaced"
clientConfig:
url: https://karmada-webhook.karmada-system.svc:443/mutate-overridepolicy
caBundle: {{caBundle}}
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: ["v1"]
timeoutSeconds: 3
- name: work.karmada.io
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["work.karmada.io"]
apiVersions: ["*"]
resources: ["works"]
scope: "Namespaced"
clientConfig:
url: https://karmada-webhook.karmada-system.svc:443/mutate-work
caBundle: {{caBundle}}
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: ["v1"]
timeoutSeconds: 3
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: validating-config
labels:
app: validating-config
webhooks:
- name: propagationpolicy.karmada.io
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["policy.karmada.io"]
apiVersions: ["*"]
resources: ["propagationpolicies"]
scope: "Namespaced"
clientConfig:
url: https://karmada-webhook.karmada-system.svc:443/validate-propagationpolicy
caBundle: {{caBundle}}
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: ["v1"]
timeoutSeconds: 3
- name: clusterpropagationpolicy.karmada.io
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["policy.karmada.io"]
apiVersions: ["*"]
resources: ["clusterpropagationpolicies"]
scope: "Cluster"
clientConfig:
url: https://karmada-webhook.karmada-system.svc:443/validate-clusterpropagationpolicy
caBundle: {{caBundle}}
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: ["v1"]
timeoutSeconds: 3
- name: overridepolicy.karmada.io
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["policy.karmada.io"]
apiVersions: ["*"]
resources: ["overridepolicies"]
scope: "Namespaced"
clientConfig:
url: https://karmada-webhook.karmada-system.svc:443/validate-overridepolicy
caBundle: {{caBundle}}
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: ["v1"]
timeoutSeconds: 3
- name: clusteroverridepolicy.karmada.io
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["policy.karmada.io"]
apiVersions: ["*"]
resources: ["clusteroverridepolicies"]
scope: "Cluster"
clientConfig:
url: https://karmada-webhook.karmada-system.svc:443/validate-clusteroverridepolicy
caBundle: {{caBundle}}
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: ["v1"]
timeoutSeconds: 3
- name: config.karmada.io
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["config.karmada.io"]
apiVersions: ["*"]
resources: ["resourceinterpreterwebhookconfigurations"]
scope: "Cluster"
clientConfig:
url: https://karmada-webhook.karmada-system.svc:443/validate-resourceinterpreterwebhookconfiguration
caBundle: {{caBundle}}
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: ["v1"]
timeoutSeconds: 3
- name: federatedresourcequota.karmada.io
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["policy.karmada.io"]
apiVersions: ["*"]
resources: ["federatedresourcequotas"]
scope: "Namespaced"
clientConfig:
url: https://karmada-webhook.karmada-system.svc:443/validate-federatedresourcequota
caBundle: {{caBundle}}
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: [ "v1" ]
timeoutSeconds: 3

13
artifacts/example/binding.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: work.karmada.io/v1alpha1
kind: ResourceBinding
metadata:
name: binding-foo
spec:
resource:
apiVersion: apps/v1
kind: Deployment
name: nginx
namespace: default
clusters:
- name: cluster1
- name: cluster3

19
artifacts/example/clusteroverridepolicy.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: policy.karmada.io/v1alpha1
kind: ClusterOverridePolicy
metadata:
name: example-cluster-override
spec:
resourceSelectors:
- apiVersion: apps/v1
kind: Deployment
name: nginx
namespace: default
overrideRules:
- targetCluster:
clusterNames:
- member1
overriders:
plaintext:
- operator: replace
path: /spec/replicas
value: 1

14
artifacts/example/clusterpropagationpolicy_simple.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: policy.karmada.io/v1alpha1
kind: ClusterPropagationPolicy
metadata:
name: example-policy
spec:
resourceSelectors:
- apiVersion: apps/v1
kind: Deployment
namespace: default
name: nginx
placement:
clusterAffinity:
clusterNames:
- member1

26
artifacts/example/cr_cluster.yaml Normal file
View File

@ -0,0 +1,26 @@
apiVersion: cluster.karmada.io/v1alpha1
kind: Cluster
metadata:
name: cluster-foo
namespace: karmada-cluster
spec:
syncMode: Push
apiEndpoint: https://10.10.10.10:6339
secretRef:
namespace: karmada-cluster
name: secret-foo
provider: huaweicloud
region: ap-southeast-1
zone: az-1
---
apiVersion: v1
kind: Secret
metadata:
name: secret-foo
namespace: karmada-cluster
type: Opaque
stringData:
token: dummy
caBundle: dummy

35
artifacts/example/example-override.yaml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: policy.karmada.io/v1alpha1
kind: OverridePolicy
metadata:
name: example-override
namespace: default
spec:
# restrict resource types that this override policy applies to
resourceSelectors:
- apiVersion: apps/v1
kind: Deployment
name: nginx # user can either select resource by name or by labelselector
labelSelector:
matchLabels:
image: nginx
# this override policy will only apply to resources propagated to the matching clusters
overrideRules:
- targetCluster:
clusterNames: # user can either select cluster by names or by labelselector
- dc-1-cluster-1
- dc-1-cluster-2
labelSelector:
matchLabels:
failuredomain.kubernetes.io/region: dc1
# all matching targetClusters would share the same set of overrides below
overriders:
plaintext:
- path: "/spec/template/spec/containers/0/image"
operator: replace
value: "dc-1.registry.io/nginx:1.17.0-alpine"
- path: "/metadata/annotations"
operator: add
value:
foo: bar
- path: "/metadata/annotations/foo"
operator: remove

4
artifacts/example/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: karmada-cluster

19
artifacts/example/overridepolicy_command.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: policy.karmada.io/v1alpha1
kind: OverridePolicy
metadata:
name: example-override
namespace: default
spec:
resourceSelectors:
- apiVersion: apps/v1
kind: Deployment
overrideRules:
- targetCluster:
clusterNames:
- member1
overriders:
commandOverrider:
- containerName: alpine
operator: add
value:
- test

28
artifacts/example/overridepolicy_image.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: policy.karmada.io/v1alpha1
kind: OverridePolicy
metadata:
name: example-override
namespace: default
spec:
resourceSelectors:
- apiVersion: apps/v1
kind: Deployment
overrideRules:
- targetCluster:
labelSelector:
matchLabels:
location: us
overriders:
imageOverrider:
- component: Registry
operator: replace
value: fictional.registry.us
- targetCluster:
labelSelector:
matchLabels:
location: cn
overriders:
imageOverrider:
- component: Registry
operator: replace
value: fictional.registry.cn

20
artifacts/example/overridepolicy_simple.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: policy.karmada.io/v1alpha1
kind: OverridePolicy
metadata:
name: example-override
namespace: default
spec:
resourceSelectors:
- apiVersion: apps/v1
kind: Deployment
name: nginx
overrideRules:
- targetCluster:
clusterNames:
- member1
overriders:
plaintext:
- path: "/metadata/annotations"
operator: add
value:
foo: bar

25
artifacts/example/policy_with_labelSelector.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: policy.karmada.io/v1alpha1
kind: PropagationPolicy
metadata:
name: example-policy
namespace: default
spec:
resourceSelectors:
- apiVersion: apps/v1
kind: Deployment
name: nginx
labelSelector:
matchLabels:
a: b
association: false
placement:
clusterAffinity:
clusterNames:
- cluster1
- cluster2
- cluster3
spreadConstraints:
- spreadByLabel: failuredomain.kubernetes.io/zone
maxGroups: 2
minGroups: 2
schedulerName: default

24
artifacts/example/propagation_fieldsselector.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: policy.karmada.io/v1alpha1
kind: PropagationPolicy
metadata:
name: nginx-propagation
spec:
resourceSelectors:
- apiVersion: apps/v1
kind: Deployment
name: nginx
placement:
clusterAffinity:
clusterNames:
- member1
- member2
fieldSelector:
matchExpressions:
- key: provider
operator: In
values:
- huaweicloud
- key: region
operator: NotIn
values:
- cn-south-1

14
artifacts/example/propagationpolicy_simple.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: policy.karmada.io/v1alpha1
kind: PropagationPolicy
metadata:
name: example-policy
spec:
resourceSelectors:
- apiVersion: apps/v1
kind: Deployment
name: deployment-1
placement:
clusterAffinity:
clusterNames:
- member1
- member2

16
artifacts/example/propagationpolicy_taintToleration.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: policy.karmada.io/v1alpha1
kind: PropagationPolicy
metadata:
name: nginx-propagation
spec:
resourceSelectors:
- apiVersion: apps/v1
kind: Deployment
name: nginx
placement:
clusterAffinity:
clusterNames:
- member1
- member2
clusterTolerations:
- effect: "NoSchedule"

11
artifacts/kindClusterConfig/general-config.yaml Normal file
View File

@ -0,0 +1,11 @@
kind: Cluster
apiVersion: "kind.x-k8s.io/v1alpha4"
networking:
disableDefaultCNI: {{disable_cni}}
podSubnet: {{pod_cidr}}
serviceSubnet: {{service_cidr}}
featureGates:
EndpointSliceProxying: true
nodes:
- role: control-plane
- role: worker

11
artifacts/kindClusterConfig/karmada-host.yaml Normal file
View File

@ -0,0 +1,11 @@
kind: Cluster
apiVersion: "kind.x-k8s.io/v1alpha4"
networking:
apiServerAddress: "{{host_ipaddress}}"
nodes:
- role: control-plane
extraPortMappings:
- containerPort: 5443
hostPort: 5443
protocol: TCP
listenAddress: "{{host_ipaddress}}"

9
artifacts/kindClusterConfig/member1.yaml Normal file
View File

@ -0,0 +1,9 @@
kind: Cluster
apiVersion: "kind.x-k8s.io/v1alpha4"
networking:
podSubnet: "10.10.0.0/16"
serviceSubnet: "10.11.0.0/16"
featureGates:
EndpointSliceProxying: true
nodes:
- role: control-plane

9
artifacts/kindClusterConfig/member2.yaml Normal file
View File

@ -0,0 +1,9 @@
kind: Cluster
apiVersion: "kind.x-k8s.io/v1alpha4"
networking:
podSubnet: "10.12.0.0/16"
serviceSubnet: "10.13.0.0/16"
featureGates:
EndpointSliceProxying: true
nodes:
- role: control-plane

28
charts/Chart.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: v2
name: karmada
description: A Helm chart for karmada
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# The optional kubeVersion field can define semver constraints on supported Kubernetes versions.
# Helm will validate the version constraints when installing the chart and fail if the cluster
# runs an unsupported Kubernetes version.
kubeVersion: ">= 1.16.0-0"
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.0.3
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: v1.1.0

5
charts/OWNERS Normal file
View File

@ -0,0 +1,5 @@
reviewers:
- jrkeen
- pidb
approvers:
- pidb

281
charts/README.md Normal file
View File

@ -0,0 +1,281 @@
# Karmada
Karmada (Kubernetes Armada) is a Kubernetes management system that enables you to run your cloud-native applications across multiple Kubernetes clusters and clouds, with no changes to your applications. By speaking Kubernetes-native APIs and providing advanced scheduling capabilities, Karmada enables truly open, multi-cloud Kubernetes.
Karmada aims to provide turnkey automation for multi-cluster application management in multi-cloud and hybrid cloud scenarios, with key features such as centralized multi-cloud management, high availability, failure recovery, and traffic scheduling.
## TL;DR
Switch to the `root` directory of the repo.
```console
$ helm install karmada -n karmada-system --create-namespace ./charts
```
## Prerequisites
- Kubernetes 1.16+
- helm v3+
## Installing the Chart
To install the chart with the release name `karmada` in namespace `karmada-system`:
Switch to the `root` directory of the repo.
```console
$ helm install karmada -n karmada-system --create-namespace ./charts
```
Get kubeconfig from the cluster:
```console
$ kubectl get secret -n karmada-system karmada-kubeconfig -o jsonpath={.data.kubeconfig} | base64 -d
```
> **Tip**: List all releases using `helm list`
For better scheduling effect, you can choose to install the `karmada-descheduler` component in the karmada controller plane. Link: [here](../docs/descheduler.md). The following is the specific installation guide.
Edited values.yaml for karmada-descheduler
```YAML
installMode: "component"
components: [
"descheduler"
]
```
Execute command (switch to the `root` directory of the repo, and sets the `current-context` in a kubeconfig file)
```console
$ kubectl config use-context host
$ helm install karmada-descheduler -n karmada-system ./charts
```
## Uninstalling the Chart
To uninstall/delete the `karmada` helm release in namespace `karmada-system`:
```console
$ helm uninstall karmada -n karmada-system
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
> **Note**: There are some RBAC resources that are used by the `preJob` that can not be deleted by the `uninstall` command above. You might have to clean them manually with tools like `kubectl`. You can clean them by commands:
```console
$ kubectl delete sa/karmada-pre-job -nkarmada-system
$ kubectl delete clusterRole/karmada-pre-job
$ kubectl delete clusterRoleBinding/karmada-pre-job
$ kubectl delete ns karmada-system
```
## Example
### 1. Install agent
Edited values.yaml
```YAML
installMode: "agent"
agent:
clusterName: "member"
## kubeconfig of the karmada
kubeconfig:
caCrt: |
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
crt: |
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
key: |
-----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----
server: "https://apiserver.karmada"
```
Execute command (switch to the `root` directory of the repo, and sets the `current-context` in a kubeconfig file)
```console
$ kubectl config use-context member
$ helm install karmada-agent -n karmada-system --create-namespace ./charts
```
### 2. Install component
Edited values.yaml for karmada-scheduler-estimator
```YAML
installMode: "component"
components: [
"schedulerEstimator"
]
schedulerEstimator:
clusterName: "member"
## kubeconfig of the member cluster
kubeconfig:
caCrt: |
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
crt: |
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
key: |
-----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----
server: "https://apiserver.member"
```
Execute command (switch to the `root` directory of the repo, and sets the `current-context` in a kubeconfig file)
```console
$ kubectl config use-context host
$ helm install karmada-scheduler-estimator -n karmada-system ./charts
```
## Configuration
| Name | Description | Value |
|-------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `installMode` | InstallMode "host", "agent" and "component" are provided, "host" means install karmada in the control-cluster, "agent" means install agent client in the member cluster, "component" means install selected components in the control-cluster | `"host"` |
| `clusterDomain` | Default cluster domain for karmada | `"cluster.local"` |
| `components` | Selected components list, selectable values: "schedulerEstimator" | `[]` |
| `preInstallJob.initContainerImage` | Image of the pre-install job's initContainer | `cfssl/cfssl` |
| `preInstallJob.preInstallContainerImage` | Image of the pre-install job | `bitnami/kubectl:latest` |
| `postInstallJob.postInstallContainerImage`| Image of the post-install job | `bitnami/kubectl:latest` |
| `postDeleteJob.postDeleteContainerImage` | Image of the post-delete job | `bitnami/kubectl:latest` |
| `certs.mode` | Mode "auto" and "custom" are provided, "auto" means auto generate certificate, "custom" means use user certificate | `"auto"` |
| `certs.auto.expiry` | Expiry of the certificate | `"43800h"` |
| `certs.auto.hosts` | Hosts of the certificate | `["kubernetes.default.svc","*.etcd.karmada-system.svc.cluster.local","*.karmada-system.svc.cluster.local","*.karmada-system.svc","localhost","127.0.0.1"]` |
| `certs.custom.caCrt` | CA CRT of the certificate | `""` |
| `certs.custom.crt` | CRT of the certificate | `""` |
| `certs.custom.key` | KEY of the certificate | `""` |
| `certs.custom.frontProxyCaCrt` | CA CRT of the front proxy certificate | `""` |
| `certs.custom.frontProxyCrt` | CRT of the front proxy certificate | `""` |
| `certs.custom.frontProxyKey` | KEY of the front proxy certificate | `""` |
| `etcd.mode` | Mode "external" and "internal" are provided, "external" means use external ectd, "internal" means install a etcd in the cluster | `"internal"` |
| `etcd.external.servers` | Servers of etcd | `""` |
| `etcd.external.registryPrefix` | Use to registry prefix of etcd | `"/registry/karmada"` |
| `etcd.external.certs.caCrt` | CA CRT of the etcd certificate | `""` |
| `etcd.external.certs.crt` | CRT of the etcd certificate | `""` |
| `etcd.external.certs.key` | KEY of the etcd certificate | `""` |
| `etcd.internal.replicaCount` | Target replicas of the etcd | `1` |
| `etcd.internal.image.repository` | Image of the etcd | `"k8s.gcr.io/etcd"` |
| `etcd.internal.image.pullPolicy` | Image pull policy of the etcd | `"IfNotPresent"` |
| `etcd.internal.image.tag` | Image tag of the etcd | `"3.4.13-0"` |
| `etcd.internal.storageType` | StorageType of the etcd, accepts "hostPath", "pvc" | `"hostPath"` |
| `etcd.internal.pvc.storageClass` | StorageClass of the etcd, takes effect when `etcd.internal.storageType` is "pvc" | `""` |
| `etcd.internal.pvc.size` | Storage size of the etcd, takes effect when `etcd.internal.storageType` is "pvc" | `""` |
| `etcd.internal.resources` | Resource quota of the etcd | `{}` |
| `agent.clusterName` | Name of the member cluster | `""` |
| `agent.kubeconfig.caCrt` | CA CRT of the karmada certificate | `""` |
| `agent.kubeconfig.crt` | CRT of the karmada certificate | `""` |
| `agent.kubeconfig.key` | KEY of the karmada certificate | `""` |
| `agent.kubeconfig.server` | API-server of the karmada | `""` |
| `agent.labels` | Labels of the agent deployment | `{"app": "karmada-agent"}` |
| `agent.replicaCount` | Target replicas of the agent | `1` |
| `agent.podLabels` | Labels of the agent pods | `{}` |
| `agent.podAnnotations` | Annotaions of the agent pods | `{}` |
| `agent.imagePullSecrets` | Image pull secret of the agent | `[]` |
| `agent.image.repository` | Image of the agent | `"swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-agent"` |
| `agent.image.tag` | Image tag of the agent | `"latest"` |
| `agent.image.pullPolicy` | Image pull policy of the agent | `"IfNotPresent"` |
| `agent.resources` | Resource quota of the agent | `{}` |
| `agent.nodeSelector` | Node selector of the agent | `{}` |
| `agent.affinity` | Affinity of the agent | `{}` |
| `agent.tolerations` | Tolerations of the agent | `[]` |
| `scheduler.labels` | Labels of the schedeler deployment | `{"app": "karmada-scheduler"}` |
| `scheduler.replicaCount` | Target replicas of the scheduler | `1` |
| `scheduler.podLabels` | Labels of the scheduler pods | `{}` |
| `scheduler.podAnnotations` | Annotaions of the scheduler pods | `{}` |
| `scheduler.imagePullSecrets` | Image pull secret of the scheduler | `[]` |
| `scheduler.image.repository` | Image of the scheduler | `"swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-scheduler"` |
| `scheduler.image.tag` | Image tag of the scheduler | `"latest"` |
| `scheduler.image.pullPolicy` | Image pull policy of the scheduler | `"IfNotPresent"` |
| `scheduler.resources` | Resource quota of the scheduler | `{}` |
| `scheduler.nodeSelector` | Node selector of the scheduler | `{}` |
| `scheduler.affinity` | Affinity of the scheduler | `{}` |
| `scheduler.tolerations` | Tolerations of the scheduler | `[]` |
| `webhook.labels` | Labels of the webhook deployment | `{"app": "karmada-webhook"}` |
| `webhook.replicaCount` | Target replicas of the webhook | `1` |
| `webhook.podLabels` | Labels of the webhook pods | `{}` |
| `webhook.podAnnotations` | Annotaions of the webhook pods | `{}` |
| `webhook.imagePullSecrets` | Image pull secret of the webhook | `[]` |
| `webhook.image.repository` | Image of the webhook | `"swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-webhook"` |
| `webhook.image.tag` | Image tag of the webhook | `"latest"` |
| `webhook.image.pullPolicy` | Image pull policy of the webhook | `"IfNotPresent"` |
| `webhook.resources` | Resource quota of the webhook | `{}` |
| `webhook.nodeSelector` | Node selector of the webhook | `{}` |
| `webhook.affinity` | Affinity of the webhook | `{}` |
| `webhook.tolerations` | Tolerations of the webhook | `[]` |
| `controllerManager.labels` | Labels of the karmada-controller-manager deployment | `{"app": "karmada-controller-manager"}` |
| `controllerManager.replicaCount` | Target replicas of the karmada-controller-manager | `1` |
| `controllerManager.podLabels` | Labels of the karmada-controller-manager pods | `{}` |
| `controllerManager.podAnnotations` | Annotaions of the karmada-controller-manager pods | `{}` |
| `controllerManager.imagePullSecrets` | Image pull secret of the karmada-controller-manager | `[]` |
| `controllerManager.image.repository` | Image of the karmada-controller-manager | `"swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-controller-manager"` |
| `controllerManager.image.tag` | Image tag of the karmada-controller-manager | `"latest"` |
| `controllerManager.image.pullPolicy` | Image pull policy of the karmada-controller-manager | `"IfNotPresent"` |
| `controllerManager.resources` | Resource quota of the karmada-controller-manager | `{}` |
| `controllerManager.nodeSelector` | Node selector of the karmada-controller-manager | `{}` |
| `controllerManager.affinity` | Affinity of the karmada-controller-manager | `{}` |
| `controllerManager.tolerations` | Tolerations of the karmada-controller-manager | `[]` |
| `apiServer.labels` | Labels of the karmada-apiserver deployment | `{"app": "karmada-apiserver"}` |
| `apiServer.replicaCount` | Target replicas of the karmada-apiserver | `1` |
| `apiServer.podLabels` | Labels of the karmada-apiserver pods | `{}` |
| `apiServer.podAnnotations` | Annotaions of the karmada-apiserver pods | `{}` |
| `apiServer.imagePullSecrets` | Image pull secret of the karmada-apiserver | `[]` |
| `apiServer.image.repository` | Image of the karmada-apiserver | `"k8s.gcr.io/kube-apiserver"` |
| `apiServer.image.tag` | Image tag of the karmada-apiserver | `"v1.21.7"` |
| `apiServer.image.pullPolicy` | Image pull policy of the karmada-apiserver | `"IfNotPresent"` |
| `apiServer.resources` | Resource quota of the karmada-apiserver | `{}` |
| `apiServer.hostNetwork` | Deploy karmada-apiserver with hostNetwork. If there are multiple karmadas in one cluster, you'd better set it to "false" | `"true"` |
| `apiServer.nodeSelector` | Node selector of the karmada-apiserver | `{}` |
| `apiServer.affinity` | Affinity of the karmada-apiserver | `{}` |
| `apiServer.tolerations` | Tolerations of the karmada-apiserver | `[]` |
| `apiServer.serviceType` | Service type of apiserver, accepts "ClusterIP", "NodePort", "LoadBalancer" | `"ClusterIP"` |
| `apiServer.nodePort` | Node port for apiserver, takes effect when `apiServer.serviceType` is "NodePort". If no port is specified, the nodePort will be automatically assigned. | `0` |
| `aggregatedApiServer.labels` | Labels of the karmada-aggregated-apiserver deployment | `{"app": "karmada-aggregated-apiserver"}` |
| `aggregatedApiServer.replicaCount` | Target replicas of the karmada-aggregated-apiserver | `1` |
| `aggregatedApiServer.podLabels` | Labels of the karmada-aggregated-apiserver pods | `{}` |
| `aggregatedApiServer.podAnnotations` | Annotaions of the karmada-aggregated-apiserver pods | `{}` |
| `aggregatedApiServer.imagePullSecrets` | Image pull secret of the karmada-aggregated-apiserver | `[]` |
| `aggregatedApiServer.image.repository` | Image of the karmada-aggregated-apiserver | `"swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-aggregated-apiserver"` |
| `aggregatedApiServer.image.tag` | Image tag of the karmada-aggregated-apiserver | `"latest"` |
| `aggregatedApiServer.image.pullPolicy` | Image pull policy of the karmada-aggregated-apiserver | `"IfNotPresent"` |
| `aggregatedApiServer.resources` | Resource quota of the karmada-aggregated-apiserver | `{requests: {cpu: 100m}}` |
| `aggregatedApiServer.nodeSelector` | Node selector of the karmada-aggregated-apiserver | `{}` |
| `aggregatedApiServer.affinity` | Affinity of the karmada-aggregated-apiserver | `{}` |
| `aggregatedApiServer.tolerations` | Tolerations of the karmada-aggregated-apiserver | `[]` |
| `kubeControllerManager.labels` | Labels of the kube-controller-manager deployment | `{"app": "kube-controller-manager"}` |
| `kubeControllerManager.replicaCount` | Target replicas of the kube-controller-manager | `1` |
| `kubeControllerManager.podLabels` | Labels of the kube-controller-manager pods | `{}` |
| `kubeControllerManager.podAnnotations` | Annotaions of the kube-controller-manager pods | `{}` |
| `kubeControllerManager.imagePullSecrets` | Image pull secret of the kube-controller-manager | `[]` |
| `kubeControllerManager.image.repository` | Image of the kube-controller-manager | `"k8s.gcr.io/kube-controller-manager"` |
| `kubeControllerManager.image.tag` | Image tag of the kube-controller-manager | `"v1.21.7"` |
| `kubeControllerManager.image.pullPolicy` | Image pull policy of the kube-controller-manager | `"IfNotPresent"` |
| `kubeControllerManager.resources` | Resource quota of the kube-controller-manager | `{}` |
| `kubeControllerManager.nodeSelector` | Node selector of the kube-controller-manager | `{}` |
| `kubeControllerManager.affinity` | Affinity of the kube-controller-manager | `{}` |
| `kubeControllerManager.tolerations` | Tolerations of the kube-controller-manager | `[]` |
| `schedulerEstimator.clusterName` | Name of the member cluster | `""` |
| `schedulerEstimator.kubeconfig.caCrt` | CA CRT of the certificate | `""` |
| `schedulerEstimator.kubeconfig.crt` | CRT of the certificate | `""` |
| `schedulerEstimator.kubeconfig.key` | KEY of the certificate | `""` |
| `schedulerEstimator.kubeconfig.server` | API-server of the member cluster | `""` |
| `schedulerEstimator.labels` | Labels of the scheduler-estimator deployment | `{}` |
| `schedulerEstimator.replicaCount` | Target replicas of the scheduler-estimator | `1` |
| `schedulerEstimator.podLabels` | Labels of the scheduler-estimator pods | `{}` |
| `schedulerEstimator.podAnnotations` | Annotaions of the scheduler-estimator pods | `{}` |
| `schedulerEstimator.imagePullSecrets` | Image pull secret of the scheduler-estimator | `[]` |
| `schedulerEstimator.image.repository` | Image of the scheduler-estimator | `"swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-scheduler-estimator"` |
| `schedulerEstimator.image.tag` | Image tag of the scheduler-estimator | `"latest"` |
| `schedulerEstimator.image.pullPolicy` | Image pull policy of the scheduler-estimator | `"IfNotPresent"` |
| `schedulerEstimator.resources` | Resource quota of the scheduler-estimator | `{}` |
| `schedulerEstimator.nodeSelector` | Node selector of the scheduler-estimator | `{}` |
| `schedulerEstimator.affinity` | Affinity of the scheduler-estimator | `{}` |
| `schedulerEstimator.tolerations` | Tolerations of the scheduler-estimator | `[]` |
| `descheduler.labels` | Labels of the descheduler deployment | `karmada-descheduler` |
| `descheduler.replicaCount` | Target replicas of the descheduler | `2` |
| `descheduler.podAnnotations` | Annotaions of the descheduler pods | `{}` |
| `descheduler.podLabels` | Labels of the descheduler pods | `{}` |
| `descheduler.imagePullSecrets` | Image pull secret of the descheduler | `[]` |
| `descheduler.image.repository` | Image of the descheduler | `swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-descheduler` |
| `descheduler.image.pullPolicy` | Image pull policy of the descheduler | `IfNotPresent` |
| `descheduler.image.tag` | Overrides the image tag whose default is the latest | `latest` |
| `descheduler.resources` | Resource quota of the descheduler | `{}` |
| `descheduler.nodeSelector` | Node selector of the descheduler | `{}` |
| `descheduler.affinity` | Affinity of the descheduler | `{}` |
| `descheduler.tolerations` | Tolerations of the descheduler | `{}` |
| `descheduler.strategy` | Strategy of the descheduler | `{"type": "RollingUpdate", "rollingUpdate": {"maxUnavailable": "0", "maxSurge": "50%"} }` |

191
charts/_crds/bases/config.karmada.io_resourceinterpreterwebhookconfigurations.yaml Normal file
View File

@ -0,0 +1,191 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: resourceinterpreterwebhookconfigurations.config.karmada.io
spec:
group: config.karmada.io
names:
kind: ResourceInterpreterWebhookConfiguration
listKind: ResourceInterpreterWebhookConfigurationList
plural: resourceinterpreterwebhookconfigurations
singular: resourceinterpreterwebhookconfiguration
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ResourceInterpreterWebhookConfiguration describes the configuration
of webhooks which take the responsibility to tell karmada the details of
the resource object, especially for custom resources.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
webhooks:
description: Webhooks is a list of webhooks and the affected resources
and operations.
items:
description: ResourceInterpreterWebhook describes the webhook as well
as the resources and operations it applies to.
properties:
clientConfig:
description: ClientConfig defines how to communicate with the hook.
properties:
caBundle:
description: '`caBundle` is a PEM encoded CA bundle which will
be used to validate the webhook''s server certificate. If
unspecified, system trust roots on the apiserver are used.'
format: byte
type: string
service:
description: "`service` is a reference to the service for this
webhook. Either `service` or `url` must be specified. \n If
the webhook is running within the cluster, then you should
use `service`."
properties:
name:
description: '`name` is the name of the service. Required'
type: string
namespace:
description: '`namespace` is the namespace of the service.
Required'
type: string
path:
description: '`path` is an optional URL path which will
be sent in any request to this service.'
type: string
port:
description: If specified, the port on the service that
hosting webhook. Default to 443 for backward compatibility.
`port` should be a valid port number (1-65535, inclusive).
format: int32
type: integer
required:
- name
- namespace
type: object
url:
description: "`url` gives the location of the webhook, in standard
URL form (`scheme://host:port/path`). Exactly one of `url`
or `service` must be specified. \n The `host` should not refer
to a service running in the cluster; use the `service` field
instead. The host might be resolved via external DNS in some
apiservers (e.g., `kube-apiserver` cannot resolve in-cluster
DNS as that would be a layering violation). `host` may also
be an IP address. \n Please note that using `localhost` or
`127.0.0.1` as a `host` is risky unless you take great care
to run this webhook on all hosts which run an apiserver which
might need to make calls to this webhook. Such installs are
likely to be non-portable, i.e., not easy to turn up in a
new cluster. \n The scheme must be \"https\"; the URL must
begin with \"https://\". \n A path is optional, and if present
may be any string permissible in a URL. You may use the path
to pass an arbitrary string to the webhook, for example, a
cluster identifier. \n Attempting to use a user or basic auth
e.g. \"user:password@\" is not allowed. Fragments (\"#...\")
and query parameters (\"?...\") are not allowed, either."
type: string
type: object
interpreterContextVersions:
description: InterpreterContextVersions is an ordered list of preferred
`ResourceInterpreterContext` versions the Webhook expects. Karmada
will try to use first version in the list which it supports. If
none of the versions specified in this list supported by Karmada,
validation will fail for this object. If a persisted webhook configuration
specifies allowed versions and does not include any versions known
to the Karmada, calls to the webhook will fail and be subject
to the failure policy.
items:
type: string
type: array
name:
description: Name is the full-qualified name of the webhook.
type: string
rules:
description: Rules describes what operations on what resources the
webhook cares about. The webhook cares about an operation if it
matches any Rule.
items:
description: RuleWithOperations is a tuple of Operations and Resources.
It is recommended to make sure that all the tuple expansions
are valid.
properties:
apiGroups:
description: "APIGroups is the API groups the resources belong
to. '*' is all groups. If '*' is present, the length of
the slice must be one. For example: [\"apps\", \"batch\",
\"example.io\"] means matches 3 groups. [\"*\"] means matches
all group \n Note: The group cloud be empty, e.g the 'core'
group of kubernetes, in that case use [\"\"]."
items:
type: string
type: array
apiVersions:
description: 'APIVersions is the API versions the resources
belong to. ''*'' is all versions. If ''*'' is present, the
length of the slice must be one. For example: ["v1alpha1",
"v1beta1"] means matches 2 versions. ["*"] means matches
all versions.'
items:
type: string
type: array
kinds:
description: 'Kinds is a list of resources this rule applies
to. If ''*'' is present, the length of the slice must be
one. For example: ["Deployment", "Pod"] means matches Deployment
and Pod. ["*"] means apply to all resources.'
items:
type: string
type: array
operations:
description: Operations is the operations the hook cares about.
If '*' is present, the length of the slice must be one.
items:
description: InterpreterOperation specifies an operation
for a request.
type: string
type: array
required:
- apiGroups
- apiVersions
- kinds
- operations
type: object
type: array
timeoutSeconds:
description: TimeoutSeconds specifies the timeout for this webhook.
After the timeout passes, the webhook call will be ignored or
the API call will fail based on the failure policy. The timeout
value must be between 1 and 30 seconds. Default to 10 seconds.
format: int32
type: integer
required:
- clientConfig
- interpreterContextVersions
- name
type: object
type: array
required:
- webhooks
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

133
charts/_crds/bases/multicluster.x-k8s.io_serviceexports.yaml Normal file
View File

@ -0,0 +1,133 @@
# Copyright 2020 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: serviceexports.multicluster.x-k8s.io
spec:
group: multicluster.x-k8s.io
scope: Namespaced
names:
plural: serviceexports
singular: serviceexport
kind: ServiceExport
shortNames:
- svcex
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
"schema":
"openAPIV3Schema":
description: ServiceExport declares that the Service with the same name and
namespace as this export should be consumable from other clusters.
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
status:
description: status describes the current state of an exported service.
Service configuration comes from the Service that had the same name
and namespace as this ServiceExport. Populated by the multi-cluster
service implementation's controller.
type: object
properties:
conditions:
type: array
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are:
\"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
\ // +patchStrategy=merge // +listType=map // +listMapKey=type
\ Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
\n // other fields }"
type: object
required:
- lastTransitionTime
- message
- reason
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
type: string
format: date-time
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
type: string
maxLength: 32768
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
type: integer
format: int64
minimum: 0
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
type: string
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
status:
description: status of the condition, one of True, False, Unknown.
type: string
enum:
- "True"
- "False"
- Unknown
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
type: string
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map

161
charts/_crds/bases/multicluster.x-k8s.io_serviceimports.yaml Normal file
View File

@ -0,0 +1,161 @@
# Copyright 2020 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: serviceimports.multicluster.x-k8s.io
spec:
group: multicluster.x-k8s.io
scope: Namespaced
names:
plural: serviceimports
singular: serviceimport
kind: ServiceImport
shortNames:
- svcim
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- name: Type
type: string
description: The type of this ServiceImport
jsonPath: .spec.type
- name: IP
type: string
description: The VIP for this ServiceImport
jsonPath: .spec.ips
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
"schema":
"openAPIV3Schema":
description: ServiceImport describes a service imported from clusters in a
ClusterSet.
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec defines the behavior of a ServiceImport.
type: object
required:
- ports
- type
properties:
ips:
description: ip will be used as the VIP for this service when type
is ClusterSetIP.
type: array
maxItems: 1
items:
type: string
ports:
type: array
items:
description: ServicePort represents the port on which the service
is exposed
type: object
required:
- port
properties:
appProtocol:
description: The application protocol for this port. This field
follows standard Kubernetes label syntax. Un-prefixed names
are reserved for IANA standard service names (as per RFC-6335
and http://www.iana.org/assignments/service-names). Non-standard
protocols should use prefixed names such as mycompany.com/my-custom-protocol.
Field can be enabled with ServiceAppProtocol feature gate.
type: string
name:
description: The name of this port within the service. This
must be a DNS_LABEL. All ports within a ServiceSpec must have
unique names. When considering the endpoints for a Service,
this must match the 'name' field in the EndpointPort. Optional
if only one ServicePort is defined on this service.
type: string
port:
description: The port that will be exposed by this service.
type: integer
format: int32
protocol:
description: The IP protocol for this port. Supports "TCP",
"UDP", and "SCTP". Default is TCP.
type: string
x-kubernetes-list-type: atomic
sessionAffinity:
description: 'Supports "ClientIP" and "None". Used to maintain session
affinity. Enable client IP based session affinity. Must be ClientIP
or None. Defaults to None. Ignored when type is Headless More info:
https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
type: string
sessionAffinityConfig:
description: sessionAffinityConfig contains session affinity configuration.
type: object
properties:
clientIP:
description: clientIP contains the configurations of Client IP
based session affinity.
type: object
properties:
timeoutSeconds:
description: timeoutSeconds specifies the seconds of ClientIP
type session sticky time. The value must be >0 && <=86400(for
1 day) if ServiceAffinity == "ClientIP". Default value is
10800(for 3 hours).
type: integer
format: int32
type:
description: type defines the type of this service. Must be ClusterSetIP
or Headless.
type: string
enum:
- ClusterSetIP
- Headless
status:
description: status contains information about the exported services that
form the multi-cluster service referenced by this ServiceImport.
type: object
properties:
clusters:
description: clusters is the list of exporting clusters from which
this service was derived.
type: array
items:
description: ClusterStatus contains service configuration mapped
to a specific source cluster
type: object
required:
- cluster
properties:
cluster:
description: cluster is the name of the exporting cluster. Must
be a valid RFC-1123 DNS label.
type: string
x-kubernetes-list-map-keys:
- cluster
x-kubernetes-list-type: map

366
charts/_crds/bases/networking.karmada.io_multiclusteringresses.yaml Normal file
View File

@ -0,0 +1,366 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: multiclusteringresses.networking.karmada.io
spec:
group: networking.karmada.io
names:
kind: MultiClusterIngress
listKind: MultiClusterIngressList
plural: multiclusteringresses
shortNames:
- mci
singular: multiclusteringress
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: MultiClusterIngress is a collection of rules that allow inbound
connections to reach the endpoints defined by a backend. The structure of
MultiClusterIngress is same as Ingress, indicates the Ingress in multi-clusters.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec is the desired state of the MultiClusterIngress.
properties:
defaultBackend:
description: DefaultBackend is the backend that should handle requests
that don't match any rule. If Rules are not specified, DefaultBackend
must be specified. If DefaultBackend is not set, the handling of
requests that do not match any of the rules will be up to the Ingress
controller.
properties:
resource:
description: Resource is an ObjectRef to another Kubernetes resource
in the namespace of the Ingress object. If resource is specified,
a service.Name and service.Port must not be specified. This
is a mutually exclusive setting with "Service".
properties:
apiGroup:
description: APIGroup is the group for the resource being
referenced. If APIGroup is not specified, the specified
Kind must be in the core API group. For any other third-party
types, APIGroup is required.
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- kind
- name
type: object
service:
description: Service references a Service as a Backend. This is
a mutually exclusive setting with "Resource".
properties:
name:
description: Name is the referenced service. The service must
exist in the same namespace as the Ingress object.
type: string
port:
description: Port of the referenced service. A port name or
port number is required for a IngressServiceBackend.
properties:
name:
description: Name is the name of the port on the Service.
This is a mutually exclusive setting with "Number".
type: string
number:
description: Number is the numerical port number (e.g.
80) on the Service. This is a mutually exclusive setting
with "Name".
format: int32
type: integer
type: object
required:
- name
type: object
type: object
ingressClassName:
description: IngressClassName is the name of the IngressClass cluster
resource. The associated IngressClass defines which controller will
implement the resource. This replaces the deprecated `kubernetes.io/ingress.class`
annotation. For backwards compatibility, when that annotation is
set, it must be given precedence over this field. The controller
may emit a warning if the field and annotation have different values.
Implementations of this API should ignore Ingresses without a class
specified. An IngressClass resource may be marked as default, which
can be used to set a default value for this field. For more information,
refer to the IngressClass documentation.
type: string
rules:
description: A list of host rules used to configure the Ingress. If
unspecified, or no rule matches, all traffic is sent to the default
backend.
items:
description: IngressRule represents the rules mapping the paths
under a specified host to the related backend services. Incoming
requests are first evaluated for a host match, then routed to
the backend associated with the matching IngressRuleValue.
properties:
host:
description: "Host is the fully qualified domain name of a network
host, as defined by RFC 3986. Note the following deviations
from the \"host\" part of the URI as defined in RFC 3986:
1. IPs are not allowed. Currently an IngressRuleValue can
only apply to the IP in the Spec of the parent Ingress. 2.
The `:` delimiter is not respected because ports are not allowed.
Currently the port of an Ingress is implicitly :80 for http
and :443 for https. Both these may change in the future. Incoming
requests are matched against the host before the IngressRuleValue.
If the host is unspecified, the Ingress routes all traffic
based on the specified IngressRuleValue. \n Host can be \"precise\"
which is a domain name without the terminating dot of a network
host (e.g. \"foo.bar.com\") or \"wildcard\", which is a domain
name prefixed with a single wildcard label (e.g. \"*.foo.com\").
The wildcard character '*' must appear by itself as the first
DNS label and matches only a single label. You cannot have
a wildcard label by itself (e.g. Host == \"*\"). Requests
will be matched against the Host field in the following way:
1. If Host is precise, the request matches this rule if the
http host header is equal to Host. 2. If Host is a wildcard,
then the request matches this rule if the http host header
is to equal to the suffix (removing the first label) of the
wildcard rule."
type: string
http:
description: 'HTTPIngressRuleValue is a list of http selectors
pointing to backends. In the example: http://<host>/<path>?<searchpart>
-> backend where where parts of the url correspond to RFC
3986, this resource will be used to match against everything
after the last ''/'' and before the first ''?'' or ''#''.'
properties:
paths:
description: A collection of paths that map requests to
backends.
items:
description: HTTPIngressPath associates a path with a
backend. Incoming urls matching the path are forwarded
to the backend.
properties:
backend:
description: Backend defines the referenced service
endpoint to which the traffic will be forwarded
to.
properties:
resource:
description: Resource is an ObjectRef to another
Kubernetes resource in the namespace of the
Ingress object. If resource is specified, a
service.Name and service.Port must not be specified.
This is a mutually exclusive setting with "Service".
properties:
apiGroup:
description: APIGroup is the group for the
resource being referenced. If APIGroup is
not specified, the specified Kind must be
in the core API group. For any other third-party
types, APIGroup is required.
type: string
kind:
description: Kind is the type of resource
being referenced
type: string
name:
description: Name is the name of resource
being referenced
type: string
required:
- kind
- name
type: object
service:
description: Service references a Service as a
Backend. This is a mutually exclusive setting
with "Resource".
properties:
name:
description: Name is the referenced service.
The service must exist in the same namespace
as the Ingress object.
type: string
port:
description: Port of the referenced service.
A port name or port number is required for
a IngressServiceBackend.
properties:
name:
description: Name is the name of the port
on the Service. This is a mutually exclusive
setting with "Number".
type: string
number:
description: Number is the numerical port
number (e.g. 80) on the Service. This
is a mutually exclusive setting with
"Name".
format: int32
type: integer
type: object
required:
- name
type: object
type: object
path:
description: Path is matched against the path of an
incoming request. Currently it can contain characters
disallowed from the conventional "path" part of
a URL as defined by RFC 3986. Paths must begin with
a '/' and must be present when using PathType with
value "Exact" or "Prefix".
type: string
pathType:
description: 'PathType determines the interpretation
of the Path matching. PathType can be one of the
following values: * Exact: Matches the URL path
exactly. * Prefix: Matches based on a URL path prefix
split by ''/''. Matching is done on a path element
by element basis. A path element refers is the list
of labels in the path split by the ''/'' separator.
A request is a match for path p if every p is an
element-wise prefix of p of the request path. Note
that if the last element of the path is a substring
of the last element in request path, it is not a
match (e.g. /foo/bar matches /foo/bar/baz, but does
not match /foo/barbaz). * ImplementationSpecific:
Interpretation of the Path matching is up to the
IngressClass. Implementations can treat this as
a separate PathType or treat it identically to Prefix
or Exact path types. Implementations are required
to support all path types.'
type: string
required:
- backend
- pathType
type: object
type: array
x-kubernetes-list-type: atomic
required:
- paths
type: object
type: object
type: array
x-kubernetes-list-type: atomic
tls:
description: TLS configuration. Currently the Ingress only supports
a single TLS port, 443. If multiple members of this list specify
different hosts, they will be multiplexed on the same port according
to the hostname specified through the SNI TLS extension, if the
ingress controller fulfilling the ingress supports SNI.
items:
description: IngressTLS describes the transport layer security associated
with an Ingress.
properties:
hosts:
description: Hosts are a list of hosts included in the TLS certificate.
The values in this list must match the name/s used in the
tlsSecret. Defaults to the wildcard host setting for the loadbalancer
controller fulfilling this Ingress, if left unspecified.
items:
type: string
type: array
x-kubernetes-list-type: atomic
secretName:
description: SecretName is the name of the secret used to terminate
TLS traffic on port 443. Field is left optional to allow TLS
routing based on SNI hostname alone. If the SNI host in a
listener conflicts with the "Host" header field used by an
IngressRule, the SNI host is used for termination and value
of the Host header is used for routing.
type: string
type: object
type: array
x-kubernetes-list-type: atomic
type: object
status:
description: Status is the current state of the MultiClusterIngress.
properties:
loadBalancer:
description: LoadBalancer contains the current status of the load-balancer.
properties:
ingress:
description: Ingress is a list containing ingress points for the
load-balancer. Traffic intended for the service should be sent
to these ingress points.
items:
description: 'LoadBalancerIngress represents the status of a
load-balancer ingress point: traffic intended for the service
should be sent to an ingress point.'
properties:
hostname:
description: Hostname is set for load-balancer ingress points
that are DNS based (typically AWS load-balancers)
type: string
ip:
description: IP is set for load-balancer ingress points
that are IP based (typically GCE or OpenStack load-balancers)
type: string
ports:
description: Ports is a list of records of service ports
If used, every port defined in the service should have
an entry in it
items:
properties:
error:
description: 'Error is to record the problem with
the service port The format of the error shall comply
with the following rules: - built-in error values
shall be specified in this file and those shall
use CamelCase names - cloud provider specific error
values must have names that comply with the format
foo.example.com/CamelCase. --- The regex it matches
is (dns1123SubdomainFmt/)?(qualifiedNameFmt)'
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
port:
description: Port is the port number of the service
port of which status is recorded here
format: int32
type: integer
protocol:
default: TCP
description: 'Protocol is the protocol of the service
port of which status is recorded here The supported
values are: "TCP", "UDP", "SCTP"'
type: string
required:
- port
- protocol
type: object
type: array
x-kubernetes-list-type: atomic
type: object
type: array
type: object
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

642
charts/_crds/bases/policy.karmada.io_clusteroverridepolicies.yaml Normal file
View File

@ -0,0 +1,642 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: clusteroverridepolicies.policy.karmada.io
spec:
group: policy.karmada.io
names:
kind: ClusterOverridePolicy
listKind: ClusterOverridePolicyList
plural: clusteroverridepolicies
shortNames:
- cop
singular: clusteroverridepolicy
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ClusterOverridePolicy represents the cluster-wide policy that
overrides a group of resources to one or more clusters.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec represents the desired behavior of ClusterOverridePolicy.
properties:
overrideRules:
description: OverrideRules defines a collection of override rules
on target clusters.
items:
description: RuleWithCluster defines the override rules on clusters.
properties:
overriders:
description: Overriders represents the override rules that would
apply on resources
properties:
argsOverrider:
description: ArgsOverrider represents the rules dedicated
to handling container args
items:
description: CommandArgsOverrider represents the rules
dedicated to handling command/args overrides.
properties:
containerName:
description: The name of container
type: string
operator:
description: Operator represents the operator which
will apply on the command/args.
enum:
- add
- remove
type: string
value:
description: Value to be applied to command/args.
Items in Value which will be appended after command/args
when Operator is 'add'. Items in Value which match
in command/args will be deleted when Operator is
'remove'. If Value is empty, then the command/args
will remain the same.
items:
type: string
type: array
required:
- containerName
- operator
type: object
type: array
commandOverrider:
description: CommandOverrider represents the rules dedicated
to handling container command
items:
description: CommandArgsOverrider represents the rules
dedicated to handling command/args overrides.
properties:
containerName:
description: The name of container
type: string
operator:
description: Operator represents the operator which
will apply on the command/args.
enum:
- add
- remove
type: string
value:
description: Value to be applied to command/args.
Items in Value which will be appended after command/args
when Operator is 'add'. Items in Value which match
in command/args will be deleted when Operator is
'remove'. If Value is empty, then the command/args
will remain the same.
items:
type: string
type: array
required:
- containerName
- operator
type: object
type: array
imageOverrider:
description: ImageOverrider represents the rules dedicated
to handling image overrides.
items:
description: ImageOverrider represents the rules dedicated
to handling image overrides.
properties:
component:
description: 'Component is part of image name. Basically
we presume an image can be made of ''[registry/]repository[:tag]''.
The registry could be: - k8s.gcr.io - fictional.registry.example:10443
The repository could be: - kube-apiserver - fictional/nginx
The tag cloud be: - latest - v1.19.1 - @sha256:dbcc1c35ac38df41fd2f5e4130b32ffdb93ebae8b3dbe638c23575912276fc9c'
enum:
- Registry
- Repository
- Tag
type: string
operator:
description: Operator represents the operator which
will apply on the image.
enum:
- add
- remove
- replace
type: string
predicate:
description: "Predicate filters images before applying
the rule. \n Defaults to nil, in that case, the
system will automatically detect image fields if
the resource type is Pod, ReplicaSet, Deployment
or StatefulSet by following rule: - Pod: spec/containers/<N>/image
- ReplicaSet: spec/template/spec/containers/<N>/image
- Deployment: spec/template/spec/containers/<N>/image
- StatefulSet: spec/template/spec/containers/<N>/image
In addition, all images will be processed if the
resource object has more than one containers. \n
If not nil, only images matches the filters will
be processed."
properties:
path:
description: Path indicates the path of target
field
type: string
required:
- path
type: object
value:
description: Value to be applied to image. Must not
be empty when operator is 'add' or 'replace'. Defaults
to empty and ignored when operator is 'remove'.
type: string
required:
- component
- operator
type: object
type: array
plaintext:
description: Plaintext represents override rules defined
with plaintext overriders.
items:
description: PlaintextOverrider is a simple overrider
that overrides target fields according to path, operator
and value.
properties:
operator:
description: 'Operator indicates the operation on
target field. Available operators are: add, update
and remove.'
enum:
- add
- remove
- replace
type: string
path:
description: Path indicates the path of target field
type: string
value:
description: Value to be applied to target field.
Must be empty when operator is Remove.
x-kubernetes-preserve-unknown-fields: true
required:
- operator
- path
type: object
type: array
type: object
targetCluster:
description: TargetCluster defines restrictions on this override
policy that only applies to resources propagated to the matching
clusters. nil means matching all clusters.
properties:
clusterNames:
description: ClusterNames is the list of clusters to be
selected.
items:
type: string
type: array
exclude:
description: ExcludedClusters is the list of clusters to
be ignored.
items:
type: string
type: array
fieldSelector:
description: FieldSelector is a filter to select member
clusters by fields. If non-nil and non-empty, only the
clusters match this filter will be selected.
properties:
matchExpressions:
description: A list of field selector requirements.
items:
description: A node selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: The label key that the selector applies
to.
type: string
operator:
description: Represents a key's relationship to
a set of values. Valid operators are In, NotIn,
Exists, DoesNotExist. Gt, and Lt.
type: string
values:
description: An array of string values. If the
operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. If the operator
is Gt or Lt, the values array must have a single
element, which will be interpreted as an integer.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
labelSelector:
description: LabelSelector is a filter to select member
clusters by labels. If non-nil and non-empty, only the
clusters match this filter will be selected.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
type: object
required:
- overriders
type: object
type: array
overriders:
description: "Overriders represents the override rules that would
apply on resources \n Deprecated: This filed is deprecated in v1.0
and please use the OverrideRules instead."
properties:
argsOverrider:
description: ArgsOverrider represents the rules dedicated to handling
container args
items:
description: CommandArgsOverrider represents the rules dedicated
to handling command/args overrides.
properties:
containerName:
description: The name of container
type: string
operator:
description: Operator represents the operator which will
apply on the command/args.
enum:
- add
- remove
type: string
value:
description: Value to be applied to command/args. Items
in Value which will be appended after command/args when
Operator is 'add'. Items in Value which match in command/args
will be deleted when Operator is 'remove'. If Value is
empty, then the command/args will remain the same.
items:
type: string
type: array
required:
- containerName
- operator
type: object
type: array
commandOverrider:
description: CommandOverrider represents the rules dedicated to
handling container command
items:
description: CommandArgsOverrider represents the rules dedicated
to handling command/args overrides.
properties:
containerName:
description: The name of container
type: string
operator:
description: Operator represents the operator which will
apply on the command/args.
enum:
- add
- remove
type: string
value:
description: Value to be applied to command/args. Items
in Value which will be appended after command/args when
Operator is 'add'. Items in Value which match in command/args
will be deleted when Operator is 'remove'. If Value is
empty, then the command/args will remain the same.
items:
type: string
type: array
required:
- containerName
- operator
type: object
type: array
imageOverrider:
description: ImageOverrider represents the rules dedicated to
handling image overrides.
items:
description: ImageOverrider represents the rules dedicated to
handling image overrides.
properties:
component:
description: 'Component is part of image name. Basically
we presume an image can be made of ''[registry/]repository[:tag]''.
The registry could be: - k8s.gcr.io - fictional.registry.example:10443
The repository could be: - kube-apiserver - fictional/nginx
The tag cloud be: - latest - v1.19.1 - @sha256:dbcc1c35ac38df41fd2f5e4130b32ffdb93ebae8b3dbe638c23575912276fc9c'
enum:
- Registry
- Repository
- Tag
type: string
operator:
description: Operator represents the operator which will
apply on the image.
enum:
- add
- remove
- replace
type: string
predicate:
description: "Predicate filters images before applying the
rule. \n Defaults to nil, in that case, the system will
automatically detect image fields if the resource type
is Pod, ReplicaSet, Deployment or StatefulSet by following
rule: - Pod: spec/containers/<N>/image - ReplicaSet: spec/template/spec/containers/<N>/image
- Deployment: spec/template/spec/containers/<N>/image
- StatefulSet: spec/template/spec/containers/<N>/image
In addition, all images will be processed if the resource
object has more than one containers. \n If not nil, only
images matches the filters will be processed."
properties:
path:
description: Path indicates the path of target field
type: string
required:
- path
type: object
value:
description: Value to be applied to image. Must not be empty
when operator is 'add' or 'replace'. Defaults to empty
and ignored when operator is 'remove'.
type: string
required:
- component
- operator
type: object
type: array
plaintext:
description: Plaintext represents override rules defined with
plaintext overriders.
items:
description: PlaintextOverrider is a simple overrider that overrides
target fields according to path, operator and value.
properties:
operator:
description: 'Operator indicates the operation on target
field. Available operators are: add, update and remove.'
enum:
- add
- remove
- replace
type: string
path:
description: Path indicates the path of target field
type: string
value:
description: Value to be applied to target field. Must be
empty when operator is Remove.
x-kubernetes-preserve-unknown-fields: true
required:
- operator
- path
type: object
type: array
type: object
resourceSelectors:
description: ResourceSelectors restricts resource types that this
override policy applies to. nil means matching all resources.
items:
description: ResourceSelector the resources will be selected.
properties:
apiVersion:
description: APIVersion represents the API version of the target
resources.
type: string
kind:
description: Kind represents the Kind of the target resources.
type: string
labelSelector:
description: A label query over a set of resources. If name
is not empty, labelSelector will be ignored.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
name:
description: Name of the target resource. Default is empty,
which means selecting all resources.
type: string
namespace:
description: Namespace of the target resource. Default is empty,
which means inherit from the parent object scope.
type: string
required:
- apiVersion
- kind
type: object
type: array
targetCluster:
description: "TargetCluster defines restrictions on this override
policy that only applies to resources propagated to the matching
clusters. nil means matching all clusters. \n Deprecated: This filed
is deprecated in v1.0 and please use the OverrideRules instead."
properties:
clusterNames:
description: ClusterNames is the list of clusters to be selected.
items:
type: string
type: array
exclude:
description: ExcludedClusters is the list of clusters to be ignored.
items:
type: string
type: array
fieldSelector:
description: FieldSelector is a filter to select member clusters
by fields. If non-nil and non-empty, only the clusters match
this filter will be selected.
properties:
matchExpressions:
description: A list of field selector requirements.
items:
description: A node selector requirement is a selector that
contains values, a key, and an operator that relates the
key and values.
properties:
key:
description: The label key that the selector applies
to.
type: string
operator:
description: Represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists,
DoesNotExist. Gt, and Lt.
type: string
values:
description: An array of string values. If the operator
is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt,
the values array must have a single element, which
will be interpreted as an integer. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
labelSelector:
description: LabelSelector is a filter to select member clusters
by labels. If non-nil and non-empty, only the clusters match
this filter will be selected.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
type: object
type: object
type: object
required:
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

526
charts/_crds/bases/policy.karmada.io_clusterpropagationpolicies.yaml Normal file
View File

@ -0,0 +1,526 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: clusterpropagationpolicies.policy.karmada.io
spec:
group: policy.karmada.io
names:
kind: ClusterPropagationPolicy
listKind: ClusterPropagationPolicyList
plural: clusterpropagationpolicies
shortNames:
- cpp
singular: clusterpropagationpolicy
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: 'ClusterPropagationPolicy represents the cluster-wide policy
that propagates a group of resources to one or more clusters. Different
with PropagationPolicy that could only propagate resources in its own namespace,
ClusterPropagationPolicy is able to propagate cluster level resources and
resources in any namespace other than system reserved ones. System reserved
namespaces are: karmada-system, karmada-cluster, karmada-es-*.'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec represents the desired behavior of ClusterPropagationPolicy.
properties:
association:
description: 'Association tells if relevant resources should be selected
automatically. e.g. a ConfigMap referred by a Deployment. default
false. Deprecated: in favor of PropagateDeps.'
type: boolean
dependentOverrides:
description: "DependentOverrides represents the list of overrides(OverridePolicy)
which must present before the current PropagationPolicy takes effect.
\n It used to explicitly specify overrides which current PropagationPolicy
rely on. A typical scenario is the users create OverridePolicy(ies)
and resources at the same time, they want to ensure the new-created
policies would be adopted. \n Note: For the overrides, OverridePolicy(ies)
in current namespace and ClusterOverridePolicy(ies), which not present
in this list will still be applied if they matches the resources."
items:
type: string
type: array
placement:
description: Placement represents the rule for select clusters to
propagate resources.
properties:
clusterAffinity:
description: ClusterAffinity represents scheduling restrictions
to a certain set of clusters. If not set, any cluster can be
scheduling candidate.
properties:
clusterNames:
description: ClusterNames is the list of clusters to be selected.
items:
type: string
type: array
exclude:
description: ExcludedClusters is the list of clusters to be
ignored.
items:
type: string
type: array
fieldSelector:
description: FieldSelector is a filter to select member clusters
by fields. If non-nil and non-empty, only the clusters match
this filter will be selected.
properties:
matchExpressions:
description: A list of field selector requirements.
items:
description: A node selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: The label key that the selector applies
to.
type: string
operator:
description: Represents a key's relationship to
a set of values. Valid operators are In, NotIn,
Exists, DoesNotExist. Gt, and Lt.
type: string
values:
description: An array of string values. If the operator
is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the
values array must be empty. If the operator is
Gt or Lt, the values array must have a single
element, which will be interpreted as an integer.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
labelSelector:
description: LabelSelector is a filter to select member clusters
by labels. If non-nil and non-empty, only the clusters match
this filter will be selected.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
type: object
clusterTolerations:
description: ClusterTolerations represents the tolerations.
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
type: string
type: object
type: array
replicaScheduling:
description: ReplicaScheduling represents the scheduling policy
on dealing with the number of replicas when propagating resources
that have replicas in spec (e.g. deployments, statefulsets)
to member clusters.
properties:
replicaDivisionPreference:
description: ReplicaDivisionPreference determines how the
replicas is divided when ReplicaSchedulingType is "Divided".
Valid options are Aggregated and Weighted. "Aggregated"
divides replicas into clusters as few as possible, while
respecting clusters' resource availabilities during the
division. "Weighted" divides replicas by weight according
to WeightPreference.
enum:
- Aggregated
- Weighted
type: string
replicaSchedulingType:
description: ReplicaSchedulingType determines how the replicas
is scheduled when karmada propagating a resource. Valid
options are Duplicated and Divided. "Duplicated" duplicates
the same replicas to each candidate member cluster from
resource. "Divided" divides replicas into parts according
to number of valid candidate member clusters, and exact
replicas for each cluster are determined by ReplicaDivisionPreference.
enum:
- Duplicated
- Divided
type: string
weightPreference:
description: WeightPreference describes weight for each cluster
or for each group of cluster If ReplicaDivisionPreference
is set to "Weighted", and WeightPreference is not set, scheduler
will weight all clusters the same.
properties:
dynamicWeight:
description: DynamicWeight specifies the factor to generates
dynamic weight list. If specified, StaticWeightList
will be ignored.
enum:
- AvailableReplicas
type: string
staticWeightList:
description: StaticWeightList defines the static cluster
weight.
items:
description: StaticClusterWeight defines the static
cluster weight.
properties:
targetCluster:
description: TargetCluster describes the filter
to select clusters.
properties:
clusterNames:
description: ClusterNames is the list of clusters
to be selected.
items:
type: string
type: array
exclude:
description: ExcludedClusters is the list of
clusters to be ignored.
items:
type: string
type: array
fieldSelector:
description: FieldSelector is a filter to select
member clusters by fields. If non-nil and
non-empty, only the clusters match this filter
will be selected.
properties:
matchExpressions:
description: A list of field selector requirements.
items:
description: A node selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: The label key that the
selector applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators
are In, NotIn, Exists, DoesNotExist.
Gt, and Lt.
type: string
values:
description: An array of string values.
If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty.
If the operator is Gt or Lt, the
values array must have a single
element, which will be interpreted
as an integer. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
labelSelector:
description: LabelSelector is a filter to select
member clusters by labels. If non-nil and
non-empty, only the clusters match this filter
will be selected.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
description: operator represents a
key's relationship to a set of values.
Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of
string values. If the operator is
In or NotIn, the values array must
be non-empty. If the operator is
Exists or DoesNotExist, the values
array must be empty. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
type: object
weight:
description: Weight expressing the preference to
the cluster(s) specified by 'TargetCluster'.
format: int64
minimum: 1
type: integer
required:
- targetCluster
- weight
type: object
type: array
type: object
type: object
spreadConstraints:
description: SpreadConstraints represents a list of the scheduling
constraints.
items:
description: SpreadConstraint represents the spread constraints
on resources.
properties:
maxGroups:
description: MaxGroups restricts the maximum number of cluster
groups to be selected.
type: integer
minGroups:
description: MinGroups restricts the minimum number of cluster
groups to be selected. Defaults to 1.
type: integer
spreadByField:
description: 'SpreadByField represents the fields on Karmada
cluster API used for dynamically grouping member clusters
into different groups. Resources will be spread among
different cluster groups. Available fields for spreading
are: cluster, region, zone, and provider. SpreadByField
should not co-exist with SpreadByLabel. If both SpreadByField
and SpreadByLabel are empty, SpreadByField will be set
to "cluster" by system.'
enum:
- cluster
- region
- zone
- provider
type: string
spreadByLabel:
description: SpreadByLabel represents the label key used
for grouping member clusters into different groups. Resources
will be spread among different cluster groups. SpreadByLabel
should not co-exist with SpreadByField.
type: string
type: object
type: array
type: object
propagateDeps:
description: "PropagateDeps tells if relevant resources should be
propagated automatically. Take 'Deployment' which referencing 'ConfigMap'
and 'Secret' as an example, when 'propagateDeps' is 'true', the
referencing resources could be omitted(for saving config effort)
from 'resourceSelectors' as they will be propagated along with the
Deployment. In addition to the propagating process, the referencing
resources will be migrated along with the Deployment in the fail-over
scenario. \n Defaults to false."
type: boolean
resourceSelectors:
description: ResourceSelectors used to select resources.
items:
description: ResourceSelector the resources will be selected.
properties:
apiVersion:
description: APIVersion represents the API version of the target
resources.
type: string
kind:
description: Kind represents the Kind of the target resources.
type: string
labelSelector:
description: A label query over a set of resources. If name
is not empty, labelSelector will be ignored.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
name:
description: Name of the target resource. Default is empty,
which means selecting all resources.
type: string
namespace:
description: Namespace of the target resource. Default is empty,
which means inherit from the parent object scope.
type: string
required:
- apiVersion
- kind
type: object
type: array
schedulerName:
description: SchedulerName represents which scheduler to proceed the
scheduling. If specified, the policy will be dispatched by specified
scheduler. If not specified, the policy will be dispatched by default
scheduler.
type: string
required:
- resourceSelectors
type: object
required:
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

152
charts/_crds/bases/policy.karmada.io_federatedresourcequotas.yaml Normal file
View File

@ -0,0 +1,152 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: federatedresourcequotas.policy.karmada.io
spec:
group: policy.karmada.io
names:
kind: FederatedResourceQuota
listKind: FederatedResourceQuotaList
plural: federatedresourcequotas
singular: federatedresourcequota
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: FederatedResourceQuota sets aggregate quota restrictions enforced
per namespace across all clusters.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec defines the desired quota.
properties:
overall:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Overall is the set of desired hard limits for each named
resource.
type: object
staticAssignments:
description: 'StaticAssignments represents the subset of desired hard
limits for each cluster. Note: for clusters not present in this
list, Karmada will set an empty ResourceQuota to them, which means
these clusters will have no quotas in the referencing namespace.'
items:
description: StaticClusterAssignment represents the set of desired
hard limits for a specific cluster.
properties:
clusterName:
description: ClusterName is the name of the cluster the limits
enforce to.
type: string
hard:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Hard is the set of desired hard limits for each
named resource.
type: object
required:
- clusterName
- hard
type: object
type: array
required:
- overall
type: object
status:
description: Status defines the actual enforced quota and its current
usage.
properties:
aggregatedStatus:
description: AggregatedStatus is the observed quota usage of each
cluster.
items:
description: ClusterQuotaStatus represents the set of desired limits
and observed usage for a specific cluster.
properties:
clusterName:
description: ClusterName is the name of the cluster the limits
enforce to.
type: string
hard:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Hard is the set of enforced hard limits for each
named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
type: object
used:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Used is the current observed total usage of the
resource in the namespace.
type: object
required:
- clusterName
type: object
type: array
overall:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Overall is the set of enforced hard limits for each named
resource.
type: object
overallUsed:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: OverallUsed is the current observed total usage of the
resource in the namespace.
type: object
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

642
charts/_crds/bases/policy.karmada.io_overridepolicies.yaml Normal file
View File

@ -0,0 +1,642 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: overridepolicies.policy.karmada.io
spec:
group: policy.karmada.io
names:
kind: OverridePolicy
listKind: OverridePolicyList
plural: overridepolicies
shortNames:
- op
singular: overridepolicy
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: OverridePolicy represents the policy that overrides a group of
resources to one or more clusters.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec represents the desired behavior of OverridePolicy.
properties:
overrideRules:
description: OverrideRules defines a collection of override rules
on target clusters.
items:
description: RuleWithCluster defines the override rules on clusters.
properties:
overriders:
description: Overriders represents the override rules that would
apply on resources
properties:
argsOverrider:
description: ArgsOverrider represents the rules dedicated
to handling container args
items:
description: CommandArgsOverrider represents the rules
dedicated to handling command/args overrides.
properties:
containerName:
description: The name of container
type: string
operator:
description: Operator represents the operator which
will apply on the command/args.
enum:
- add
- remove
type: string
value:
description: Value to be applied to command/args.
Items in Value which will be appended after command/args
when Operator is 'add'. Items in Value which match
in command/args will be deleted when Operator is
'remove'. If Value is empty, then the command/args
will remain the same.
items:
type: string
type: array
required:
- containerName
- operator
type: object
type: array
commandOverrider:
description: CommandOverrider represents the rules dedicated
to handling container command
items:
description: CommandArgsOverrider represents the rules
dedicated to handling command/args overrides.
properties:
containerName:
description: The name of container
type: string
operator:
description: Operator represents the operator which
will apply on the command/args.
enum:
- add
- remove
type: string
value:
description: Value to be applied to command/args.
Items in Value which will be appended after command/args
when Operator is 'add'. Items in Value which match
in command/args will be deleted when Operator is
'remove'. If Value is empty, then the command/args
will remain the same.
items:
type: string
type: array
required:
- containerName
- operator
type: object
type: array
imageOverrider:
description: ImageOverrider represents the rules dedicated
to handling image overrides.
items:
description: ImageOverrider represents the rules dedicated
to handling image overrides.
properties:
component:
description: 'Component is part of image name. Basically
we presume an image can be made of ''[registry/]repository[:tag]''.
The registry could be: - k8s.gcr.io - fictional.registry.example:10443
The repository could be: - kube-apiserver - fictional/nginx
The tag cloud be: - latest - v1.19.1 - @sha256:dbcc1c35ac38df41fd2f5e4130b32ffdb93ebae8b3dbe638c23575912276fc9c'
enum:
- Registry
- Repository
- Tag
type: string
operator:
description: Operator represents the operator which
will apply on the image.
enum:
- add
- remove
- replace
type: string
predicate:
description: "Predicate filters images before applying
the rule. \n Defaults to nil, in that case, the
system will automatically detect image fields if
the resource type is Pod, ReplicaSet, Deployment
or StatefulSet by following rule: - Pod: spec/containers/<N>/image
- ReplicaSet: spec/template/spec/containers/<N>/image
- Deployment: spec/template/spec/containers/<N>/image
- StatefulSet: spec/template/spec/containers/<N>/image
In addition, all images will be processed if the
resource object has more than one containers. \n
If not nil, only images matches the filters will
be processed."
properties:
path:
description: Path indicates the path of target
field
type: string
required:
- path
type: object
value:
description: Value to be applied to image. Must not
be empty when operator is 'add' or 'replace'. Defaults
to empty and ignored when operator is 'remove'.
type: string
required:
- component
- operator
type: object
type: array
plaintext:
description: Plaintext represents override rules defined
with plaintext overriders.
items:
description: PlaintextOverrider is a simple overrider
that overrides target fields according to path, operator
and value.
properties:
operator:
description: 'Operator indicates the operation on
target field. Available operators are: add, update
and remove.'
enum:
- add
- remove
- replace
type: string
path:
description: Path indicates the path of target field
type: string
value:
description: Value to be applied to target field.
Must be empty when operator is Remove.
x-kubernetes-preserve-unknown-fields: true
required:
- operator
- path
type: object
type: array
type: object
targetCluster:
description: TargetCluster defines restrictions on this override
policy that only applies to resources propagated to the matching
clusters. nil means matching all clusters.
properties:
clusterNames:
description: ClusterNames is the list of clusters to be
selected.
items:
type: string
type: array
exclude:
description: ExcludedClusters is the list of clusters to
be ignored.
items:
type: string
type: array
fieldSelector:
description: FieldSelector is a filter to select member
clusters by fields. If non-nil and non-empty, only the
clusters match this filter will be selected.
properties:
matchExpressions:
description: A list of field selector requirements.
items:
description: A node selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: The label key that the selector applies
to.
type: string
operator:
description: Represents a key's relationship to
a set of values. Valid operators are In, NotIn,
Exists, DoesNotExist. Gt, and Lt.
type: string
values:
description: An array of string values. If the
operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. If the operator
is Gt or Lt, the values array must have a single
element, which will be interpreted as an integer.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
labelSelector:
description: LabelSelector is a filter to select member
clusters by labels. If non-nil and non-empty, only the
clusters match this filter will be selected.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
type: object
required:
- overriders
type: object
type: array
overriders:
description: "Overriders represents the override rules that would
apply on resources \n Deprecated: This filed is deprecated in v1.0
and please use the OverrideRules instead."
properties:
argsOverrider:
description: ArgsOverrider represents the rules dedicated to handling
container args
items:
description: CommandArgsOverrider represents the rules dedicated
to handling command/args overrides.
properties:
containerName:
description: The name of container
type: string
operator:
description: Operator represents the operator which will
apply on the command/args.
enum:
- add
- remove
type: string
value:
description: Value to be applied to command/args. Items
in Value which will be appended after command/args when
Operator is 'add'. Items in Value which match in command/args
will be deleted when Operator is 'remove'. If Value is
empty, then the command/args will remain the same.
items:
type: string
type: array
required:
- containerName
- operator
type: object
type: array
commandOverrider:
description: CommandOverrider represents the rules dedicated to
handling container command
items:
description: CommandArgsOverrider represents the rules dedicated
to handling command/args overrides.
properties:
containerName:
description: The name of container
type: string
operator:
description: Operator represents the operator which will
apply on the command/args.
enum:
- add
- remove
type: string
value:
description: Value to be applied to command/args. Items
in Value which will be appended after command/args when
Operator is 'add'. Items in Value which match in command/args
will be deleted when Operator is 'remove'. If Value is
empty, then the command/args will remain the same.
items:
type: string
type: array
required:
- containerName
- operator
type: object
type: array
imageOverrider:
description: ImageOverrider represents the rules dedicated to
handling image overrides.
items:
description: ImageOverrider represents the rules dedicated to
handling image overrides.
properties:
component:
description: 'Component is part of image name. Basically
we presume an image can be made of ''[registry/]repository[:tag]''.
The registry could be: - k8s.gcr.io - fictional.registry.example:10443
The repository could be: - kube-apiserver - fictional/nginx
The tag cloud be: - latest - v1.19.1 - @sha256:dbcc1c35ac38df41fd2f5e4130b32ffdb93ebae8b3dbe638c23575912276fc9c'
enum:
- Registry
- Repository
- Tag
type: string
operator:
description: Operator represents the operator which will
apply on the image.
enum:
- add
- remove
- replace
type: string
predicate:
description: "Predicate filters images before applying the
rule. \n Defaults to nil, in that case, the system will
automatically detect image fields if the resource type
is Pod, ReplicaSet, Deployment or StatefulSet by following
rule: - Pod: spec/containers/<N>/image - ReplicaSet: spec/template/spec/containers/<N>/image
- Deployment: spec/template/spec/containers/<N>/image
- StatefulSet: spec/template/spec/containers/<N>/image
In addition, all images will be processed if the resource
object has more than one containers. \n If not nil, only
images matches the filters will be processed."
properties:
path:
description: Path indicates the path of target field
type: string
required:
- path
type: object
value:
description: Value to be applied to image. Must not be empty
when operator is 'add' or 'replace'. Defaults to empty
and ignored when operator is 'remove'.
type: string
required:
- component
- operator
type: object
type: array
plaintext:
description: Plaintext represents override rules defined with
plaintext overriders.
items:
description: PlaintextOverrider is a simple overrider that overrides
target fields according to path, operator and value.
properties:
operator:
description: 'Operator indicates the operation on target
field. Available operators are: add, update and remove.'
enum:
- add
- remove
- replace
type: string
path:
description: Path indicates the path of target field
type: string
value:
description: Value to be applied to target field. Must be
empty when operator is Remove.
x-kubernetes-preserve-unknown-fields: true
required:
- operator
- path
type: object
type: array
type: object
resourceSelectors:
description: ResourceSelectors restricts resource types that this
override policy applies to. nil means matching all resources.
items:
description: ResourceSelector the resources will be selected.
properties:
apiVersion:
description: APIVersion represents the API version of the target
resources.
type: string
kind:
description: Kind represents the Kind of the target resources.
type: string
labelSelector:
description: A label query over a set of resources. If name
is not empty, labelSelector will be ignored.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
name:
description: Name of the target resource. Default is empty,
which means selecting all resources.
type: string
namespace:
description: Namespace of the target resource. Default is empty,
which means inherit from the parent object scope.
type: string
required:
- apiVersion
- kind
type: object
type: array
targetCluster:
description: "TargetCluster defines restrictions on this override
policy that only applies to resources propagated to the matching
clusters. nil means matching all clusters. \n Deprecated: This filed
is deprecated in v1.0 and please use the OverrideRules instead."
properties:
clusterNames:
description: ClusterNames is the list of clusters to be selected.
items:
type: string
type: array
exclude:
description: ExcludedClusters is the list of clusters to be ignored.
items:
type: string
type: array
fieldSelector:
description: FieldSelector is a filter to select member clusters
by fields. If non-nil and non-empty, only the clusters match
this filter will be selected.
properties:
matchExpressions:
description: A list of field selector requirements.
items:
description: A node selector requirement is a selector that
contains values, a key, and an operator that relates the
key and values.
properties:
key:
description: The label key that the selector applies
to.
type: string
operator:
description: Represents a key's relationship to a set
of values. Valid operators are In, NotIn, Exists,
DoesNotExist. Gt, and Lt.
type: string
values:
description: An array of string values. If the operator
is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. If the operator is Gt or Lt,
the values array must have a single element, which
will be interpreted as an integer. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
labelSelector:
description: LabelSelector is a filter to select member clusters
by labels. If non-nil and non-empty, only the clusters match
this filter will be selected.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
type: object
type: object
type: object
required:
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

522
charts/_crds/bases/policy.karmada.io_propagationpolicies.yaml Normal file
View File

@ -0,0 +1,522 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: propagationpolicies.policy.karmada.io
spec:
group: policy.karmada.io
names:
kind: PropagationPolicy
listKind: PropagationPolicyList
plural: propagationpolicies
shortNames:
- pp
singular: propagationpolicy
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: PropagationPolicy represents the policy that propagates a group
of resources to one or more clusters.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec represents the desired behavior of PropagationPolicy.
properties:
association:
description: 'Association tells if relevant resources should be selected
automatically. e.g. a ConfigMap referred by a Deployment. default
false. Deprecated: in favor of PropagateDeps.'
type: boolean
dependentOverrides:
description: "DependentOverrides represents the list of overrides(OverridePolicy)
which must present before the current PropagationPolicy takes effect.
\n It used to explicitly specify overrides which current PropagationPolicy
rely on. A typical scenario is the users create OverridePolicy(ies)
and resources at the same time, they want to ensure the new-created
policies would be adopted. \n Note: For the overrides, OverridePolicy(ies)
in current namespace and ClusterOverridePolicy(ies), which not present
in this list will still be applied if they matches the resources."
items:
type: string
type: array
placement:
description: Placement represents the rule for select clusters to
propagate resources.
properties:
clusterAffinity:
description: ClusterAffinity represents scheduling restrictions
to a certain set of clusters. If not set, any cluster can be
scheduling candidate.
properties:
clusterNames:
description: ClusterNames is the list of clusters to be selected.
items:
type: string
type: array
exclude:
description: ExcludedClusters is the list of clusters to be
ignored.
items:
type: string
type: array
fieldSelector:
description: FieldSelector is a filter to select member clusters
by fields. If non-nil and non-empty, only the clusters match
this filter will be selected.
properties:
matchExpressions:
description: A list of field selector requirements.
items:
description: A node selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: The label key that the selector applies
to.
type: string
operator:
description: Represents a key's relationship to
a set of values. Valid operators are In, NotIn,
Exists, DoesNotExist. Gt, and Lt.
type: string
values:
description: An array of string values. If the operator
is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the
values array must be empty. If the operator is
Gt or Lt, the values array must have a single
element, which will be interpreted as an integer.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
labelSelector:
description: LabelSelector is a filter to select member clusters
by labels. If non-nil and non-empty, only the clusters match
this filter will be selected.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
type: object
clusterTolerations:
description: ClusterTolerations represents the tolerations.
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
type: string
type: object
type: array
replicaScheduling:
description: ReplicaScheduling represents the scheduling policy
on dealing with the number of replicas when propagating resources
that have replicas in spec (e.g. deployments, statefulsets)
to member clusters.
properties:
replicaDivisionPreference:
description: ReplicaDivisionPreference determines how the
replicas is divided when ReplicaSchedulingType is "Divided".
Valid options are Aggregated and Weighted. "Aggregated"
divides replicas into clusters as few as possible, while
respecting clusters' resource availabilities during the
division. "Weighted" divides replicas by weight according
to WeightPreference.
enum:
- Aggregated
- Weighted
type: string
replicaSchedulingType:
description: ReplicaSchedulingType determines how the replicas
is scheduled when karmada propagating a resource. Valid
options are Duplicated and Divided. "Duplicated" duplicates
the same replicas to each candidate member cluster from
resource. "Divided" divides replicas into parts according
to number of valid candidate member clusters, and exact
replicas for each cluster are determined by ReplicaDivisionPreference.
enum:
- Duplicated
- Divided
type: string
weightPreference:
description: WeightPreference describes weight for each cluster
or for each group of cluster If ReplicaDivisionPreference
is set to "Weighted", and WeightPreference is not set, scheduler
will weight all clusters the same.
properties:
dynamicWeight:
description: DynamicWeight specifies the factor to generates
dynamic weight list. If specified, StaticWeightList
will be ignored.
enum:
- AvailableReplicas
type: string
staticWeightList:
description: StaticWeightList defines the static cluster
weight.
items:
description: StaticClusterWeight defines the static
cluster weight.
properties:
targetCluster:
description: TargetCluster describes the filter
to select clusters.
properties:
clusterNames:
description: ClusterNames is the list of clusters
to be selected.
items:
type: string
type: array
exclude:
description: ExcludedClusters is the list of
clusters to be ignored.
items:
type: string
type: array
fieldSelector:
description: FieldSelector is a filter to select
member clusters by fields. If non-nil and
non-empty, only the clusters match this filter
will be selected.
properties:
matchExpressions:
description: A list of field selector requirements.
items:
description: A node selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: The label key that the
selector applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators
are In, NotIn, Exists, DoesNotExist.
Gt, and Lt.
type: string
values:
description: An array of string values.
If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty.
If the operator is Gt or Lt, the
values array must have a single
element, which will be interpreted
as an integer. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
labelSelector:
description: LabelSelector is a filter to select
member clusters by labels. If non-nil and
non-empty, only the clusters match this filter
will be selected.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
description: operator represents a
key's relationship to a set of values.
Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of
string values. If the operator is
In or NotIn, the values array must
be non-empty. If the operator is
Exists or DoesNotExist, the values
array must be empty. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
type: object
weight:
description: Weight expressing the preference to
the cluster(s) specified by 'TargetCluster'.
format: int64
minimum: 1
type: integer
required:
- targetCluster
- weight
type: object
type: array
type: object
type: object
spreadConstraints:
description: SpreadConstraints represents a list of the scheduling
constraints.
items:
description: SpreadConstraint represents the spread constraints
on resources.
properties:
maxGroups:
description: MaxGroups restricts the maximum number of cluster
groups to be selected.
type: integer
minGroups:
description: MinGroups restricts the minimum number of cluster
groups to be selected. Defaults to 1.
type: integer
spreadByField:
description: 'SpreadByField represents the fields on Karmada
cluster API used for dynamically grouping member clusters
into different groups. Resources will be spread among
different cluster groups. Available fields for spreading
are: cluster, region, zone, and provider. SpreadByField
should not co-exist with SpreadByLabel. If both SpreadByField
and SpreadByLabel are empty, SpreadByField will be set
to "cluster" by system.'
enum:
- cluster
- region
- zone
- provider
type: string
spreadByLabel:
description: SpreadByLabel represents the label key used
for grouping member clusters into different groups. Resources
will be spread among different cluster groups. SpreadByLabel
should not co-exist with SpreadByField.
type: string
type: object
type: array
type: object
propagateDeps:
description: "PropagateDeps tells if relevant resources should be
propagated automatically. Take 'Deployment' which referencing 'ConfigMap'
and 'Secret' as an example, when 'propagateDeps' is 'true', the
referencing resources could be omitted(for saving config effort)
from 'resourceSelectors' as they will be propagated along with the
Deployment. In addition to the propagating process, the referencing
resources will be migrated along with the Deployment in the fail-over
scenario. \n Defaults to false."
type: boolean
resourceSelectors:
description: ResourceSelectors used to select resources.
items:
description: ResourceSelector the resources will be selected.
properties:
apiVersion:
description: APIVersion represents the API version of the target
resources.
type: string
kind:
description: Kind represents the Kind of the target resources.
type: string
labelSelector:
description: A label query over a set of resources. If name
is not empty, labelSelector will be ignored.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
name:
description: Name of the target resource. Default is empty,
which means selecting all resources.
type: string
namespace:
description: Namespace of the target resource. Default is empty,
which means inherit from the parent object scope.
type: string
required:
- apiVersion
- kind
type: object
type: array
schedulerName:
description: SchedulerName represents which scheduler to proceed the
scheduling. If specified, the policy will be dispatched by specified
scheduler. If not specified, the policy will be dispatched by default
scheduler.
type: string
required:
- resourceSelectors
type: object
required:
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

623
charts/_crds/bases/work.karmada.io_clusterresourcebindings.yaml Normal file
View File

@ -0,0 +1,623 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: clusterresourcebindings.work.karmada.io
spec:
group: work.karmada.io
names:
kind: ClusterResourceBinding
listKind: ClusterResourceBindingList
plural: clusterresourcebindings
shortNames:
- crb
singular: clusterresourcebinding
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ClusterResourceBinding represents a binding of a kubernetes resource
with a ClusterPropagationPolicy.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec represents the desired behavior.
properties:
clusters:
description: Clusters represents target member clusters where the
resource to be deployed.
items:
description: TargetCluster represents the identifier of a member
cluster.
properties:
name:
description: Name of target cluster.
type: string
replicas:
description: Replicas in target cluster
format: int32
type: integer
required:
- name
type: object
type: array
resource:
description: Resource represents the Kubernetes resource to be propagated.
properties:
apiVersion:
description: APIVersion represents the API version of the referent.
type: string
kind:
description: Kind represents the Kind of the referent.
type: string
name:
description: Name represents the name of the referent.
type: string
namespace:
description: Namespace represents the namespace for the referent.
For non-namespace scoped resources(e.g. 'ClusterRole')do not
need specify Namespace, and for namespace scoped resources,
Namespace is required. If Namespace is not specified, means
the resource is non-namespace scoped.
type: string
replicas:
description: Replicas represents the replica number of the referencing
resource.
format: int32
type: integer
resourcePerReplicas:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: ReplicaResourceRequirements represents the resources
required by each replica.
type: object
resourceVersion:
description: ResourceVersion represents the internal version of
the referenced object, that can be used by clients to determine
when object has changed.
type: string
required:
- apiVersion
- kind
- name
type: object
required:
- resource
type: object
status:
description: Status represents the most recently observed status of the
ResourceBinding.
properties:
aggregatedStatus:
description: AggregatedStatus represents status list of the resource
running in each member cluster.
items:
description: AggregatedStatusItem represents status of the resource
running in a member cluster.
properties:
applied:
description: Applied represents if the resource referencing
by ResourceBinding or ClusterResourceBinding is successfully
applied on the cluster.
type: boolean
appliedMessage:
description: AppliedMessage is a human readable message indicating
details about the applied status. This is usually holds the
error message in case of apply failed.
type: string
clusterName:
description: ClusterName represents the member cluster name
which the resource deployed on.
type: string
status:
description: Status reflects running status of current manifest.
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- clusterName
type: object
type: array
conditions:
description: Conditions contain the different condition statuses.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a foo's
current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
type: object
required:
- spec
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=="Scheduled")].status
name: Scheduled
type: string
- jsonPath: .status.conditions[?(@.type=="FullyApplied")].status
name: FullyApplied
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha2
schema:
openAPIV3Schema:
description: ClusterResourceBinding represents a binding of a kubernetes resource
with a ClusterPropagationPolicy.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec represents the desired behavior.
properties:
clusters:
description: Clusters represents target member clusters where the
resource to be deployed.
items:
description: TargetCluster represents the identifier of a member
cluster.
properties:
name:
description: Name of target cluster.
type: string
replicas:
description: Replicas in target cluster
format: int32
type: integer
required:
- name
type: object
type: array
propagateDeps:
description: PropagateDeps tells if relevant resources should be propagated
automatically. It is inherited from PropagationPolicy or ClusterPropagationPolicy.
default false.
type: boolean
replicaRequirements:
description: ReplicaRequirements represents the requirements required
by each replica.
properties:
nodeClaim:
description: NodeClaim represents the node claim HardNodeAffinity,
NodeSelector and Tolerations required by each replica.
properties:
hardNodeAffinity:
description: A node selector represents the union of the results
of one or more label queries over a set of nodes; that is,
it represents the OR of the selectors represented by the
node selector terms. Note that only PodSpec.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution
is included here because it has a hard limit on pod scheduling.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms.
The terms are ORed.
items:
description: A null or empty node selector term matches
no objects. The requirements of them are ANDed. The
TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
type: array
required:
- nodeSelectorTerms
type: object
nodeSelector:
additionalProperties:
type: string
description: NodeSelector is a selector which must be true
for the pod to fit on a node. Selector which must match
a node's labels for the pod to be scheduled on that node.
type: object
tolerations:
description: If specified, the pod's tolerations.
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified,
allowed values are NoSchedule, PreferNoSchedule and
NoExecute.
type: string
key:
description: Key is the taint key that the toleration
applies to. Empty means match all taint keys. If the
key is empty, operator must be Exists; this combination
means to match all values and all keys.
type: string
operator:
description: Operator represents a key's relationship
to the value. Valid operators are Exists and Equal.
Defaults to Equal. Exists is equivalent to wildcard
for value, so that a pod can tolerate all taints of
a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period
of time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the
taint forever (do not evict). Zero and negative values
will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration
matches to. If the operator is Exists, the value should
be empty, otherwise just a regular string.
type: string
type: object
type: array
type: object
resourceRequest:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: ResourceRequest represents the resources required
by each replica.
type: object
type: object
replicas:
description: Replicas represents the replica number of the referencing
resource.
format: int32
type: integer
requiredBy:
description: RequiredBy represents the list of Bindings that depend
on the referencing resource.
items:
description: BindingSnapshot is a snapshot of a ResourceBinding
or ClusterResourceBinding.
properties:
clusters:
description: Clusters represents the scheduled result.
items:
description: TargetCluster represents the identifier of a
member cluster.
properties:
name:
description: Name of target cluster.
type: string
replicas:
description: Replicas in target cluster
format: int32
type: integer
required:
- name
type: object
type: array
name:
description: Name represents the name of the Binding.
type: string
namespace:
description: Namespace represents the namespace of the Binding.
It is required for ResourceBinding. If Namespace is not specified,
means the referencing is ClusterResourceBinding.
type: string
required:
- name
type: object
type: array
resource:
description: Resource represents the Kubernetes resource to be propagated.
properties:
apiVersion:
description: APIVersion represents the API version of the referent.
type: string
kind:
description: Kind represents the Kind of the referent.
type: string
name:
description: Name represents the name of the referent.
type: string
namespace:
description: Namespace represents the namespace for the referent.
For non-namespace scoped resources(e.g. 'ClusterRole')do not
need specify Namespace, and for namespace scoped resources,
Namespace is required. If Namespace is not specified, means
the resource is non-namespace scoped.
type: string
resourceVersion:
description: ResourceVersion represents the internal version of
the referenced object, that can be used by clients to determine
when object has changed.
type: string
uid:
description: UID of the referent.
type: string
required:
- apiVersion
- kind
- name
type: object
required:
- resource
type: object
status:
description: Status represents the most recently observed status of the
ResourceBinding.
properties:
aggregatedStatus:
description: AggregatedStatus represents status list of the resource
running in each member cluster.
items:
description: AggregatedStatusItem represents status of the resource
running in a member cluster.
properties:
applied:
description: Applied represents if the resource referencing
by ResourceBinding or ClusterResourceBinding is successfully
applied on the cluster.
type: boolean
appliedMessage:
description: AppliedMessage is a human readable message indicating
details about the applied status. This is usually holds the
error message in case of apply failed.
type: string
clusterName:
description: ClusterName represents the member cluster name
which the resource deployed on.
type: string
status:
description: Status reflects running status of current manifest.
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- clusterName
type: object
type: array
conditions:
description: Conditions contain the different condition statuses.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a foo's
current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

623
charts/_crds/bases/work.karmada.io_resourcebindings.yaml Normal file
View File

@ -0,0 +1,623 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: resourcebindings.work.karmada.io
spec:
group: work.karmada.io
names:
kind: ResourceBinding
listKind: ResourceBindingList
plural: resourcebindings
shortNames:
- rb
singular: resourcebinding
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ResourceBinding represents a binding of a kubernetes resource
with a propagation policy.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec represents the desired behavior.
properties:
clusters:
description: Clusters represents target member clusters where the
resource to be deployed.
items:
description: TargetCluster represents the identifier of a member
cluster.
properties:
name:
description: Name of target cluster.
type: string
replicas:
description: Replicas in target cluster
format: int32
type: integer
required:
- name
type: object
type: array
resource:
description: Resource represents the Kubernetes resource to be propagated.
properties:
apiVersion:
description: APIVersion represents the API version of the referent.
type: string
kind:
description: Kind represents the Kind of the referent.
type: string
name:
description: Name represents the name of the referent.
type: string
namespace:
description: Namespace represents the namespace for the referent.
For non-namespace scoped resources(e.g. 'ClusterRole')do not
need specify Namespace, and for namespace scoped resources,
Namespace is required. If Namespace is not specified, means
the resource is non-namespace scoped.
type: string
replicas:
description: Replicas represents the replica number of the referencing
resource.
format: int32
type: integer
resourcePerReplicas:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: ReplicaResourceRequirements represents the resources
required by each replica.
type: object
resourceVersion:
description: ResourceVersion represents the internal version of
the referenced object, that can be used by clients to determine
when object has changed.
type: string
required:
- apiVersion
- kind
- name
type: object
required:
- resource
type: object
status:
description: Status represents the most recently observed status of the
ResourceBinding.
properties:
aggregatedStatus:
description: AggregatedStatus represents status list of the resource
running in each member cluster.
items:
description: AggregatedStatusItem represents status of the resource
running in a member cluster.
properties:
applied:
description: Applied represents if the resource referencing
by ResourceBinding or ClusterResourceBinding is successfully
applied on the cluster.
type: boolean
appliedMessage:
description: AppliedMessage is a human readable message indicating
details about the applied status. This is usually holds the
error message in case of apply failed.
type: string
clusterName:
description: ClusterName represents the member cluster name
which the resource deployed on.
type: string
status:
description: Status reflects running status of current manifest.
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- clusterName
type: object
type: array
conditions:
description: Conditions contain the different condition statuses.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a foo's
current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
type: object
required:
- spec
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=="Scheduled")].status
name: Scheduled
type: string
- jsonPath: .status.conditions[?(@.type=="FullyApplied")].status
name: FullyApplied
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha2
schema:
openAPIV3Schema:
description: ResourceBinding represents a binding of a kubernetes resource
with a propagation policy.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec represents the desired behavior.
properties:
clusters:
description: Clusters represents target member clusters where the
resource to be deployed.
items:
description: TargetCluster represents the identifier of a member
cluster.
properties:
name:
description: Name of target cluster.
type: string
replicas:
description: Replicas in target cluster
format: int32
type: integer
required:
- name
type: object
type: array
propagateDeps:
description: PropagateDeps tells if relevant resources should be propagated
automatically. It is inherited from PropagationPolicy or ClusterPropagationPolicy.
default false.
type: boolean
replicaRequirements:
description: ReplicaRequirements represents the requirements required
by each replica.
properties:
nodeClaim:
description: NodeClaim represents the node claim HardNodeAffinity,
NodeSelector and Tolerations required by each replica.
properties:
hardNodeAffinity:
description: A node selector represents the union of the results
of one or more label queries over a set of nodes; that is,
it represents the OR of the selectors represented by the
node selector terms. Note that only PodSpec.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution
is included here because it has a hard limit on pod scheduling.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms.
The terms are ORed.
items:
description: A null or empty node selector term matches
no objects. The requirements of them are ANDed. The
TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
type: array
required:
- nodeSelectorTerms
type: object
nodeSelector:
additionalProperties:
type: string
description: NodeSelector is a selector which must be true
for the pod to fit on a node. Selector which must match
a node's labels for the pod to be scheduled on that node.
type: object
tolerations:
description: If specified, the pod's tolerations.
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified,
allowed values are NoSchedule, PreferNoSchedule and
NoExecute.
type: string
key:
description: Key is the taint key that the toleration
applies to. Empty means match all taint keys. If the
key is empty, operator must be Exists; this combination
means to match all values and all keys.
type: string
operator:
description: Operator represents a key's relationship
to the value. Valid operators are Exists and Equal.
Defaults to Equal. Exists is equivalent to wildcard
for value, so that a pod can tolerate all taints of
a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period
of time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the
taint forever (do not evict). Zero and negative values
will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration
matches to. If the operator is Exists, the value should
be empty, otherwise just a regular string.
type: string
type: object
type: array
type: object
resourceRequest:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: ResourceRequest represents the resources required
by each replica.
type: object
type: object
replicas:
description: Replicas represents the replica number of the referencing
resource.
format: int32
type: integer
requiredBy:
description: RequiredBy represents the list of Bindings that depend
on the referencing resource.
items:
description: BindingSnapshot is a snapshot of a ResourceBinding
or ClusterResourceBinding.
properties:
clusters:
description: Clusters represents the scheduled result.
items:
description: TargetCluster represents the identifier of a
member cluster.
properties:
name:
description: Name of target cluster.
type: string
replicas:
description: Replicas in target cluster
format: int32
type: integer
required:
- name
type: object
type: array
name:
description: Name represents the name of the Binding.
type: string
namespace:
description: Namespace represents the namespace of the Binding.
It is required for ResourceBinding. If Namespace is not specified,
means the referencing is ClusterResourceBinding.
type: string
required:
- name
type: object
type: array
resource:
description: Resource represents the Kubernetes resource to be propagated.
properties:
apiVersion:
description: APIVersion represents the API version of the referent.
type: string
kind:
description: Kind represents the Kind of the referent.
type: string
name:
description: Name represents the name of the referent.
type: string
namespace:
description: Namespace represents the namespace for the referent.
For non-namespace scoped resources(e.g. 'ClusterRole')do not
need specify Namespace, and for namespace scoped resources,
Namespace is required. If Namespace is not specified, means
the resource is non-namespace scoped.
type: string
resourceVersion:
description: ResourceVersion represents the internal version of
the referenced object, that can be used by clients to determine
when object has changed.
type: string
uid:
description: UID of the referent.
type: string
required:
- apiVersion
- kind
- name
type: object
required:
- resource
type: object
status:
description: Status represents the most recently observed status of the
ResourceBinding.
properties:
aggregatedStatus:
description: AggregatedStatus represents status list of the resource
running in each member cluster.
items:
description: AggregatedStatusItem represents status of the resource
running in a member cluster.
properties:
applied:
description: Applied represents if the resource referencing
by ResourceBinding or ClusterResourceBinding is successfully
applied on the cluster.
type: boolean
appliedMessage:
description: AppliedMessage is a human readable message indicating
details about the applied status. This is usually holds the
error message in case of apply failed.
type: string
clusterName:
description: ClusterName represents the member cluster name
which the resource deployed on.
type: string
status:
description: Status reflects running status of current manifest.
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- clusterName
type: object
type: array
conditions:
description: Conditions contain the different condition statuses.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a foo's
current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

202
charts/_crds/bases/work.karmada.io_works.yaml Normal file
View File

@ -0,0 +1,202 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: works.work.karmada.io
spec:
group: work.karmada.io
names:
kind: Work
listKind: WorkList
plural: works
singular: work
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=="Applied")].status
name: Applied
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: Work defines a list of resources to be deployed on the member
cluster.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec represents the desired behavior of Work.
properties:
workload:
description: Workload represents the manifest workload to be deployed
on managed cluster.
properties:
manifests:
description: Manifests represents a list of Kubernetes resources
to be deployed on the managed cluster.
items:
description: Manifest represents a resource to be deployed on
managed cluster.
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
type: object
type: object
status:
description: Status represents the status of PropagationStatus.
properties:
conditions:
description: 'Conditions contain the different condition statuses
for this work. Valid condition types are: 1. Applied represents
workload in Work is applied successfully on a managed cluster. 2.
Progressing represents workload in Work is being applied on a managed
cluster. 3. Available represents workload in Work exists on the
managed cluster. 4. Degraded represents the current state of workload
does not match the desired state for a certain period.'
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a foo's
current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
manifestStatuses:
description: ManifestStatuses contains running status of manifests
in spec.
items:
description: ManifestStatus contains running status of a specific
manifest in spec.
properties:
identifier:
description: Identifier represents the identity of a resource
linking to manifests in spec.
properties:
group:
description: Group is the group of the resource.
type: string
kind:
description: Kind is the kind of the resource.
type: string
name:
description: Name is the name of the resource
type: string
namespace:
description: Namespace is the namespace of the resource,
the resource is cluster scoped if the value is empty
type: string
ordinal:
description: Ordinal represents an index in manifests list,
so the condition can still be linked to a manifest even
though manifest cannot be parsed successfully.
type: integer
resource:
description: Resource is the resource type of the resource
type: string
version:
description: Version is the version of the resource.
type: string
required:
- kind
- name
- ordinal
- resource
- version
type: object
status:
description: Status reflects running status of current manifest.
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- identifier
type: object
type: array
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

17
charts/_crds/kustomization.yaml Normal file
View File

@ -0,0 +1,17 @@
resources:
- bases/multicluster.x-k8s.io_serviceexports.yaml
- bases/multicluster.x-k8s.io_serviceimports.yaml
- bases/policy.karmada.io_clusteroverridepolicies.yaml
- bases/policy.karmada.io_clusterpropagationpolicies.yaml
- bases/policy.karmada.io_federatedresourcequotas.yaml
- bases/policy.karmada.io_overridepolicies.yaml
- bases/policy.karmada.io_propagationpolicies.yaml
- bases/work.karmada.io_resourcebindings.yaml
- bases/work.karmada.io_clusterresourcebindings.yaml
- bases/work.karmada.io_works.yaml
- bases/config.karmada.io_resourceinterpreterwebhookconfigurations.yaml
- bases/networking.karmada.io_multiclusteringresses.yaml
patchesStrategicMerge:
- patches/webhook_in_resourcebindings.yaml
- patches/webhook_in_clusterresourcebindings.yaml

14
charts/_crds/patches/webhook_in_clusterresourcebindings.yaml Normal file
View File

@ -0,0 +1,14 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clusterresourcebindings.work.karmada.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
url: https://karmada-webhook.karmada-system.svc:443/convert
caBundle: {{caBundle}}
conversionReviewVersions: ["v1"]

14
charts/_crds/patches/webhook_in_resourcebindings.yaml Normal file
View File

@ -0,0 +1,14 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: resourcebindings.work.karmada.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
url: https://karmada-webhook.karmada-system.svc:443/convert
caBundle: {{caBundle}}
conversionReviewVersions: ["v1"]

212
charts/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,212 @@
{{/* vim: set filetype=mustache: */}}
{{- define "karmada.name" -}}
{{- default .Release.Name -}}
{{- end -}}
{{- define "karmada.namespace" -}}
{{- default .Release.Namespace -}}
{{- end -}}
{{- define "karmada.apiserver.labels" -}}
{{- if .Values.apiServer.labels }}
{{- range $key, $value := .Values.apiServer.labels}}
{{ $key }}: {{ $value }}
{{- end }}
{{- else}}
app: {{- include "karmada.name" .}}-apiserver
{{- end }}
{{- end -}}
{{- define "karmada.apiserver.podLabels" -}}
{{- if .Values.apiServer.podLabels }}
{{- range $key, $value := .Values.apiServer.podLabels}}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
{{- end -}}
{{- define "karmada.aggregatedApiserver.labels" -}}
{{- if .Values.aggregatedApiServer.labels }}
{{- range $key, $value := .Values.aggregatedApiServer.labels}}
{{ $key }}: {{ $value }}
{{- end }}
{{- else}}
app: {{- include "karmada.name" .}}-aggregated-apiserver
{{- end }}
{{- end -}}
{{- define "karmada.aggregatedApiserver.podLabels" -}}
{{- if .Values.aggregatedApiServer.podLabels }}
{{- range $key, $value := .Values.aggregatedApiServer.podLabels}}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
{{- end -}}
{{- define "karmada.kube-cm.labels" -}}
{{- if .Values.kubeControllerManager.labels }}
{{- range $key, $value := .Values.kubeControllerManager.labels}}
{{ $key }}: {{ $value }}
{{- end }}
{{- else}}
app: {{- include "karmada.name" .}}-kube-controller-manager
{{- end }}
{{- end -}}
{{- define "karmada.kube-cm.podLabels" -}}
{{- if .Values.kubeControllerManager.podLabels }}
{{- range $key, $value := .Values.kubeControllerManager.podLabels}}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
{{- end -}}
{{- define "karmada.kubeconfig.volume" -}}
{{- $name := include "karmada.name" . -}}
- name: kubeconfig-secret
secret:
secretName: {{ $name }}-kubeconfig
{{- end -}}
{{- define "karmada.kubeconfig.volumeMount" -}}
{{- $name := include "karmada.name" . -}}
- name: kubeconfig-secret
subPath: kubeconfig
mountPath: /etc/kubeconfig
{{- end -}}
{{- define "karmada.cm.labels" -}}
{{ $name := include "karmada.name" . }}
{{- if .Values.controllerManager.labels -}}
{{- range $key, $value := .Values.controllerManager.labels}}
{{ $key }}: {{ $value }}
{{- end -}}
{{- else -}}
app: {{$name}}-controller-manager
{{- end -}}
{{- end -}}
{{- define "karmada.cm.podLabels" -}}
{{ $name := include "karmada.name" .}}
{{- if .Values.controllerManager.podLabels }}
{{- range $key, $value := .Values.controllerManager.podLabels}}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
{{- end -}}
{{- define "karmada.scheduler.labels" -}}
{{ $name := include "karmada.name" . }}
{{- if .Values.scheduler.labels -}}
{{- range $key, $value := .Values.scheduler.labels}}
{{ $key }}: {{ $value }}
{{- end -}}
{{- else -}}
app: {{$name}}-scheduler
{{- end -}}
{{- end -}}
{{- define "karmada.scheduler.podLabels" -}}
{{ $name := include "karmada.name" .}}
{{- if .Values.scheduler.podLabels }}
{{- range $key, $value := .Values.scheduler.podLabels}}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
{{- end -}}
{{- define "karmada.descheduler.labels" -}}
{{ $name := include "karmada.name" . }}
{{- if .Values.descheduler.labels -}}
{{- range $key, $value := .Values.descheduler.labels}}
{{ $key }}: {{ $value }}
{{- end -}}
{{- else -}}
app: {{$name}}
{{- end -}}
{{- end -}}
{{- define "karmada.descheduler.podLabels" -}}
{{ $name := include "karmada.name" .}}
{{- if .Values.descheduler.podLabels }}
{{- range $key, $value := .Values.descheduler.podLabels}}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
{{- end -}}
{{- define "karmada.descheduler.kubeconfig.volume" -}}
- name: kubeconfig-secret
secret:
secretName: karmada-kubeconfig
{{- end -}}
{{- define "karmada.webhook.labels" -}}
{{ $name := include "karmada.name" .}}
{{- if .Values.webhook.labels }}
{{- range $key, $value := .Values.webhook.labels}}
{{ $key }}: {{ $value }}
{{- end }}
{{- else}}
app: {{$name}}-webhook
{{- end }}
{{- end -}}
{{- define "karmada.webhook.podLabels" -}}
{{ $name := include "karmada.name" .}}
{{- if .Values.webhook.podLabels }}
{{- range $key, $value := .Values.webhook.podLabels}}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
{{- end -}}
{{- define "karmada.agent.labels" -}}
{{ $name := include "karmada.name" .}}
{{- if .Values.agent.labels }}
{{- range $key, $value := .Values.agent.labels}}
{{ $key }}: {{ $value }}
{{- end }}
{{- else}}
app: {{$name}}
{{- end }}
{{- end -}}
{{- define "karmada.agent.podLabels" -}}
{{ $name := include "karmada.name" .}}
{{- if .Values.agent.podLabels }}
{{- range $key, $value := .Values.agent.podLabels }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
{{- end -}}
{{- define "karmada.webhook.caBundle" -}}
{{- if eq .Values.certs.mode "auto" }}
caBundle: {{ print "{{ ca_crt }}" }}
{{- end }}
{{- if eq .Values.certs.mode "custom" }}
caBundle: {{ b64enc .Values.certs.custom.caCrt }}
{{- end }}
{{- end -}}
{{- define "karmada.schedulerEstimator.podLabels" -}}
{{- if .Values.schedulerEstimator.podLabels }}
{{- range $key, $value := .Values.schedulerEstimator.podLabels}}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
{{- end -}}
{{- define "karmada.schedulerEstimator.labels" -}}
{{- if .Values.schedulerEstimator.labels }}
{{- range $key, $value := .Values.schedulerEstimator.labels}}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
{{- end -}}

30
charts/templates/_karmada_apiservice.tpl Normal file
View File

@ -0,0 +1,30 @@
{{- define "karmada.apiservice" -}}
{{- $name := include "karmada.name" . -}}
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
name: v1alpha1.cluster.karmada.io
labels:
app: {{ $name }}-aggregated-apiserver
apiserver: "true"
spec:
insecureSkipTLSVerify: true
group: cluster.karmada.io
groupPriorityMinimum: 2000
service:
name: {{ $name }}-aggregated-apiserver
namespace: {{ include "karmada.namespace" . }}
version: v1alpha1
versionPriority: 10
---
apiVersion: v1
kind: Service
metadata:
name: {{ $name }}-aggregated-apiserver
namespace: {{ include "karmada.namespace" . }}
spec:
type: ExternalName
externalName: {{ $name }}-aggregated-apiserver.{{ include "karmada.namespace" . }}.svc.{{ .Values.clusterDomain }}
---
{{- end -}}

28
charts/templates/_karmada_cluster_proxy_admin_rbac.tpl Normal file
View File

@ -0,0 +1,28 @@
{{- define "karmada.proxyRbac" -}}
{{- $name := include "karmada.name" . -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ $name }}-cluster-proxy-admin
rules:
- apiGroups:
- 'cluster.karmada.io'
resources:
- clusters/proxy
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ $name }}-cluster-proxy-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ $name }}-cluster-proxy-admin
subjects:
- kind: User
name: "system:admin"
{{- end -}}

12
charts/templates/_karmada_system_namespace.tpl Normal file
View File

@ -0,0 +1,12 @@
{{- define "karmada.systemNamespace" -}}
---
apiVersion: v1
kind: Namespace
metadata:
name: {{ include "karmada.namespace" . }}
---
apiVersion: v1
kind: Namespace
metadata:
name: karmada-cluster
{{- end -}}

146
charts/templates/_karmada_webhook_configuration.tpl Normal file
View File

@ -0,0 +1,146 @@
{{- define "karmada.webhook.configuration" -}}
{{ $name := include "karmada.name" .}}
{{ $namespace := include "karmada.namespace" .}}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: mutating-config
labels:
app: mutating-config
webhooks:
- name: propagationpolicy.karmada.io
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["policy.karmada.io"]
apiVersions: ["*"]
resources: ["propagationpolicies"]
scope: "Namespaced"
clientConfig:
url: https://{{ $name }}-webhook.{{ $namespace }}.svc:443/mutate-propagationpolicy
{{- include "karmada.webhook.caBundle" . | nindent 6 }}
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: ["v1"]
timeoutSeconds: 3
- name: clusterpropagationpolicy.karmada.io
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["policy.karmada.io"]
apiVersions: ["*"]
resources: ["clusterpropagationpolicies"]
scope: "Cluster"
clientConfig:
url: https://{{ $name }}-webhook.{{ $namespace }}.svc:443/mutate-clusterpropagationpolicy
{{- include "karmada.webhook.caBundle" . | nindent 6 }}
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: ["v1"]
timeoutSeconds: 3
- name: overridepolicy.karmada.io
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["policy.karmada.io"]
apiVersions: ["*"]
resources: ["overridepolicies"]
scope: "Namespaced"
clientConfig:
url: https://{{ $name }}-webhook.{{ $namespace }}.svc:443/mutate-overridepolicy
{{- include "karmada.webhook.caBundle" . | nindent 6 }}
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: ["v1"]
timeoutSeconds: 3
- name: clusteroverridepolicy.karmada.io
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["policy.karmada.io"]
apiVersions: ["*"]
resources: ["clusteroverridepolicies"]
scope: "Cluster"
clientConfig:
url: https://{{ $name }}.{{ $namespace }}.svc:443/validate-clusteroverridepolicy
{{- include "karmada.webhook.caBundle" . | nindent 6 }}
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: ["v1"]
timeoutSeconds: 3
- name: work.karmada.io
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["work.karmada.io"]
apiVersions: ["*"]
resources: ["works"]
scope: "Namespaced"
clientConfig:
url: https://{{ $name }}-webhook.{{ $namespace }}.svc:443/mutate-work
{{- include "karmada.webhook.caBundle" . | nindent 6 }}
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: ["v1"]
timeoutSeconds: 3
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: validating-config
labels:
app: validating-config
webhooks:
- name: propagationpolicy.karmada.io
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["policy.karmada.io"]
apiVersions: ["*"]
resources: ["propagationpolicies"]
scope: "Namespaced"
clientConfig:
url: https://{{ $name }}-webhook.{{ $namespace }}.svc:443/validate-propagationpolicy
{{- include "karmada.webhook.caBundle" . | nindent 6 }}
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: ["v1"]
timeoutSeconds: 3
- name: clusterpropagationpolicy.karmada.io
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["policy.karmada.io"]
apiVersions: ["*"]
resources: ["clusterpropagationpolicies"]
scope: "Cluster"
clientConfig:
url: https://{{ $name }}-webhook.{{ $namespace }}.svc:443/validate-clusterpropagationpolicy
{{- include "karmada.webhook.caBundle" . | nindent 6 }}
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: ["v1"]
timeoutSeconds: 3
- name: overridepolicy.karmada.io
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["policy.karmada.io"]
apiVersions: ["*"]
resources: ["overridepolicies"]
scope: "Namespaced"
clientConfig:
url: https://{{ $name }}-webhook.{{ $namespace }}.svc:443/validate-overridepolicy
{{- include "karmada.webhook.caBundle" . | nindent 6 }}
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: ["v1"]
timeoutSeconds: 3
- name: config.karmada.io
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["config.karmada.io"]
apiVersions: ["*"]
resources: ["resourceinterpreterwebhookconfigurations"]
scope: "Cluster"
clientConfig:
url: https://{{ $name }}-webhook.{{ $namespace }}.svc:443/validate-resourceinterpreterwebhookconfiguration
{{- include "karmada.webhook.caBundle" . | nindent 6 }}
failurePolicy: Fail
sideEffects: None
admissionReviewVersions: ["v1"]
timeoutSeconds: 3
{{- end -}}

20
charts/templates/_patch_webhook_in_clusterresourcebindings.tpl Normal file
View File

@ -0,0 +1,20 @@
{{- define "karmada.crd.patch.webhook.clusterresourcebinding" -}}
{{ $name := include "karmada.name" .}}
{{ $namespace := include "karmada.namespace" .}}
---
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clusterresourcebindings.work.karmada.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
url: https://{{ $name }}-webhook.{{ $namespace }}.svc:443/convert
{{- include "karmada.webhook.caBundle" . | nindent 8 }}
conversionReviewVersions: ["v1"]
---
{{- end -}}

20
charts/templates/_patch_webhook_in_resourcebindings.tpl Normal file
View File

@ -0,0 +1,20 @@
{{- define "karmada.crd.patch.webhook.resourcebinding" -}}
{{ $name := include "karmada.name" .}}
{{ $namespace := include "karmada.namespace" .}}
---
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: resourcebindings.work.karmada.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
url: https://{{ $name }}-webhook.{{ $namespace }}.svc:443/convert
{{- include "karmada.webhook.caBundle" . | nindent 8 }}
conversionReviewVersions: ["v1"]
---
{{- end -}}

156
charts/templates/etcd.yaml Normal file
View File

@ -0,0 +1,156 @@
{{- define "etcd.initial.clusters" -}}
{{- $uri := "" -}}
{{- $ns := include "karmada.namespace" . -}}
{{- range $index := until (.Values.etcd.internal.replicaCount | int) -}}
{{- $node := printf "etcd-%d=http://etcd-%d.etcd.%s.svc.%s:2380," $index $index $ns $.Values.clusterDomain }}
{{- $uri = printf "%s%s" $uri $node -}}
{{- end -}}
{{- printf $uri | trimSuffix "," | quote -}}
{{- end }}
{{- if and (eq .Values.etcd.mode "internal") (eq .Values.installMode "host")}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: etcd
namespace: {{ include "karmada.namespace" . }}
labels:
app: etcd
spec:
replicas: {{ .Values.etcd.internal.replicaCount }}
serviceName: etcd
selector:
matchLabels:
app: etcd
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: etcd
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- etcd
topologyKey: kubernetes.io/hostname
tolerations:
- operator: Exists
containers:
- name: etcd
image: "{{ .Values.etcd.internal.image.repository }}:{{ .Values.etcd.internal.image.tag | default "latest" }}"
imagePullPolicy: {{ .Values.etcd.internal.image.pullPolicy }}
livenessProbe:
exec:
command:
- /bin/sh
- -ec
- 'etcdctl get /registry --prefix --keys-only --endpoints https://127.0.0.1:2379 --cacert /etc/kubernetes/pki/etcd/server-ca.crt --cert /etc/kubernetes/pki/etcd/karmada.crt --key /etc/kubernetes/pki/etcd/karmada.key'
failureThreshold: 3
initialDelaySeconds: 600
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 10
env:
- name: KARMADA_ETCD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
ports:
- containerPort: 2369
name: client
protocol: TCP
- containerPort: 2370
name: server
protocol: TCP
resources:
{{- toYaml .Values.etcd.internal.resources | nindent 12 }}
volumeMounts:
- mountPath: /var/lib/etcd
name: etcd-data
- name: etcd-cert
mountPath: /etc/kubernetes/pki/etcd
readOnly: true
command:
- /usr/local/bin/etcd
- --name
- $(KARMADA_ETCD_NAME)
- --listen-peer-urls
- http://0.0.0.0:2380
- --listen-client-urls
- https://0.0.0.0:2379
- --advertise-client-urls
- https://etcd-client.{{ include "karmada.namespace" . }}.svc.{{ .Values.clusterDomain }}:2379
- --initial-cluster
- {{ include "etcd.initial.clusters" . }}
- --initial-cluster-state
- new
- --cert-file=/etc/kubernetes/pki/etcd/karmada.crt
- --client-cert-auth=true
- --key-file=/etc/kubernetes/pki/etcd/karmada.key
- --trusted-ca-file=/etc/kubernetes/pki/etcd/server-ca.crt
- --data-dir=/var/lib/etcd
volumes:
- name: etcd-cert
secret:
secretName: {{ include "karmada.name" . }}-cert
{{- if eq .Values.etcd.internal.storageType "hostPath" }}
- hostPath:
path: /var/lib/{{ include "karmada.namespace" . }}/karmada-etcd
type: DirectoryOrCreate
name: etcd-data
{{- end }}
{{- if eq .Values.etcd.internal.storageType "pvc"}}
volumeClaimTemplates:
- metadata:
name: etcd-data
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: {{ .Values.etcd.internal.pvc.storageClass }}
resources:
requests:
storage: {{ .Values.etcd.internal.pvc.size }}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
labels:
app: etcd
name: etcd-client
namespace: {{ include "karmada.namespace" . }}
spec:
ports:
- name: etcd-client-port
port: 2379
protocol: TCP
targetPort: 2379
selector:
app: etcd
---
apiVersion: v1
kind: Service
metadata:
labels:
app: etcd
name: etcd
namespace: {{ include "karmada.namespace" . }}
spec:
ports:
- name: client
port: 2379
protocol: TCP
targetPort: 2379
- name: server
port: 2380
protocol: TCP
targetPort: 2380
clusterIP: None
selector:
app: etcd
{{- end }}

112
charts/templates/karmada-aggregated-apiserver.yaml Normal file
View File

@ -0,0 +1,112 @@
{{- if eq .Values.installMode "host" }}
{{- $name := include "karmada.name" . -}}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $name }}-aggregated-apiserver
namespace: {{ include "karmada.namespace" . }}
labels:
{{- include "karmada.aggregatedApiserver.labels" . | nindent 4}}
spec:
selector:
matchLabels:
{{- include "karmada.aggregatedApiserver.labels" . | nindent 6}}
replicas: {{ .Values.aggregatedApiServer.replicaCount }}
{{- with .Values.aggregatedApiServer.strategy }}
strategy:
{{- toYaml . | nindent 8 }}
{{- end }}
template:
metadata:
{{- with .Values.aggregatedApiServer.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "karmada.aggregatedApiserver.labels" . | nindent 8}}
{{- include "karmada.aggregatedApiserver.podLabels" . | nindent 8}}
spec:
automountServiceAccountToken: false
containers:
- name: {{ $name }}-aggregated-apiserver
image: "{{ .Values.aggregatedApiServer.image.repository }}:{{ .Values.aggregatedApiServer.image.tag | default "latest" }}"
imagePullPolicy: {{ .Values.aggregatedApiServer.image.pullPolicy }}
volumeMounts:
{{- include "karmada.kubeconfig.volumeMount" . | nindent 12}}
- name: etcd-cert
mountPath: /etc/etcd/pki
readOnly: true
- name: apiserver-cert
mountPath: /etc/kubernetes/pki
readOnly: true
command:
- /bin/karmada-aggregated-apiserver
- --kubeconfig=/etc/kubeconfig
- --authentication-kubeconfig=/etc/kubeconfig
- --authorization-kubeconfig=/etc/kubeconfig
- --karmada-config=/etc/kubeconfig
{{- if eq .Values.etcd.mode "external" }}
- --etcd-cafile=/etc/etcd/pki/ca.crt
- --etcd-certfile=/etc/etcd/pki/tls.crt
- --etcd-keyfile=/etc/etcd/pki/tls.key
- --etcd-servers={{ .Values.etcd.external.servers }}
- --etcd-prefix={{ .Values.etcd.external.registryPrefix }}
{{- end }}
{{- if eq .Values.etcd.mode "internal" }}
- --etcd-cafile=/etc/etcd/pki/server-ca.crt
- --etcd-certfile=/etc/etcd/pki/karmada.crt
- --etcd-keyfile=/etc/etcd/pki/karmada.key
- --etcd-servers=https://etcd-client.{{ include "karmada.namespace" . }}.svc.{{ .Values.clusterDomain }}:2379
{{- end }}
- --tls-cert-file=/etc/kubernetes/pki/karmada.crt
- --tls-private-key-file=/etc/kubernetes/pki/karmada.key
- --audit-log-path=-
- --feature-gates=APIPriorityAndFairness=false
- --audit-log-maxage=0
- --audit-log-maxbackup=0
resources:
{{- toYaml .Values.aggregatedApiServer.resources | nindent 12 }}
{{- with .Values.aggregatedApiServer.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.aggregatedApiServer.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.aggregatedApiServer.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- include "karmada.kubeconfig.volume" . | nindent 8}}
- name: apiserver-cert
secret:
secretName: {{ $name }}-cert
- name: etcd-cert
secret:
{{- if eq .Values.etcd.mode "internal" }}
secretName: {{ $name }}-cert
{{- end }}
{{- if eq .Values.etcd.mode "external" }}
secretName: external-etcd-cert
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $name }}-aggregated-apiserver
namespace: {{ include "karmada.namespace" . }}
labels:
{{- include "karmada.aggregatedApiserver.labels" . | nindent 4}}
spec:
ports:
- port: 443
protocol: TCP
targetPort: 443
selector:
{{- include "karmada.aggregatedApiserver.labels" . | nindent 4}}
{{- end }}

123
charts/templates/karmada_agent.yaml Normal file
View File

@ -0,0 +1,123 @@
{{- if eq .Values.installMode "agent" }}
{{- $name := include "karmada.name" . -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ $name }}
namespace: {{ include "karmada.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ $name }}
rules:
- apiGroups: ['*']
resources: ['*']
verbs: ['*']
- nonResourceURLs: ['*']
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ $name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ $name }}
subjects:
- kind: ServiceAccount
name: {{ $name }}
namespace: {{ include "karmada.namespace" . }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $name }}-kubeconfig
namespace: {{ include "karmada.namespace" . }}
stringData:
kubeconfig: |-
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority-data: {{ b64enc .Values.agent.kubeconfig.caCrt }}
insecure-skip-tls-verify: false
server: {{ .Values.agent.kubeconfig.server }}
name: {{ $name }}-apiserver
users:
- user:
client-certificate-data: {{ b64enc .Values.agent.kubeconfig.crt }}
client-key-data: {{ b64enc .Values.agent.kubeconfig.key }}
name: {{ $name }}-apiserver
contexts:
- context:
cluster: {{ $name }}-apiserver
user: {{ $name }}-apiserver
name: {{ $name }}-apiserver
current-context: {{ $name }}-apiserver
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $name }}
namespace: {{ include "karmada.namespace" . }}
labels:
{{- include "karmada.agent.labels" . | indent 4}}
spec:
replicas: {{ .Values.agent.replicaCount }}
selector:
matchLabels:
{{- include "karmada.agent.labels" . | indent 6}}
{{- with .Values.agent.strategy }}
strategy:
{{- toYaml . | nindent 8 }}
{{- end }}
template:
metadata:
{{- with .Values.agent.podAnnotations}}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "karmada.agent.labels" . | indent 8}}
{{- include "karmada.agent.podLabels" . | indent 8}}
spec:
{{- with .Values.agent.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.agent.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.agent.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.agent.tolerations}}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ $name }}
containers:
- name: {{ $name }}
image: {{ .Values.agent.image.repository}}:{{ .Values.agent.image.tag | default "latest" }}
imagePullPolicy: {{ .Values.agent.image.pullPolicy }}
command:
- /bin/karmada-agent
- --karmada-kubeconfig=/etc/kubeconfig/kubeconfig
- --cluster-name={{ .Values.agent.clusterName }}
- --cluster-status-update-frequency=10s
- --v=4
volumeMounts:
- name: kubeconfig
mountPath: /etc/kubeconfig
resources:
{{- toYaml .Values.agent.resources | nindent 12 }}
volumes:
- name: kubeconfig
secret:
secretName: {{ $name }}-kubeconfig
{{- end }}

171
charts/templates/karmada_apiserver.yaml Normal file
View File

@ -0,0 +1,171 @@
{{- if eq .Values.installMode "host" }}
{{- $name := include "karmada.name" . -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $name }}-apiserver
namespace: {{ include "karmada.namespace" . }}
labels:
{{- include "karmada.apiserver.labels" . | nindent 4}}
spec:
replicas: {{ .Values.apiServer.replicaCount }}
selector:
matchLabels:
{{- include "karmada.apiserver.labels" . | nindent 6}}
{{- with .Values.apiServer.strategy }}
strategy:
{{- toYaml . | nindent 8 }}
{{- end }}
template:
metadata:
{{- with .Values.apiServer.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "karmada.apiserver.labels" . | nindent 8}}
{{- include "karmada.apiserver.podLabels" . | nindent 8}}
spec:
{{- with .Values.apiServer.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ $name }}-apiserver
image: "{{ .Values.apiServer.image.repository }}:{{ .Values.apiServer.image.tag | default "latest" }}"
imagePullPolicy: {{ .Values.apiServer.image.pullPolicy }}
command:
- kube-apiserver
- --allow-privileged=true
- --authorization-mode=Node,RBAC
- --client-ca-file=/etc/kubernetes/pki/server-ca.crt
- --enable-admission-plugins=NodeRestriction
- --enable-bootstrap-token-auth=true
{{- if eq .Values.etcd.mode "external" }}
- --etcd-cafile=/etc/etcd/pki/ca.crt
- --etcd-certfile=/etc/etcd/pki/tls.crt
- --etcd-keyfile=/etc/etcd/pki/tls.key
- --etcd-servers={{ .Values.etcd.external.servers }}
- --etcd-prefix={{ .Values.etcd.external.registryPrefix }}
{{- end }}
{{- if eq .Values.etcd.mode "internal" }}
- --etcd-cafile=/etc/etcd/pki/server-ca.crt
- --etcd-certfile=/etc/etcd/pki/karmada.crt
- --etcd-keyfile=/etc/etcd/pki/karmada.key
- --etcd-servers=https://etcd-client.{{ include "karmada.namespace" . }}.svc.{{ .Values.clusterDomain }}:2379
{{- end }}
- --bind-address=0.0.0.0
- --insecure-port=0
- --kubelet-client-certificate=/etc/kubernetes/pki/karmada.crt
- --kubelet-client-key=/etc/kubernetes/pki/karmada.key
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --runtime-config=
- --secure-port=5443
- --service-account-issuer=https://kubernetes.default.svc.{{ .Values.clusterDomain }}
- --service-account-key-file=/etc/kubernetes/pki/karmada.key
- --service-account-signing-key-file=/etc/kubernetes/pki/karmada.key
- --service-cluster-ip-range=10.96.0.0/12
- --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
- --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
- --requestheader-allowed-names=front-proxy-client
- --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
- --requestheader-extra-headers-prefix=X-Remote-Extra-
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
- --tls-cert-file=/etc/kubernetes/pki/karmada.crt
- --tls-private-key-file=/etc/kubernetes/pki/karmada.key
- --max-requests-inflight={{ .Values.apiServer.maxRequestsInflight }}
- --max-mutating-requests-inflight={{ .Values.apiServer.maxMutatingRequestsInflight }}
ports:
- name: http
containerPort: 5443
protocol: TCP
livenessProbe:
failureThreshold: 8
httpGet:
path: /livez
port: 5443
scheme: HTTPS
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 15
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: 5443
scheme: HTTPS
periodSeconds: 1
successThreshold: 1
timeoutSeconds: 15
resources:
{{- toYaml .Values.apiServer.resources | nindent 12 }}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- name: apiserver-cert
mountPath: /etc/kubernetes/pki
readOnly: true
- name: etcd-cert
mountPath: /etc/etcd/pki
readOnly: true
{{- if .Values.apiServer.hostNetwork }}
dnsPolicy: ClusterFirstWithHostNet
{{- end }}
enableServiceLinks: true
{{- if .Values.apiServer.hostNetwork }}
hostNetwork: true
{{- end }}
preemptionPolicy: PreemptLowerPriority
priority: 2000001000
priorityClassName: system-node-critical
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 30
{{- with .Values.apiServer.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.apiServer.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.apiServer.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: apiserver-cert
secret:
secretName: {{ $name }}-cert
- name: etcd-cert
secret:
{{- if eq .Values.etcd.mode "internal" }}
secretName: {{ $name }}-cert
{{- end }}
{{- if eq .Values.etcd.mode "external" }}
secretName: external-etcd-cert
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $name }}-apiserver
namespace: {{ include "karmada.namespace" . }}
labels:
{{- include "karmada.apiserver.labels" . | nindent 4}}
spec:
type: {{ .Values.apiServer.serviceType }}
ports:
- name: {{ $name }}-apiserver
{{- if and (eq .Values.apiServer.serviceType "NodePort") (.Values.apiServer.nodePort) }}
nodePort: {{ .Values.apiServer.nodePort }}
{{- end }}
port: 5443
protocol: TCP
targetPort: 5443
selector:
{{- include "karmada.apiserver.labels" . | nindent 4}}
{{- end }}

51
charts/templates/karmada_cert.yaml Normal file
View File

@ -0,0 +1,51 @@
{{- if and (eq .Values.installMode "host") (eq .Values.certs.mode "custom") }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "karmada.name" . }}-cert
namespace: {{ include "karmada.namespace" . }}
type: Opaque
data:
server-ca.crt: |
{{ b64enc .Values.certs.custom.caCrt }}
karmada.crt: |
{{ b64enc .Values.certs.custom.crt }}
karmada.key: |
{{ b64enc .Values.certs.custom.key }}
front-proxy-ca.crt: |
{{ b64enc .Values.certs.custom.frontProxyCaCrt }}
front-proxy-client.crt: |
{{ b64enc .Values.certs.custom.frontProxyCrt }}
front-proxy-client.key: |
{{ b64enc .Values.certs.custom.frontProxyKey }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "karmada.name" . }}-webhook-cert
namespace: {{ include "karmada.namespace" . }}
type: kubernetes.io/tls
data:
tls.crt: |
{{ b64enc .Values.certs.custom.crt }}
tls.key: |
{{ b64enc .Values.certs.custom.key }}
---
{{- end }}
{{- if and (eq .Values.installMode "host") (eq .Values.etcd.mode "external")}}
apiVersion: v1
kind: Secret
metadata:
name: external-etcd-cert
namespace: {{ include "karmada.namespace" . }}
type: Opaque
data:
ca.crt: |
{{ b64enc .Values.etcd.external.certs.caCrt }}
tls.crt: |
{{ b64enc .Values.etcd.external.certs.crt }}
tls.key: |
{{ b64enc .Values.etcd.external.certs.key }}
---
{{- end }}

94
charts/templates/karmada_controller_manager.yaml Normal file
View File

@ -0,0 +1,94 @@
{{- if eq .Values.installMode "host" }}
{{- $name := include "karmada.name" . -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ $name }}-controller-manager
namespace: {{ include "karmada.namespace" . }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $name }}-controller-manager
namespace: {{ include "karmada.namespace" . }}
labels:
{{- include "karmada.cm.labels" . | nindent 4}}
spec:
replicas: {{ .Values.controllerManager.replicaCount }}
selector:
matchLabels:
{{- include "karmada.cm.labels" . | nindent 6}}
{{- with .Values.controllerManager.strategy }}
strategy:
{{- toYaml . | nindent 8 }}
{{- end }}
template:
metadata:
{{- with .Values.controllerManager.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "karmada.cm.labels" . | nindent 8}}
{{- include "karmada.cm.podLabels" . | nindent 8}}
spec:
{{- with .Values.controllerManager.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ $name }}-controller-manager
{{- with .Values.controllerManager.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controllerManager.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controllerManager.tolerations}}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- include "karmada.kubeconfig.volume" . | nindent 8}}
containers:
- name: {{ $name }}-controller-manager
image: "{{ .Values.controllerManager.image.repository }}:{{ .Values.controllerManager.image.tag | default "latest" }}"
imagePullPolicy: {{ .Values.controllerManager.image.pullPolicy }}
command:
- /bin/karmada-controller-manager
- --kubeconfig=/etc/kubeconfig
- --bind-address=0.0.0.0
- --cluster-status-update-frequency=10s
- --secure-port=10357
- --v=2
volumeMounts:
{{- include "karmada.kubeconfig.volumeMount" . | nindent 12}}
resources:
{{- toYaml .Values.controllerManager.resources | nindent 12 }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ $name }}-controller-manager
rules:
- apiGroups: ['*']
resources: ['*']
verbs: ["get", "watch", "list", "create", "patch", "update", "delete"]
- nonResourceURLs: ['*']
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ $name }}-controller-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ $name }}-controller-manager
subjects:
- kind: ServiceAccount
name: {{ $name }}-controller-manager
namespace: {{ include "karmada.namespace" . }}
---
{{- end }}

60
charts/templates/karmada_descheduler.yaml Normal file
View File

@ -0,0 +1,60 @@
{{- $name := include "karmada.name" . -}}
{{- if and (eq .Values.installMode "component") (has "descheduler" .Values.components) }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $name }}
namespace: {{ include "karmada.namespace" . }}
labels:
{{- include "karmada.descheduler.labels" . | nindent 4}}
spec:
replicas: {{ .Values.descheduler.replicaCount }}
selector:
matchLabels:
{{- include "karmada.descheduler.labels" . | nindent 6}}
{{- with .Values.descheduler.strategy }}
strategy:
{{- toYaml . | nindent 8 }}
{{- end }}
template:
metadata:
{{- with .Values.descheduler.podAnnotations}}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "karmada.descheduler.labels" . | nindent 8}}
{{- include "karmada.descheduler.podLabels" . | nindent 8}}
spec:
{{- with .Values.descheduler.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.descheduler.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.descheduler.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.descheduler.tolerations}}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ $name }}
image: {{ .Values.descheduler.image.repository}}:{{ .Values.descheduler.image.tag | default "latest" }}
imagePullPolicy: {{ .Values.descheduler.image.pullPolicy }}
command:
- /bin/karmada-descheduler
- --kubeconfig=/etc/kubeconfig
- --bind-address=0.0.0.0
- --v=4
volumeMounts:
{{- include "karmada.kubeconfig.volumeMount" . | nindent 12 }}
resources:
{{- toYaml .Values.descheduler.resources | nindent 12 }}
volumes:
{{- include "karmada.descheduler.kubeconfig.volume" . | nindent 8}}
{{- end }}

29
charts/templates/karmada_kubeconfig.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if and (eq .Values.installMode "host") (eq .Values.certs.mode "custom") }}
{{- $name := include "karmada.name" . -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ $name }}-kubeconfig
namespace: {{ include "karmada.namespace" . }}
stringData:
kubeconfig: |-
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority-data: {{ b64enc .Values.certs.custom.caCrt }}
insecure-skip-tls-verify: false
server: https://{{ $name }}-apiserver.{{ include "karmada.namespace" . }}.svc.{{ .Values.clusterDomain }}:5443
name: {{ $name }}-apiserver
users:
- user:
client-certificate-data: {{ b64enc .Values.certs.custom.crt }}
client-key-data: {{ b64enc .Values.certs.custom.key }}
name: {{ $name }}-apiserver
contexts:
- context:
cluster: {{ $name }}-apiserver
user: {{ $name }}-apiserver
name: {{ $name }}-apiserver
current-context: {{ $name }}-apiserver
{{- end }}

71
charts/templates/karmada_scheduler.yaml Normal file
View File

@ -0,0 +1,71 @@
{{- $name := include "karmada.name" . -}}
{{- if eq .Values.installMode "host" }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ $name}}-scheduler
namespace: {{ include "karmada.namespace" . }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $name }}-scheduler
namespace: {{ include "karmada.namespace" . }}
labels:
{{- include "karmada.scheduler.labels" . | nindent 4}}
spec:
replicas: {{ .Values.scheduler.replicaCount }}
selector:
matchLabels:
{{- include "karmada.scheduler.labels" . | nindent 6}}
{{- with .Values.scheduler.strategy }}
strategy:
{{- toYaml . | nindent 8 }}
{{- end }}
template:
metadata:
{{- with .Values.scheduler.podAnnotations}}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "karmada.scheduler.labels" . | nindent 8}}
{{- include "karmada.scheduler.podLabels" . | nindent 8}}
spec:
{{- with .Values.scheduler.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.scheduler.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.scheduler.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.scheduler.tolerations}}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ $name}}-scheduler
containers:
- name: {{ $name }}-scheduler
image: {{ .Values.scheduler.image.repository}}:{{ .Values.scheduler.image.tag | default "latest" }}
imagePullPolicy: {{ .Values.scheduler.image.pullPolicy }}
command:
- /bin/karmada-scheduler
- --kubeconfig=/etc/kubeconfig
- --bind-address=0.0.0.0
- --secure-port=10351
- --feature-gates=Failover=true
volumeMounts:
{{- include "karmada.kubeconfig.volumeMount" . | nindent 12 }}
resources:
{{- toYaml .Values.scheduler.resources | nindent 12 }}
volumes:
{{- include "karmada.kubeconfig.volume" . | nindent 8}}
---
{{- end }}

97
charts/templates/karmada_scheduler_estimator.yaml Normal file
View File

@ -0,0 +1,97 @@
{{- if and (eq .Values.installMode "component") (has "schedulerEstimator" .Values.components) }}
{{ $namespace := include "karmada.namespace" .}}
{{ $clusterName := .Values.schedulerEstimator.clusterName }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: karmada-scheduler-estimator-{{ $clusterName }}
namespace: {{ $namespace }}
labels:
cluster: {{ $clusterName }}
{{- include "karmada.schedulerEstimator.labels" . | nindent 4}}
spec:
replicas: {{ .Values.schedulerEstimator.replicaCount }}
selector:
matchLabels:
app: karmada-scheduler-estimator-{{ $clusterName }}
{{- include "karmada.schedulerEstimator.labels" . | nindent 6}}
{{- with .Values.schedulerEstimator.strategy }}
strategy:
{{- toYaml . | nindent 8 }}
{{- end }}
template:
metadata:
{{- with .Values.schedulerEstimator.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
app: karmada-scheduler-estimator-{{ $clusterName }}
{{- include "karmada.schedulerEstimator.labels" . | nindent 8}}
{{- include "karmada.schedulerEstimator.podLabels" . | nindent 8}}
spec:
{{- with .Values.schedulerEstimator.tolerations}}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: karmada-scheduler-estimator
image: "{{ .Values.schedulerEstimator.image.repository }}:{{ .Values.schedulerEstimator.image.tag | default "latest" }}"
imagePullPolicy: {{ .Values.schedulerEstimator.image.pullPolicy }}
command:
- /bin/karmada-scheduler-estimator
- --kubeconfig=/etc/{{ $clusterName }}-kubeconfig
- --cluster-name={{ $clusterName }}
volumeMounts:
- name: member-kubeconfig
subPath: {{ $clusterName }}-kubeconfig
mountPath: /etc/{{ $clusterName }}-kubeconfig
volumes:
- name: member-kubeconfig
secret:
secretName: {{ $clusterName }}-kubeconfig
---
apiVersion: v1
kind: Service
metadata:
name: karmada-scheduler-estimator-{{ $clusterName }}
namespace: {{ $namespace }}
labels:
cluster: {{ $clusterName }}
spec:
selector:
app: karmada-scheduler-estimator-{{ $clusterName }}
{{- include "karmada.schedulerEstimator.labels" . | nindent 4}}
ports:
- protocol: TCP
port: 10352
targetPort: 10352
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $clusterName }}-kubeconfig
namespace: {{ $namespace }}
stringData:
{{ $clusterName }}-kubeconfig: |-
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority-data: {{ b64enc .Values.schedulerEstimator.kubeconfig.caCrt }}
insecure-skip-tls-verify: false
server: {{ .Values.schedulerEstimator.kubeconfig.server }}
name: {{ $clusterName }}-apiserver
users:
- user:
client-certificate-data: {{ b64enc .Values.schedulerEstimator.kubeconfig.crt }}
client-key-data: {{ b64enc .Values.schedulerEstimator.kubeconfig.key }}
name: {{ $clusterName }}-apiserver
contexts:
- context:
cluster: {{ $clusterName }}-apiserver
user: {{ $clusterName }}-apiserver
name: {{ $clusterName }}-apiserver
current-context: {{ $clusterName }}-apiserver
{{- end }}

95
charts/templates/karmada_webhook.yaml Normal file
View File

@ -0,0 +1,95 @@
{{- $name := include "karmada.name" . -}}
{{- if eq .Values.installMode "host" }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ $name }}-webhook
namespace: {{ include "karmada.namespace" . }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $name }}-webhook
namespace: {{ include "karmada.namespace" . }}
labels:
{{- include "karmada.webhook.labels" . | nindent 4}}
spec:
replicas: {{ .Values.webhook.replicaCount }}
selector:
matchLabels:
{{- include "karmada.webhook.labels" . | nindent 6}}
{{- with .Values.webhook.strategy }}
strategy:
{{- toYaml . | nindent 8 }}
{{- end }}
template:
metadata:
{{- with .Values.webhook.podAnnotations}}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "karmada.webhook.labels" . | nindent 8}}
{{- include "karmada.webhook.podLabels" . | nindent 8}}
spec:
{{- with .Values.webhook.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ $name }}-webhook
{{- with .Values.webhook.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.webhook.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.webhook.tolerations}}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ $name }}-webhook
image: {{ .Values.webhook.image.repository}}:{{ .Values.webhook.image.tag | default "latest" }}
imagePullPolicy: {{ .Values.webhook.image.pullPolicy }}
command:
- /bin/karmada-webhook
- --kubeconfig=/etc/kubeconfig
- --bind-address=0.0.0.0
- --secure-port=8443
- --cert-dir=/var/serving-cert
ports:
- containerPort: 8443
volumeMounts:
{{- include "karmada.kubeconfig.volumeMount" . | nindent 12 }}
- name: {{ $name }}-webhook-cert-secret
mountPath: /var/serving-cert
readOnly: true
readinessProbe:
httpGet:
path: /readyz
port: 8443
scheme: HTTPS
volumes:
{{- include "karmada.kubeconfig.volume" . | nindent 8}}
- name: {{ $name }}-webhook-cert-secret
secret:
secretName: {{ $name }}-webhook-cert
---
apiVersion: v1
kind: Service
metadata:
name: {{ $name }}-webhook
namespace: {{ include "karmada.namespace" . }}
spec:
selector:
{{- include "karmada.webhook.podLabels" . | nindent 8}}
app: {{ $name }}-webhook
ports:
- port: 443
targetPort: 8443
{{- end }}

91
charts/templates/kube_controller_manager.yaml Normal file
View File

@ -0,0 +1,91 @@
{{- $name := include "karmada.name" . -}}
{{- if eq .Values.installMode "host" }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ $name }}-kube-controller-manager
namespace: {{ include "karmada.namespace" . }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $name }}-kube-controller-manager
namespace: {{ include "karmada.namespace" . }}
labels:
{{- include "karmada.kube-cm.labels" . | nindent 4}}
spec:
replicas: {{ .Values.kubeControllerManager.replicaCount }}
selector:
matchLabels:
{{- include "karmada.kube-cm.labels" . | nindent 6}}
{{- with .Values.kubeControllerManager.strategy }}
strategy:
{{- toYaml . | nindent 8 }}
{{- end }}
template:
metadata:
{{- with .Values.kubeControllerManager.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "karmada.kube-cm.labels" . | nindent 8}}
{{- include "karmada.kube-cm.podLabels" . | nindent 8}}
spec:
{{- with .Values.kubeControllerManager.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ $name }}-kube-controller-manager
{{- with .Values.kubeControllerManager.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.kubeControllerManager.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.kubeControllerManager.tolerations}}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- command:
- kube-controller-manager
- --allocate-node-cidrs=true
- --authentication-kubeconfig=/etc/kubeconfig
- --authorization-kubeconfig=/etc/kubeconfig
- --bind-address=0.0.0.0
- --client-ca-file=/etc/karmada/pki/server-ca.crt
- --cluster-cidr=10.244.0.0/16
- --cluster-name=karmada
- --cluster-signing-cert-file=/etc/karmada/pki/karmada.crt
- --cluster-signing-key-file=/etc/karmada/pki/karmada.key
- --controllers=namespace,garbagecollector,serviceaccount-token
- --kubeconfig=/etc/kubeconfig
- --leader-elect=true
- --node-cidr-mask-size=24
- --port=0
- --root-ca-file=/etc/karmada/pki/server-ca.crt
- --service-account-private-key-file=/etc/karmada/pki/karmada.key
- --service-cluster-ip-range=10.96.0.0/12
- --use-service-account-credentials=true
- --v=5
image: {{ .Values.kubeControllerManager.image.repository}}:{{ .Values.kubeControllerManager.image.tag | default "latest" }}
imagePullPolicy: {{ .Values.kubeControllerManager.image.pullPolicy }}
name: kube-controller-manager
resources:
{{- toYaml .Values.kubeControllerManager.resources | nindent 12 }}
volumeMounts:
- mountPath: /etc/karmada/pki
name: apisever-cert
readOnly: true
{{- include "karmada.kubeconfig.volumeMount" . | nindent 12}}
priorityClassName: system-node-critical
volumes:
- name: apisever-cert
secret:
secretName: {{ $name }}-cert
{{- include "karmada.kubeconfig.volume" . | nindent 8}}
{{- end }}

48
charts/templates/post-delete-job.yaml Normal file
View File

@ -0,0 +1,48 @@
{{- if and (eq .Values.installMode "host") (eq .Values.certs.mode "auto") }}
{{- $name := include "karmada.name" . -}}
{{- $namespace := include "karmada.namespace" . -}}
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ $name }}-post-delete"
namespace: {{ $namespace }}
labels:
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
annotations:
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
"helm.sh/hook": post-delete
"helm.sh/hook-weight": "0"
"helm.sh/hook-delete-policy": hook-succeeded
spec:
parallelism: 1
completions: 1
template:
metadata:
name: {{ $name }}
labels:
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
spec:
serviceAccountName: {{ $name }}-pre-job
restartPolicy: Never
containers:
- name: post-delete
image: {{ .Values.postDeleteJob.postDeleteContainerImage }}
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- |
bash <<'EOF'
set -ex
kubectl delete -f /opt/mount/
kubectl delete cm/{{ $name }}-config -n {{ $namespace }}
EOF
volumeMounts:
- name: mount
mountPath: /opt/mount
volumes:
- name: mount
configMap:
name: {{ $name }}-config
{{- end }}

119
charts/templates/post-install-job.yaml Normal file
View File

@ -0,0 +1,119 @@
{{- $name := include "karmada.name" . -}}
{{- $namespace := include "karmada.namespace" . -}}
{{- if eq .Values.installMode "host" }}
{{- if eq .Values.certs.mode "custom" }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $name }}-static-resources
namespace: {{ $namespace }}
data:
{{- print "webhook-configuration.yaml: " | nindent 2 }} |-
{{- include "karmada.webhook.configuration" . | nindent 4 }}
{{- print "system-namespace.yaml: " | nindent 2 }} |-
{{- include "karmada.systemNamespace" . | nindent 4 }}
{{- print "cluster-proxy-admin-rbac.yaml: " | nindent 2 }} |-
{{- include "karmada.proxyRbac" . | nindent 4 }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $name }}-crds
namespace: {{ $namespace }}
data:
{{ range $path, $bytes := .Files.Glob (printf "_crds/**")}}
{{ $name := base $path }}
{{- (printf "%s: " $name) | nindent 2 }} |-
{{- $.Files.Get $path | nindent 4 }}
{{ end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $name }}-crds-bases
namespace: {{ $namespace }}
data:
{{ range $path, $bytes := .Files.Glob (printf "_crds/bases/**")}}
{{ $name := base $path }}
{{- (printf "%s: " $name) | nindent 2 }} |-
{{- $.Files.Get $path | nindent 4 }}
{{ end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $name }}-crds-patches
namespace: {{ $namespace }}
data:
{{- print "webhook_in_clusterresourcebindings.yaml: " | nindent 2 }} |-
{{- include "karmada.crd.patch.webhook.clusterresourcebinding" . | nindent 4 }}
{{- print "webhook_in_resourcebindings.yaml: " | nindent 2 }} |-
{{- include "karmada.crd.patch.webhook.resourcebinding" . | nindent 4 }}
---
{{- end }}
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ $name }}-post-install"
namespace: {{ $namespace }}
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ $name | quote }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
annotations:
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
"helm.sh/hook": post-install
"helm.sh/hook-weight": "0"
"helm.sh/hook-delete-policy": hook-succeeded
spec:
parallelism: 1
completions: 1
template:
metadata:
name: {{ $name }}
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ $name | quote }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
spec:
restartPolicy: Never
containers:
- name: post-install
image: {{ .Values.postInstallJob.postInstallContainerImage }}
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- |
bash <<'EOF'
set -ex
kubectl kustomize /crds | kubectl apply --kubeconfig /etc/kubeconfig -f -
kubectl apply -f /static-resources --kubeconfig /etc/kubeconfig
EOF
volumeMounts:
- name: {{ $name }}-crds-bases
mountPath: /crds/bases
- name: {{ $name }}-crds-patches
mountPath: /crds/patches
- name: {{ $name }}-crds
mountPath: /crds
- name: {{ $name }}-static-resources
mountPath: /static-resources
{{ include "karmada.kubeconfig.volumeMount" . | nindent 10 }}
volumes:
- name: {{ $name }}-crds-bases
configMap:
name: {{ $name }}-crds-bases
- name: {{ $name }}-crds-patches
configMap:
name: {{ $name }}-crds-patches
- name: {{ $name }}-crds
configMap:
name: {{ $name }}-crds
- name: {{ $name }}-static-resources
configMap:
name: {{ $name }}-static-resources
{{ include "karmada.kubeconfig.volume" . | nindent 8 }}
{{- end }}

258
charts/templates/pre-install-job.yaml Normal file
View File

@ -0,0 +1,258 @@
{{- if and (eq .Values.installMode "host") (eq .Values.certs.mode "auto") }}
{{- $name := include "karmada.name" . -}}
{{- $namespace := include "karmada.namespace" . -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $name }}-config
namespace: {{ $namespace }}
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "2"
data:
cert.yaml: |-
apiVersion: v1
kind: Secret
metadata:
name: {{ $name }}-cert
namespace: {{ $namespace }}
type: Opaque
data:
server-ca.crt: |-
{{ print "{{ ca_crt }}" }}
karmada.crt: |-
{{ print "{{ crt }}" }}
karmada.key: |-
{{ print "{{ key }}" }}
front-proxy-ca.crt: |-
{{ print "{{ front_proxy_ca_crt }}" }}
front-proxy-client.crt: |-
{{ print "{{ front_proxy_crt }}" }}
front-proxy-client.key: |-
{{ print "{{ front_proxy_key }}" }}
webhook-cert.yaml: |-
apiVersion: v1
kind: Secret
metadata:
name: {{ $name }}-webhook-cert
namespace: {{ $namespace }}
type: kubernetes.io/tls
data:
tls.crt: |-
{{ print "{{ crt }}" }}
tls.key: |-
{{ print "{{ key }}" }}
kubeconfig.yaml: |-
apiVersion: v1
kind: Secret
metadata:
name: {{ $name }}-kubeconfig
namespace: {{ $namespace }}
stringData:
kubeconfig: |-
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority-data: {{ print "{{ ca_crt }}" }}
insecure-skip-tls-verify: false
server: https://{{ $name }}-apiserver.{{ $namespace }}.svc.{{ .Values.clusterDomain }}:5443
name: {{ $name }}-apiserver
users:
- user:
client-certificate-data: {{ print "{{ crt }}" }}
client-key-data: {{ print "{{ key }}" }}
name: {{ $name }}-apiserver
contexts:
- context:
cluster: {{ $name }}-apiserver
user: {{ $name }}-apiserver
name: {{ $name }}-apiserver
current-context: {{ $name }}-apiserver
static-resources-configmaps.yaml: |-
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $name }}-static-resources
namespace: {{ $namespace }}
data:
{{- print "webhook-configuration.yaml: " | nindent 6 }} |-
{{- include "karmada.webhook.configuration" . | nindent 8 }}
{{- print "system-namespace.yaml: " | nindent 6 }} |-
{{- include "karmada.systemNamespace" . | nindent 8 }}
{{- print "karmada-aggregated-apiserver-apiservice.yaml: " | nindent 6 }} |-
{{- include "karmada.apiservice" . | nindent 8 }}
{{- print "cluster-proxy-admin-rbac.yaml: " | nindent 6 }} |-
{{- include "karmada.proxyRbac" . | nindent 8 }}
crds-configmaps.yaml: |-
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $name }}-crds
namespace: {{ $namespace }}
data:
{{ range $path, $bytes := .Files.Glob (printf "_crds/**")}}
{{ $name := base $path }}
{{- (printf "%s: " $name) | nindent 6 }} |-
{{- $.Files.Get $path | nindent 8 }}
{{ end }}
crds-bases-configmaps.yaml: |-
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $name }}-crds-bases
namespace: {{ $namespace }}
data:
{{ range $path, $bytes := .Files.Glob (printf "_crds/bases/**")}}
{{ $name := base $path }}
{{- (printf "%s: " $name) | nindent 6 }} |-
{{- $.Files.Get $path | nindent 8 }}
{{ end }}
crds-patches-configmaps.yaml: |-
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $name }}-crds-patches
namespace: {{ $namespace }}
data:
{{- print "webhook_in_clusterresourcebindings.yaml: " | nindent 6 }} |-
{{- include "karmada.crd.patch.webhook.clusterresourcebinding" . | nindent 8 }}
{{- print "webhook_in_resourcebindings.yaml: " | nindent 6 }} |-
{{- include "karmada.crd.patch.webhook.resourcebinding" . | nindent 8 }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ $name }}-pre-install"
namespace: {{ $namespace }}
annotations:
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "3"
"helm.sh/hook-delete-policy": hook-succeeded
spec:
parallelism: 1
completions: 1
template:
metadata:
name: {{ $name }}
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ $name | quote }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
spec:
serviceAccountName: {{ $name }}-pre-job
restartPolicy: Never
initContainers:
- name: init
image: {{ .Values.preInstallJob.initContainerImage }}
imagePullPolicy: IfNotPresent
workingDir: /opt/mount
command:
- /bin/sh
- -c
- |
bash <<'EOF'
set -ex
mkdir -p /opt/configs
mkdir -p /opt/certs
cp -r -L /opt/mount/* /opt/configs/
openssl req -x509 -sha256 -new -nodes -days 365 -newkey rsa:2048 -keyout "/opt/certs/server-ca.key" -out "/opt/certs/server-ca.crt" -subj "/C=xx/ST=x/L=x/O=x/OU=x/CN=ca/emailAddress=x/"
openssl req -x509 -sha256 -new -nodes -days 365 -newkey rsa:2048 -keyout "/opt/certs/front-proxy-ca.key" -out "/opt/certs/front-proxy-ca.crt" -subj "/C=xx/ST=x/L=x/O=x/OU=x/CN=ca/emailAddress=x/"
echo '{"signing":{"default":{"expiry":{{ printf `"%s"` .Values.certs.auto.expiry }},"usages":["signing","key encipherment","client auth","server auth"]}}}' > "/opt/certs/server-ca-config.json"
echo '{"CN":"system:admin","hosts":{{ tpl (toJson .Values.certs.auto.hosts) . }},"names":[{"O":"system:masters"}],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -ca=/opt/certs/server-ca.crt -ca-key=/opt/certs/server-ca.key -config=/opt/certs/server-ca-config.json - | cfssljson -bare /opt/certs/karmada
echo '{"signing":{"default":{"expiry":{{ printf `"%s"` .Values.certs.auto.expiry }},"usages":["signing","key encipherment","client auth","server auth"]}}}' > "/opt/certs/front-proxy-ca-config.json"
echo '{"CN":"front-proxy-client","hosts":{{ tpl (toJson .Values.certs.auto.hosts) . }},"names":[{"O":"system:masters"}],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -ca=/opt/certs/front-proxy-ca.crt -ca-key=/opt/certs/front-proxy-ca.key -config=/opt/certs/front-proxy-ca-config.json - | cfssljson -bare /opt/certs/front-proxy-client
karmada_ca=$(base64 /opt/certs/server-ca.crt | tr -d '\r\n')
karmada_crt=$(base64 /opt/certs/karmada.pem | tr -d '\r\n')
karmada_key=$(base64 /opt/certs/karmada-key.pem | tr -d '\r\n')
front_proxy_ca=$(base64 /opt/certs/front-proxy-ca.crt | tr -d '\r\n')
front_proxy_client_crt=$(base64 /opt/certs/front-proxy-client.pem | tr -d '\r\n')
front_proxy_client_key=$(base64 /opt/certs/front-proxy-client-key.pem | tr -d '\r\n')
sed -i'' -e "s/{{ print "{{ ca_crt }}" }}/${karmada_ca}/g" /opt/configs/cert.yaml
sed -i'' -e "s/{{ print "{{ crt }}" }}/${karmada_crt}/g" /opt/configs/cert.yaml
sed -i'' -e "s/{{ print "{{ key }}" }}/${karmada_key}/g" /opt/configs/cert.yaml
sed -i'' -e "s/{{ print "{{ front_proxy_ca_crt }}" }}/${front_proxy_ca}/g" /opt/configs/cert.yaml
sed -i'' -e "s/{{ print "{{ front_proxy_crt }}" }}/${front_proxy_client_crt}/g" /opt/configs/cert.yaml
sed -i'' -e "s/{{ print "{{ front_proxy_key }}" }}/${front_proxy_client_key}/g" /opt/configs/cert.yaml
sed -i'' -e "s/{{ print "{{ ca_crt }}" }}/${karmada_ca}/g" /opt/configs/kubeconfig.yaml
sed -i'' -e "s/{{ print "{{ crt }}" }}/${karmada_crt}/g" /opt/configs/kubeconfig.yaml
sed -i'' -e "s/{{ print "{{ key }}" }}/${karmada_key}/g" /opt/configs/kubeconfig.yaml
sed -i'' -e "s/{{ print "{{ crt }}" }}/${karmada_crt}/g" /opt/configs/webhook-cert.yaml
sed -i'' -e "s/{{ print "{{ key }}" }}/${karmada_key}/g" /opt/configs/webhook-cert.yaml
sed -i'' -e "s/{{ print "{{ ca_crt }}" }}/${karmada_ca}/g" /opt/configs/static-resources-configmaps.yaml
sed -i'' -e "s/{{ print "{{ ca_crt }}" }}/${karmada_ca}/g" /opt/configs/crds-patches-configmaps.yaml
EOF
volumeMounts:
- name: mount
mountPath: /opt/mount
- name: configs
mountPath: /opt/configs
containers:
- name: pre-install
image: {{ .Values.preInstallJob.preInstallContainerImage }}
imagePullPolicy: IfNotPresent
workingDir: /opt/mount
command:
- /bin/sh
- -c
- |
bash <<'EOF'
set -ex
kubectl apply --server-side -f /opt/configs/
EOF
volumeMounts:
- name: mount
mountPath: /opt/mount
- name: configs
mountPath: /opt/configs
volumes:
- name: mount
configMap:
name: {{ $name }}-config
- name: configs
emptyDir: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ $name }}-pre-job
namespace: {{ $namespace }}
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "1"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ $name }}-pre-job
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "1"
rules:
- apiGroups: ['*']
resources: ['*']
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
- nonResourceURLs: ['*']
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ $name }}-pre-job
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "1"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ $name }}-pre-job
subjects:
- kind: ServiceAccount
name: {{ $name }}-pre-job
namespace: {{ $namespace }}
---
{{- end }}

607
charts/values.yaml Normal file
View File

@ -0,0 +1,607 @@
## Default values for charts.
## This is a YAML-formatted file.
## Declare variables to be passed into your templates.
## @param installMode "host" and "agent" are provided
## "host" means install karmada in the control-cluster
## "agent" means install agent client in the member cluster
## "component" means install selected components in the control-cluster
installMode: "host"
## @param clusterDomain default domain for karmada
clusterDomain: "cluster.local"
## @param components component list
components: []
# components: [
# "schedulerEstimator"
# "descheduler"
# ]
## pre-install job config
preInstallJob:
## @param preInstallJob.initContainerImage image of the pre-install job's initContainer
initContainerImage: cfssl/cfssl
## @param preInstallJob.preInstallContainerImage image of the pre-install job
preInstallContainerImage: bitnami/kubectl:latest
## post-install job config
postInstallJob:
## @param postInstallJob.postInstallContainerImage image of the post-install job
postInstallContainerImage: bitnami/kubectl:latest
## post-delete job config
postDeleteJob:
## @param postDeleteJob.postDeleteContainerImage image of the post-delete job
postDeleteContainerImage: bitnami/kubectl:latest
## karmada certificate config
certs:
## @param certs.mode "auto" and "custom" are provided
## "auto" means auto generate certificate
## "custom" means use user certificate
mode: auto
auto:
## @param certs.auto.expiry expiry of the certificate
expiry: 43800h
## @param certs.auto.hosts hosts of the certificate
hosts: [
"kubernetes.default.svc",
"*.etcd.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}",
"*.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}",
"*.{{ .Release.Namespace }}.svc",
"localhost",
"127.0.0.1"
]
custom:
## @param certs.custom.caCrt ca of the certificate
caCrt: |
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
## @param certs.custom.crt crt of the certificate
crt: |
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
## @param certs.custom.key key of the certificate
key: |
-----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----
## @param certs.custom.frontProxyCaCrt ca of the front proxy certificate
frontProxyCaCrt: |
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
## @param certs.custom.frontProxyCrt crt of the front proxy certificate
frontProxyCrt: |
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
## @param certs.custom.frontProxyKey key of the front proxy certificate
frontProxyKey: |
-----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----
## scheduler config
scheduler:
## @param scheduler.labels
labels:
app: karmada-scheduler
## @param scheduler.replicaCount target replicas
replicaCount: 1
## @param scheduler.podAnnotations
podAnnotations: { }
## @param scheduler.podLabels
podLabels: { }
## @param scheduler.imagePullSecrets
imagePullSecrets: [ ]
image:
## @param scheduler.image.repository image of the scheduler
repository: swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-scheduler
## @param scheduler.image.pullPolicy pull policy of image
pullPolicy: IfNotPresent
## @param scheduler.image.tag overrides the image tag whose default is the latest
tag: latest
## @param scheduler.resources
resources: { }
# If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## @param scheduler.nodeSelector
nodeSelector: { }
## @param scheduler.affinity
affinity: { }
## @param scheduler.tolerations
tolerations: [ ]
# - key: node-role.kubernetes.io/master
# operator: Exists
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 50%
## webhook config
webhook:
## @param webhook.labels
labels:
app: karmada-webhook
## @param webhook.replicaCount target replicas
replicaCount: 1
## @param webhook.podAnnotations
podAnnotations: { }
## @param webhook.podLabels
podLabels: { }
## @param webhook.imagePullSecrets
imagePullSecrets: [ ]
image:
## @param webhook.image.repository image of the webhook
repository: swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-webhook
## @param webhook.image.pullPolicy pull policy of image
pullPolicy: IfNotPresent
## @param webhook.image.tag overrides the image tag whose default is the latest
tag: latest
## @param webhook.resources
resources: { }
# If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## @param webhook.nodeSelector
nodeSelector: { }
## @param webhook.affinity
affinity: { }
## @param webhook.tolerations
tolerations: [ ]
# - key: node-role.kubernetes.io/master
# operator: Exists
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 50%
## controller manager config
controllerManager:
## @param controllerManager.labels
labels:
app: karmada-controller-manager
## @param controllerManager.replicaCount target replicas
replicaCount: 1
## @param controllerManager.podAnnotations
podAnnotations: { }
## @param controllerManager.podLabels
podLabels: { }
## @param controllerManager.imagePullSecrets
imagePullSecrets: [ ]
image:
## @param controllerManager.image.repository image of the controller manager
repository: swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-controller-manager
## @param controllerManager.image.pullPolicy pull policy of image
pullPolicy: IfNotPresent
## @param controllerManager.image.tag overrides the image tag whose default is the latest
tag: latest
## @param controllerManager.resources
resources: { }
# If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## @param controllerManager.nodeSelector
nodeSelector: { }
## @param controllerManager.affinity
affinity: { }
## @param controllerManager.tolerations
tolerations: [ ]
# - key: node-role.kubernetes.io/master
# operator: Exists
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 50%
## karmada apiserver config
apiServer:
## @param apiServer.labels
labels:
app: karmada-apiserver
## @param apiServer.replicaCount target replicas
replicaCount: 1
## @param apiServer.podAnnotations
podAnnotations: { }
## @param apiServer.podLabels
podLabels: { }
## @param apiServer.imagePullSecrets
imagePullSecrets: []
image:
## @param apiServer.image.repository image of the apiserver
repository: k8s.gcr.io/kube-apiserver
## @param apiServer.image.pullPolicy pull policy of image
pullPolicy: IfNotPresent
## @param apiServer.image.tag overrides the image tag whose default is the latest
tag: "v1.21.7"
## @param apiServer.resources
resources: { }
# If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## @param apiServer.hostNetwork
## "true" means using hostNetwork
## "false" means normal network
hostNetwork: true
## @param apiServer.nodeSelector
nodeSelector: { }
## @param apiServer.affinity
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- karmada-apiserver
topologyKey: kubernetes.io/hostname
## @param apiServer.tolerations
tolerations: [ ]
# - key: node-role.kubernetes.io/master
# operator: Exists
## @param apiServer.serviceType default service type for apiserver
## "LoadBalancer" means using LoadBalancer
## "ClusterIP" means using ClusterIP
## "NodePort" means using NodePort
serviceType: ClusterIP
## @param apiServer.nodePort node port for apiserver service,
## will take effect when 'apiServer.serviceType' is 'NodePort'.
## If no port is specified, the nodePort will be automatically assigned.
nodePort: 0
maxRequestsInflight: 1500
maxMutatingRequestsInflight: 500
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
## karmada aggregated apiserver config
aggregatedApiServer:
## @param aggregatedApiServer.labels
labels:
app: karmada-aggregated-apiserver
## @param aggregatedApiServer.replicaCount target replicas
replicaCount: 1
## @param aggregatedApiServer.podAnnotations
podAnnotations: { }
## @param aggregatedApiServer.podLabels
podLabels: { }
## @param aggregatedApiServer.imagePullSecrets
imagePullSecrets: []
image:
## @param aggregatedApiServer.image.repository image of the apiserver
repository: swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-aggregated-apiserver
## @param aggregatedApiServer.image.pullPolicy pull policy of image
pullPolicy: IfNotPresent
## @param aggregatedApiServer.image.tag overrides the image tag whose default is the latest
tag: latest
## @param aggregatedApiServer.resources
resources:
requests:
cpu: 100m
# If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## @param aggregatedApiServer.nodeSelector
nodeSelector: { }
## @param aggregatedApiServer.affinity
affinity: { }
## @param aggregatedApiServer.tolerations
tolerations: [ ]
# - key: node-role.kubernetes.io/master
# operator: Exists
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 50%
## kubernetes controller manager config
kubeControllerManager:
## @param kubeControllerManager.labels
labels:
app: kube-controller-manager
## @param kubeControllerManager.replicaCount target replicas
replicaCount: 1
## @param kubeControllerManager.podAnnotations
podAnnotations: {}
## @param kubeControllerManager.podLabels
podLabels: {}
## @param kubeControllerManager.imagePullSecrets
imagePullSecrets: []
image:
## @param kubeControllerManager.image.repository image of the kube controller manager
repository: k8s.gcr.io/kube-controller-manager
## @param kubeControllerManager.image.pullPolicy pull policy of image
pullPolicy: IfNotPresent
## @param kubeControllerManager.image.tag overrides the image tag whose default is the latest
tag: "v1.21.7"
## @param kubeControllerManager.resources
resources:
# If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## @param kubeControllerManager.nodeSelector
nodeSelector: {}
## @param kubeControllerManager.affinity
affinity: {}
## @param kubeControllerManager.tolerations
tolerations: [ ]
# - key: node-role.kubernetes.io/master
# operator: Exists
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 50%
## etcd config
etcd:
## @param etcd.mode "external" and "internal" are provided
## "external" means use external ectd
## "internal" means install a etcd in the cluster
mode: "internal"
external:
## @param etcd.external.servers servers of etcd
## such as "https://192.168.1.1:2379,https://192.168.1.2:2379,https://192.168.1.3:2379"
servers: ""
## @param etcd.external.registryPrefix use to registry prefix of etcd
registryPrefix: "/registry/karmada"
certs:
## @param etcd.external.certs.caCrt ca of the certificate
caCrt: |
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
## @param etcd.external.certs.crt crt of the certificate
crt: |
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
## @param etcd.external.certs.key key of the certificate
key: |
-----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----
internal:
## @param etcd.internal.replicaCount target replicas
replicaCount: 1
image:
## @param etcd.internal.image.repository image of the etcd
repository: k8s.gcr.io/etcd
## @param etcd.internal.image.pullPolicy pull policy of image
pullPolicy: IfNotPresent
## @param etcd.internal.image.tag overrides the image tag whose default is the latest
tag: "3.4.13-0"
## @param etcd.internal.storageType storage type for etcd data
## "pvc" means using volumeClaimTemplates
## "hostPath" means using hostPath
storageType: "hostPath"
pvc:
## @param etcd.internal.pvc.storageClass storageClass name of PVC
storageClass: ""
## @param etcd.internal.pvc.size size of PVC
size: ""
## @param etcd.internal.resources
resources: { }
# If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## agent client config
agent:
## @param agent.clusterName name of the member cluster
clusterName: ""
## kubeconfig of the karmada
kubeconfig:
## @param agent.kubeconfig.caCrt ca of the certificate
caCrt: |
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
## @param agent.kubeconfig.crt crt of the certificate
crt: |
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
## @param agent.kubeconfig.key key of the certificate
key: |
-----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----
## @param agent.kubeconfig.server apiserver of the karmada
server: ""
## @param agent.labels
labels:
app: karmada-agent
## @param agent.replicaCount target replicas
replicaCount: 1
## @param agent.podAnnotations
podAnnotations: { }
## @param agent.podLabels
podLabels: { }
## @param agent.imagePullSecrets
imagePullSecrets: [ ]
image:
## @param agent.image.repository image of the agent
repository: swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-agent
## @param agent.image.pullPolicy pull policy of image
pullPolicy: IfNotPresent
## @param agent.image.tag overrides the image tag whose default is the latest
tag: latest
## @param agent.resources
resources: { }
# If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## @param agent.nodeSelector
nodeSelector: { }
## @param agent.affinity
affinity: { }
## @param agent.tolerations
tolerations: { }
# - key: node-role.kubernetes.io/master
# operator: Exists
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 50%
## karmada scheduler estimator
schedulerEstimator:
## schedulerEstimator.clusterName the name of the member cluster
clusterName: ""
## kubeconfig of the member cluster
kubeconfig:
## @param schedulerEstimator.kubeconfig.caCrt ca of the certificate
caCrt: |
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
## @param schedulerEstimator.kubeconfig.crt crt of the certificate
crt: |
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
## @param schedulerEstimator.kubeconfig.key key of the certificate
key: |
-----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----
## @param schedulerEstimator.kubeconfig.server apiserver of the member cluster
server: ""
## @param schedulerEstimator.labels
labels: {}
## @param schedulerEstimator.replicaCount target replicas
replicaCount: 1
## @param schedulerEstimator.podAnnotations
podAnnotations: { }
## @param schedulerEstimator.podLabels
podLabels: { }
## @param schedulerEstimator.imagePullSecrets
imagePullSecrets: [ ]
image:
## @param schedulerEstimator.image.repository image of the apiserver
repository: swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-scheduler-estimator
## @param schedulerEstimator.image.pullPolicy pull policy of image
pullPolicy: IfNotPresent
## @param schedulerEstimator.image.tag overrides the image tag whose default is the latest
tag: "latest"
## @param schedulerEstimator.resources
resources: { }
# If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## @param schedulerEstimator.nodeSelector
nodeSelector: { }
## @param schedulerEstimator.affinity
affinity: { }
## @param schedulerEstimator.tolerations
tolerations: [ ]
# - key: node-role.kubernetes.io/master
# operator: Exists
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 50%
## descheduler config
descheduler:
## @param descheduler.labels
labels:
app: karmada-descheduler
## @param descheduler.replicaCount target replicas
replicaCount: 2
## @param descheduler.podAnnotations
podAnnotations: { }
## @param descheduler.podLabels
podLabels: { }
## @param descheduler.imagePullSecrets
imagePullSecrets: [ ]
image:
## @param descheduler.image.repository image of the descheduler
repository: swr.ap-southeast-1.myhuaweicloud.com/karmada/karmada-descheduler
## @param descheduler.image.pullPolicy pull policy of image
pullPolicy: IfNotPresent
## @param descheduler.image.tag overrides the image tag whose default is the latest
tag: latest
## @param descheduler.resources
resources: { }
# If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## @param descheduler.nodeSelector
nodeSelector: { }
## @param descheduler.affinity
affinity: { }
## @param descheduler.tolerations
tolerations: [ ]
# - key: node-role.kubernetes.io/master
# operator: Exists
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 50%

7
cluster/images/Dockerfile Normal file
View File

@ -0,0 +1,7 @@
FROM alpine:3.15.1
ARG BINARY
RUN apk add --no-cache ca-certificates
COPY ${BINARY} /bin/${BINARY}

Some files were not shown because too many files have changed in this diff Show More