├── .ansible-lint ├── .editorconfig ├── .editorconfig-checker.json ├── .github ├── .wordlist.txt ├── ISSUE_TEMPLATE │ └── bug-report.md ├── PULL_REQUEST_TEMPLATE.md ├── actions │ ├── molecule-test │ │ └── action.yml │ ├── vagrant-setup │ │ └── action.yml │ └── vagrant-up │ │ └── action.yml ├── labeler.yml └── workflows │ ├── README.md │ ├── diagram.yml │ ├── distros.yml │ ├── linter.yml │ ├── on-demand_ci.yml │ ├── on-demand_corner.yml │ ├── on-demand_molecule.yml │ ├── on-demand_multus.yml │ ├── on-demand_virtlet.yml │ ├── rebase.yml │ ├── scheduled_ci.yml │ ├── scheduled_distros.yml │ ├── spell.yml │ ├── triage.yml │ └── update.yml ├── .gitignore ├── .mypy.ini ├── .python-lint ├── .rstcheck.cfg ├── .rubocop.yml ├── .shellspec ├── .spellcheck.yml ├── .tektonlintrc.yaml ├── .yaml-lint.yml ├── .yamlfmt ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README.md ├── Vagrantfile ├── _chart_installers.sh ├── _commons.sh ├── _functions.sh ├── _installers.sh ├── _uninstallers.sh ├── _untested_installers.sh ├── actionlint.yml ├── aio.sh ├── bindep.txt ├── build └── ci │ ├── linter-task.yml │ └── run_task.sh ├── ci ├── _common.sh ├── bootstrap.sh ├── check.sh ├── pinned_vagrant_boxes.txt ├── provision_installer.sh ├── update_distros.sh └── update_versions.sh ├── codebase-structure.svg ├── config ├── default.yml └── samples │ ├── pdf.yml.distros │ ├── pdf.yml.intel_dpdk │ ├── pdf.yml.intel_kernel │ ├── pdf.yml.localai │ ├── pdf.yml.mini │ └── pdf.yml.storage ├── defaults.env ├── diagram.py ├── distros_supported.yml ├── docs └── src │ ├── architecture.rst │ ├── bare_metal_provisioning.rst │ ├── benchmark_ingress.rst │ ├── benchmark_network.rst │ ├── conf.py │ ├── img │ ├── cilium_vxlan.png │ ├── criproxy.png │ ├── default_pdf.png │ ├── flannel_host-gw.png │ ├── flannel_vxlan.png │ ├── installer_workflow.png │ ├── provisioning.png │ ├── sample_tox_diagram.png │ └── virtlet.png │ ├── index.rst │ ├── tuning_calico.rst │ ├── tuning_cilium.rst │ ├── tuning_flannel.rst │ └── tuning_kube-proxy.rst ├── galaxy-requirements.yml ├── helm ├── arc │ └── ubuntu-jammy-values.yml ├── falco │ └── custom-rules.yml ├── kagent │ └── without-agents.yml ├── kube-ovn │ └── grafana.yml └── local-ai │ └── values.yaml ├── insecure_keys └── .keep ├── inventory └── .keep ├── k8s-cluster.tpl ├── krd_command.sh ├── kubespray_images.tpl ├── mlc_config.json ├── node.sh ├── playbooks ├── configure-addons.yml ├── configure-criu.yml ├── configure-virtlet.yml ├── krd-vars.yml └── roles │ ├── criproxy │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── dockershim.service │ ├── handlers │ │ └── main.yml │ ├── molecule │ │ └── default │ │ │ ├── INSTALL.rst │ │ │ ├── converge.yml │ │ │ ├── molecule.yml │ │ │ └── tests │ │ │ └── test_default.py │ ├── tasks │ │ └── main.yml │ └── templates │ │ └── criproxy.service.j2 │ ├── criu │ ├── molecule │ │ └── default │ │ │ ├── INSTALL.rst │ │ │ ├── converge.yml │ │ │ ├── molecule.yml │ │ │ ├── prepare.yml │ │ │ └── tests │ │ │ └── test_default.py │ └── tasks │ │ └── main.yml │ ├── nfd │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── molecule │ │ └── default │ │ │ ├── INSTALL.rst │ │ │ ├── converge.yml │ │ │ ├── molecule.yml │ │ │ └── tests │ │ │ └── test_default.py │ ├── tasks │ │ └── main.yml │ └── templates │ │ ├── nfd-master.yaml.j2 │ │ └── nfd-worker-daemonset.yaml.j2 │ ├── pmem │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ ├── pmem-storageclass-ext4.yaml │ │ ├── pmem-storageclass-xfs.yaml │ │ ├── setup-ca │ │ ├── setup-ca-kubernetes │ │ └── test-config │ ├── molecule │ │ └── default │ │ │ ├── INSTALL.rst │ │ │ ├── converge.yml │ │ │ ├── molecule.yml │ │ │ ├── prepare.yml │ │ │ └── tests │ │ │ └── test_default.py │ ├── tasks │ │ ├── bootstrap.yml │ │ └── main.yml │ └── templates │ │ └── pmem-csi-lvm.yaml.j2 │ ├── qat_driver │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── qat_service.service │ ├── handlers │ │ └── main.yml │ ├── molecule │ │ └── default │ │ │ ├── INSTALL.rst │ │ │ ├── converge.yml │ │ │ ├── molecule.yml │ │ │ └── tests │ │ │ └── test_default.py │ ├── tasks │ │ ├── bootstrap.yml │ │ ├── build.yml │ │ ├── cleanup.yml │ │ └── main.yml │ └── vars │ │ ├── ClearLinux.yml │ │ ├── Debian.yml │ │ └── Suse.yml │ ├── qat_plugin │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── configmap.yaml │ ├── tasks │ │ ├── cleanup.yml │ │ └── main.yml │ └── templates │ │ ├── plugin.yaml.j2 │ │ └── plugin_kernel_mode.yaml.j2 │ ├── sriov_cni │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── net-attach-def.yml │ ├── molecule │ │ └── default │ │ │ ├── INSTALL.rst │ │ │ ├── converge.yml │ │ │ ├── molecule.yml │ │ │ └── tests │ │ │ └── test_default.py │ ├── tasks │ │ └── main.yml │ └── templates │ │ ├── sriov-cni.yaml.j2 │ │ └── sriov-network.yaml.j2 │ ├── sriov_plugin │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── molecule │ │ └── default │ │ │ ├── INSTALL.rst │ │ │ ├── converge.yml │ │ │ ├── molecule.yml │ │ │ └── tests │ │ │ └── test_default.py │ ├── tasks │ │ └── main.yml │ └── templates │ │ ├── configMap.yaml.j2 │ │ └── sriovdp-daemonset.yaml.j2 │ └── virtlet │ ├── README.md │ ├── defaults │ └── main.yml │ ├── tasks │ └── main.yml │ └── templates │ └── images.yaml.j2 ├── pyproject.toml ├── resources ├── arc-cleanup.yml ├── argocd │ ├── haproxy.yml │ ├── k8sgpt-operator.yml │ ├── kube-monkey.yml │ └── local-ai.yml ├── checkov-job.yaml ├── cockpit.yml ├── dashboard-ingress.yml ├── demo_app.yml ├── ingress-class.yml ├── ingress-class_v1beta1.yml ├── iperf.yml ├── k6.yml ├── k8sgpt-localai.yml ├── k8sgpt-openai.yml ├── k8sgpt-openai_incluster.yml ├── kagent-ollama-agents.yml ├── kagent-openai-models.yml ├── kagent-openai-models_incluster.yml ├── kagent │ └── ingress.yml ├── kubevirt-runner │ ├── rbac.yml │ └── vm.yml ├── litellm.yml ├── storageclass.yml ├── ubuntu-runner-pipeline.yml └── ubuntu-runner-pipelineruns.yml ├── rundeck ├── Deploy_Kubernetes.yaml └── krd.properties ├── spec ├── commons_spec.sh └── spec_helper.sh ├── test-requirements.in ├── test-requirements.txt ├── tests ├── _assertions.sh ├── _common.sh ├── _functions.sh ├── _utils.sh ├── check.sh ├── cnpg.sh ├── configure-envoy.yml ├── criu.sh ├── falco.sh ├── gatekeeper.sh ├── haproxy.sh ├── init.py ├── istio.sh ├── k8sgpt.sh ├── knative.sh ├── kong.sh ├── kubevirt.sh ├── kubewarden.sh ├── kyverno.sh ├── longhorn.sh ├── metallb.sh ├── multus.sh ├── nfd.sh ├── qat.sh ├── resources │ ├── basic-db.yaml │ ├── broken-pod.yaml │ ├── gatekeeper │ │ ├── lb-constraint.yml │ │ └── template.yml │ ├── kubevirt │ │ └── testvm.yml │ ├── kubewarden │ │ └── privileged-pod.yaml │ ├── longhorn │ │ └── test.yaml │ ├── rook │ │ ├── cluster-test.yaml │ │ └── replicapool.yaml │ ├── runtimeclasses │ │ ├── crun.yml │ │ ├── gvisor.yml │ │ ├── kata-qemu.yml │ │ └── youki.yml │ ├── topolvm │ │ └── test.yaml │ └── virtink │ │ └── vm.yml ├── rook.sh ├── runtimeclasses.sh ├── topolvm.sh ├── virtink.sh └── virtlet.sh └── tox.ini /.ansible-lint: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2020 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | warn_list: 12 | - yaml 13 | skip_list: 14 | - experimental 15 | exclude_paths: 16 | - .tox/ 17 | - .github 18 | - build/ci 19 | - config 20 | - distros_supported.yml 21 | - galaxy-requirements.yml 22 | - .travis.yml 23 | - tests 24 | - playbooks/krd-vars.yml 25 | - resources/ 26 | - helm/ 27 | mock_roles: 28 | - andrewrothstein.gcc-toolbox 29 | - geerlingguy.docker 30 | - andrewrothstein.kind 31 | - andrewrothstein.kubectl 32 | - geerlingguy.repo-epel 33 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*.sh] 4 | indent_style = space 5 | indent_size = 4 6 | 7 | [playbooks/roles/pmem/files/**] 8 | ignore = true 9 | 10 | [spec/**] 11 | ignore = true 12 | 13 | [.tox/**] 14 | ignore = true 15 | -------------------------------------------------------------------------------- /.editorconfig-checker.json: -------------------------------------------------------------------------------- 1 | { 2 | "Verbose": false, 3 | "Debug": false, 4 | "IgnoreDefaults": false, 5 | "SpacesAfterTabs": false, 6 | "NoColor": false, 7 | "Exclude": [], 8 | "AllowedContentTypes": [], 9 | "PassedFiles": [], 10 | "Disable": { 11 | "EndOfLine": false, 12 | "Indentation": false, 13 | "IndentSize": false, 14 | "InsertFinalNewline": false, 15 | "TrimTrailingWhitespace": false, 16 | "MaxLineLength": false 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /.github/.wordlist.txt: -------------------------------------------------------------------------------- 1 | ADDONS 2 | aio 3 | Allocatable 4 | ANSIBLE 5 | ArgoCD 6 | Autoscaler 7 | BACKEND 8 | balancer 9 | blockquote 10 | BPF 11 | Bugfixes 12 | CloudNativePG 13 | CNI 14 | COCOMO 15 | codebase 16 | config 17 | CONTAINERD 18 | contiv 19 | CRI 20 | criproxy 21 | CrossSubnet 22 | CRUN 23 | CSI 24 | datasets 25 | DEVOPS 26 | Distros 27 | DNS 28 | DNSCache 29 | dpdk 30 | eBPF 31 | Falco 32 | filesystem 33 | FPGAs 34 | fsSL 35 | geneve 36 | GitOps 37 | GPUs 38 | Grafana 39 | GVISOR 40 | gw 41 | HAProxy 42 | href 43 | HUGEPAGES 44 | HugeTLB 45 | img 46 | IOV 47 | IPIP 48 | iptables 49 | IPVS 50 | ISTIO 51 | KATA 52 | Kiali 53 | Knative 54 | KRD 55 | KUBE 56 | KUBELET 57 | KUBERNETES 58 | KUBESPHERE 59 | KUBESPRAY 60 | Kubespray's 61 | Kubevirt 62 | Kubewarden 63 | KVM 64 | Kyverno 65 | libndctl 66 | Libvirt 67 | Lifecycle 68 | Linter 69 | LiteLLM 70 | LLM 71 | LLMs 72 | LocalAI 73 | LOCALHOST 74 | LOGFILES 75 | METALLB 76 | MULTUS 77 | NDOTS 78 | Nephio 79 | NFD 80 | NFs 81 | NGINX 82 | NodeLocal 83 | NODELOCALDNS 84 | ol 85 | OPA 86 | openSUSE 87 | PCI 88 | PMEM 89 | png 90 | pre 91 | PROVISIONER 92 | PRs 93 | QAT 94 | QCOW 95 | qemu 96 | QuickAssist 97 | README 98 | rebase 99 | REPO 100 | RESOLVCONF 101 | Runtime 102 | runtimes 103 | Scc 104 | serverless 105 | SERVICEMESH 106 | SGPT 107 | SIG 108 | SIGs 109 | src 110 | sriov 111 | subproject 112 | svg 113 | Tekton 114 | textlint 115 | TopoLVM 116 | tox 117 | udp 118 | VFs 119 | Virtink 120 | Virtlet 121 | VirtualBox 122 | VM 123 | VMs 124 | vmwrapper 125 | VXLAN 126 | WEBHOOK 127 | WIP 128 | YAML 129 | yml 130 | YOUKI 131 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug Report 3 | about: Report a bug encountered while operating Kubernetes 4 | labels: kind/bug 5 | --- 6 | 7 | 13 | 14 | # Summary 15 | 16 | Describe your issue here 17 | 18 | ## Steps 19 | 20 | How to reproduce this issue 21 | 22 | ## Expected behaviour 23 | 24 | ## Actual behaviour 25 | 26 | ## Environment 27 | 28 | ### Pod Description File 29 | 30 | `cat config/pdf.yml` 31 | 32 | ### KRD environment variables 33 | 34 | `vagrant ssh installer -- printenv | grep KRD` 35 | 36 | ### KRD version (commit) 37 | 38 | `git rev-parse --short HEAD` 39 | 40 | ### Output of Setup Kubernetes log file 41 | 42 | 43 | 44 | `vagrant ssh installer -- cat /vagrant/setup-kubernetes.log` 45 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | 3 | Provide a general summary of your changes in the Title above 4 | 5 | ## Details 6 | 7 | Describe your changes in detail 8 | 9 | 13 | -------------------------------------------------------------------------------- /.github/actions/molecule-test/action.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2022 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | name: Molecule execution 11 | description: Executes an Ansible molecule integration test 12 | inputs: 13 | tox-env: 14 | description: "Python TOX environment" 15 | runs: 16 | using: "composite" 17 | steps: 18 | - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # 5.6.0 19 | with: 20 | python-version: "3.x" 21 | - uses: syphar/restore-virtualenv@e536692e76315a068b4905f792e25febfe6d4391 # 1.3 22 | id: cache-tox-molecule 23 | with: 24 | requirement_files: test-requirements.txt 25 | custom_virtualenv_dir: .tox/molecule 26 | - uses: ./.github/actions/vagrant-setup 27 | - name: Install dependencies 28 | shell: bash 29 | run: pip install tox 30 | - name: Run molecule tests 31 | shell: bash 32 | env: 33 | VAGRANT_DISABLE_VBOXSYMLINKCREATE: 1 34 | VAGRANT_HOME: /tmp 35 | TOXENV: ${{ inputs.tox-env }} 36 | run: tox 37 | -------------------------------------------------------------------------------- /.github/actions/vagrant-setup/action.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2022 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | name: Vagrant setup 11 | runs: 12 | using: "composite" 13 | steps: 14 | - name: Cache Vagrant boxes 15 | uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # 4.2.3 16 | with: 17 | path: ~/.vagrant.d/boxes 18 | key: ${{ runner.os }}-vagrant-boxes-${{ hashFiles('distros_supported.yml') }} 19 | restore-keys: | 20 | ${{ runner.os }}-vagrant-boxes- 21 | - name: Apply workaround for VBoxHeadless issue on macOS (https://www.virtualbox.org/ticket/20636) 22 | shell: bash 23 | run: | 24 | if [[ "$(VBoxManage --version)" == "6.1.28r147628" ]]; then 25 | find . -type f -iname "Vagrantfile" -exec sed -i '.bak' 's|v.gui = .*|v.gui = true|g' {} \; 26 | find playbooks/roles/ -type f -name "molecule.yml" -exec sed -i '.bak' 's|gui: .*|gui: True|g' {} \; 27 | find . -type f -name "*.bak" -delete 28 | fi 29 | -------------------------------------------------------------------------------- /.github/labeler.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | documentation: 11 | - changed-files: 12 | - any-glob-to-any-file: ["docs/*", "*.md"] 13 | tests: 14 | - changed-files: 15 | - any-glob-to-any-file: ["tests/*"] 16 | ci: 17 | - changed-files: 18 | - any-glob-to-any-file: [".github/*"] 19 | all-in-one: 20 | - changed-files: 21 | - any-glob-to-any-file: ["aio.sh"] 22 | addons: 23 | - changed-files: 24 | - any-glob-to-any-file: ["playbooks/*"] 25 | -------------------------------------------------------------------------------- /.github/workflows/diagram.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2022 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | name: Documentation and diagram generation 11 | # yamllint disable-line rule:truthy 12 | on: 13 | push: 14 | paths-ignore: 15 | - codebase-structure.svg 16 | - .github/ 17 | workflow_dispatch: 18 | jobs: 19 | check-diagram: 20 | name: Update the codebase structure diagram 21 | permissions: 22 | contents: write 23 | pull-requests: write 24 | runs-on: ubuntu-latest 25 | steps: 26 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 27 | - name: Update diagram 28 | uses: githubocto/repo-visualizer@a999615bdab757559bf94bda1fe6eef232765f85 # 0.9.1 29 | with: 30 | excluded_paths: "ignore,.github" 31 | output_file: codebase-structure.svg 32 | should_push: false 33 | - uses: technote-space/create-pr-action@91114507cf92349bec0a9a501c2edf1635427bc5 # 2.1.4 34 | with: 35 | COMMIT_MESSAGE: "Upgrade documentation diagram" 36 | COMMIT_NAME: "electrocucaracha bot" 37 | PR_BRANCH_NAME: "versions-update-${PR_ID}" 38 | PR_TITLE: "chore: update diagram" 39 | -------------------------------------------------------------------------------- /.github/workflows/distros.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | name: Scheduled Latest Vagrant Boxes verification 11 | # yamllint disable-line rule:truthy 12 | on: 13 | schedule: 14 | - cron: "0 0 1 * *" 15 | workflow_dispatch: 16 | jobs: 17 | check-versions: 18 | permissions: 19 | contents: write # for technote-space/create-pr-action to push code 20 | pull-requests: write # for technote-space/create-pr-action to create a PR 21 | runs-on: vm-self-hosted 22 | steps: 23 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 24 | - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # 4.2.3 25 | with: 26 | path: ~/.vagrant.d/boxes 27 | key: ${{ runner.os }}-vagrant-${{ hashFiles('distros_supported.yml') }} 28 | restore-keys: | 29 | ${{ runner.os }}-vagrant- 30 | - uses: technote-space/create-pr-action@91114507cf92349bec0a9a501c2edf1635427bc5 # 2.1.4 31 | with: 32 | EXECUTE_COMMANDS: | 33 | ./ci/update_distros.sh 34 | COMMIT_MESSAGE: "Upgrade distro list versions" 35 | COMMIT_NAME: "electrocucaracha bot" 36 | PR_BRANCH_NAME: "versions-update-${PR_ID}" 37 | PR_TITLE: "chore: update distro versions" 38 | -------------------------------------------------------------------------------- /.github/workflows/on-demand_corner.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2022 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | name: Check Corner cases 11 | # yamllint disable-line rule:truthy 12 | on: 13 | push: 14 | paths: 15 | - "**.sh" 16 | - "!ci/update_*.sh" 17 | - "*.yml" 18 | - "!playbooks/**/*.yml" 19 | - "*.tpl" 20 | - "*.env" 21 | - "resources/*" 22 | - "!**.md" 23 | pull_request_review: 24 | types: 25 | - submitted 26 | jobs: 27 | check-corner-cases: 28 | name: Check K8s Plugins installation methods in an Ubuntu Bionic All-in-One setup 29 | if: >- 30 | ( github.event_name == 'pull_request_review' && github.event.review.state == 'approved' ) || github.event_name != 'pull_request_review' 31 | runs-on: vm-self-hosted 32 | strategy: 33 | fail-fast: false 34 | matrix: 35 | test: [kong, rook, haproxy] 36 | cert-mgr: [false] 37 | include: 38 | - test: kubewarden 39 | cert-mgr: true 40 | steps: 41 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 42 | - uses: ./.github/actions/vagrant-up 43 | with: 44 | cert-manager-enabled: ${{ matrix.cert-mgr }} 45 | enable-tests: true 46 | int-tests: ${{ matrix.test }} 47 | -------------------------------------------------------------------------------- /.github/workflows/on-demand_multus.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | name: Check Multus CNI 11 | # yamllint disable-line rule:truthy 12 | on: 13 | push: 14 | paths: 15 | - "**.sh" 16 | - "!ci/update_*.sh" 17 | - "*.yml" 18 | - "!playbooks/**/*.yml" 19 | - "*.tpl" 20 | - "*.env" 21 | - "resources/*" 22 | - "!**.md" 23 | pull_request_review: 24 | types: 25 | - submitted 26 | jobs: 27 | check-multus: 28 | name: Check Multus CNI in an Ubuntu Focal All-in-One setup 29 | if: >- 30 | ( github.event_name == 'pull_request_review' && github.event.review.state == 'approved' ) || github.event_name != 'pull_request_review' 31 | runs-on: ubuntu-22.04 32 | env: 33 | KRD_ANSIBLE_DEBUG: true 34 | KRD_MULTUS_ENABLED: true 35 | PKG_KREW_PLUGINS_LIST: "cert-manager" 36 | steps: 37 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 38 | - name: Deploy services 39 | run: KRD_FOLDER=$(git rev-parse --show-toplevel) ./aio.sh 40 | - name: Run Sonobuoy tool 41 | run: ./krd_command.sh -a run_sonobuoy 42 | - name: Run Kubent tool 43 | run: ./krd_command.sh -a run_kubent 44 | - name: Run Multus tests 45 | working-directory: ./tests 46 | run: ./multus.sh 47 | - name: Undeploy services 48 | run: ./krd_command.sh -a uninstall_k8s 49 | -------------------------------------------------------------------------------- /.github/workflows/on-demand_virtlet.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | name: Check Virtlet service 11 | # yamllint disable-line rule:truthy 12 | on: 13 | push: 14 | paths: 15 | - "playbooks/roles/virtlet/**" 16 | - "playbooks/roles/criproxy/**" 17 | - "!**.md" 18 | pull_request_review: 19 | types: 20 | - submitted 21 | jobs: 22 | check-virtlet: 23 | name: Check Mirantis Virtlet solution in an Ubuntu Bionic All-in-One setup 24 | if: >- 25 | ( github.event_name == 'pull_request_review' && github.event.review.state == 'approved' ) || github.event_name != 'pull_request_review' 26 | runs-on: vm-self-hosted 27 | steps: 28 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 29 | - uses: ./.github/actions/vagrant-up 30 | with: 31 | kube-version: v1.18.17 32 | kubespray-version: v2.15.1 33 | cert-manager-enabled: false 34 | test-virtlet: true 35 | container-runtime: docker 36 | docker-version: latest 37 | containerd-version: latest 38 | release: bionic 39 | -------------------------------------------------------------------------------- /.github/workflows/rebase.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | name: Automatic Rebase 11 | # yamllint disable-line rule:truthy 12 | on: 13 | issue_comment: 14 | types: [created] 15 | jobs: 16 | rebase: 17 | name: Rebase 18 | if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase') 19 | runs-on: ubuntu-latest 20 | steps: 21 | - name: Checkout the latest code 22 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 23 | with: 24 | token: ${{ secrets.GITHUB_TOKEN }} 25 | fetch-depth: 0 26 | - name: Automatic Rebase 27 | uses: cirrus-actions/rebase@b87d48154a87a85666003575337e27b8cd65f691 # 1.8 28 | env: 29 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 30 | -------------------------------------------------------------------------------- /.github/workflows/scheduled_ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | name: Scheduled Kubernetes Dashboard + Metrics Server verification 11 | # yamllint disable-line rule:truthy 12 | on: 13 | schedule: 14 | - cron: "0 0 * * 5" 15 | workflow_dispatch: 16 | jobs: 17 | check-dashboard-and-metrics: 18 | name: Check All-in-One setup in a Ubuntu Focal virtual environment 19 | runs-on: ubuntu-22.04 20 | env: 21 | KRD_DASHBOARD_ENABLED: true 22 | KRD_ANSIBLE_DEBUG: true 23 | KRD_CONTAINER_RUNTIME: crio 24 | steps: 25 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 26 | - name: Deploy services 27 | run: KRD_FOLDER=$(git rev-parse --show-toplevel) ./aio.sh 28 | - name: Run Dashboard test 29 | run: | 30 | set -o errexit 31 | set -o pipefail 32 | set -o xtrace 33 | 34 | attempt_counter=0 35 | max_attempts=5 36 | until curl -s "http://$(ip route get 8.8.8.8 | grep "^8." | awk '{ print $7 }')" | perl -l -0777 -ne 'print $1 if /\s*(.*?)\s*<\/title/si' | grep -q "Kubernetes Dashboard"; do 37 | if [ ${attempt_counter} -eq ${max_attempts} ];then 38 | echo "Max attempts reached" 39 | exit 1 40 | fi 41 | attempt_counter=$((attempt_counter+1)) 42 | sleep 10 43 | done 44 | - if: ${{ failure() }} 45 | run: kubectl get all -A -o wide 46 | - name: Deploy Metrics server services 47 | run: ./krd_command.sh -a install_metrics_server 48 | - if: ${{ failure() }} 49 | run: kubectl get all -A -o wide 50 | - name: Validate top node command 51 | run: kubectl top node 52 | - name: Validate top node command 53 | run: kubectl top pod 54 | - name: Undeploy services 55 | run: ./krd_command.sh -a uninstall_k8s 56 | -------------------------------------------------------------------------------- /.github/workflows/spell.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | name: Run misspell 11 | # yamllint disable-line rule:truthy 12 | on: 13 | push: 14 | paths: 15 | - "**.md" 16 | - "!.github/*" 17 | pull_request_review: 18 | types: 19 | - submitted 20 | jobs: 21 | check-reviewdog: 22 | name: Check spelling (reviewdog) 23 | runs-on: ubuntu-latest 24 | steps: 25 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 26 | - uses: reviewdog/action-misspell@8f4203d27a6896ebd5cd8bdd861b36bd18c37978 # 1.26.3 27 | with: 28 | github_token: ${{ secrets.github_token }} 29 | check-spellcheck: 30 | name: Check spelling (pyspelling) 31 | runs-on: ubuntu-latest 32 | steps: 33 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 34 | - uses: igsekor/pyspelling-any@155eb06641bb9259cab59b5126a40be943ecb4f7 # 1.0.4 35 | name: Spellcheck 36 | -------------------------------------------------------------------------------- /.github/workflows/triage.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | name: Triage 11 | # yamllint disable-line rule:truthy 12 | on: [pull_request] 13 | jobs: 14 | assign-label: 15 | runs-on: ubuntu-latest 16 | steps: 17 | - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # 5.0.0 18 | with: 19 | repo-token: "${{ secrets.GITHUB_TOKEN }}" 20 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant/ 2 | .tox/ 3 | inventory/* 4 | *.retry 5 | .*.swp 6 | *.log 7 | config/pdf.yml 8 | *.vdi 9 | docs/build/ 10 | OVMF.fd 11 | *.pyc 12 | krd.png 13 | *.dic 14 | insecure_keys/key* 15 | node_modules/* 16 | package*.json 17 | -------------------------------------------------------------------------------- /.mypy.ini: -------------------------------------------------------------------------------- 1 | [mypy] 2 | explicit_package_bases = True 3 | ignore_missing_imports = True 4 | -------------------------------------------------------------------------------- /.python-lint: -------------------------------------------------------------------------------- 1 | [MASTER] 2 | disable=line-too-long,missing-function-docstring,missing-module-docstring,invalid-name,import-error 3 | -------------------------------------------------------------------------------- /.rstcheck.cfg: -------------------------------------------------------------------------------- 1 | [rstcheck] 2 | report_level=WARNING 3 | -------------------------------------------------------------------------------- /.rubocop.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2020 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | AllCops: 11 | NewCops: enable 12 | Metrics/BlockLength: 13 | Enabled: false 14 | Layout/LineLength: 15 | Enabled: false 16 | Style/StringLiterals: 17 | EnforcedStyle: double_quotes # https://github.com/rubocop/rubocop/issues/5306 18 | -------------------------------------------------------------------------------- /.shellspec: -------------------------------------------------------------------------------- 1 | --require spec_helper 2 | --shell bash 3 | -------------------------------------------------------------------------------- /.spellcheck.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | matrix: 11 | - name: markdown 12 | dictionary: 13 | wordlists: 14 | - .github/.wordlist.txt 15 | pipeline: 16 | - pyspelling.filters.markdown: 17 | - pyspelling.filters.url: 18 | sources: 19 | - "**/*.md" 20 | aspell: 21 | ignore-case: true 22 | -------------------------------------------------------------------------------- /.tektonlintrc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2024 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | rules: 11 | # yamllint disable-line rule:truthy 12 | prefer-kebab-case: off 13 | external-tasks: 14 | - name: kubevirt 15 | uri: https://github.com/kubevirt/kubevirt-tekton-tasks 16 | path: release/tasks 17 | -------------------------------------------------------------------------------- /.yaml-lint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2020 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | extends: default 11 | yaml-files: 12 | - "*.yml" 13 | ignore: | 14 | .tox/ 15 | *.yaml 16 | rules: 17 | line-length: disable 18 | -------------------------------------------------------------------------------- /.yamlfmt: -------------------------------------------------------------------------------- 1 | # SPDX-license-identifier: Apache-2.0 2 | ############################################################################## 3 | # Copyright (c) 2020 4 | # All rights reserved. This program and the accompanying materials 5 | # are made available under the terms of the Apache License, Version 2.0 6 | # which accompanies this distribution, and is available at 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | ############################################################################## 9 | formatter: 10 | type: basic 11 | include_document_start: true 12 | pad_line_comments: 2 13 | max_line_length: 160 14 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-license-identifier: Apache-2.0 2 | ############################################################################## 3 | # Copyright (c) 2021 4 | # All rights reserved. This program and the accompanying materials 5 | # are made available under the terms of the Apache License, Version 2.0 6 | # which accompanies this distribution, and is available at 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | ############################################################################## 9 | 10 | DOCKER_CMD ?= $(shell which docker 2> /dev/null || which podman 2> /dev/null || echo docker) 11 | 12 | .PHONY: lint 13 | lint: 14 | sudo -E $(DOCKER_CMD) run --rm -v $$(pwd):/tmp/lint \ 15 | -e RUN_LOCAL=true \ 16 | -e LINTER_RULES_PATH=/ \ 17 | -e VALIDATE_JSCPD=false \ 18 | -e VALIDATE_SHELL_SHFMT=false \ 19 | -e VALIDATE_CHECKOV=false \ 20 | -e EDITORCONFIG_FILE_NAME=.editorconfig-checker.json \ 21 | -e KUBERNETES_KUBECONFORM_OPTIONS='-ignore-missing-schemas -ignore-filename-pattern custom-rules.yml' \ 22 | ghcr.io/super-linter/super-linter 23 | tox -e lint 24 | 25 | .PHONY: fmt 26 | fmt: 27 | command -v shfmt > /dev/null || curl -s "https://i.jpillora.com/mvdan/sh!!?as=shfmt" | bash 28 | shfmt -l -w -s . 29 | command -v yamlfmt > /dev/null || curl -s "https://i.jpillora.com/google/yamlfmt!!" | bash 30 | yamlfmt -dstar **/*.{yaml,yml} 31 | command -v prettier > /dev/null || npm install prettier 32 | npx prettier . --write 33 | -------------------------------------------------------------------------------- /actionlint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2025 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | self-hosted-runner: 11 | labels: 12 | - vm-self-hosted 13 | -------------------------------------------------------------------------------- /bindep.txt: -------------------------------------------------------------------------------- 1 | cockpit [node !platform:suse] 2 | ethtool [node] 3 | hwloc [node] 4 | hwloc-lstopo [node platform:opensuse-42] 5 | lvm2 [node] 6 | tuned [node !platform:ubuntu-xenial] 7 | libselinux-python [node platform:centos-7] 8 | libselinux-python3 [node platform:centos-7] 9 | e2fsprogs [node platform:suse] 10 | wget [node] 11 | python3 [node] 12 | ndctl [node !platform:ubuntu-xenial] 13 | ipmctl [node !platform:ubuntu-xenial !platform:ubuntu-bionic !platform:suse] 14 | grubby [node platform:fedora] 15 | 16 | # Longhorn requirements 17 | open-iscsi [node platform:ubuntu] 18 | iscsi-initiator-utils [node platform:centos] 19 | 20 | git [node kubespray] 21 | make [kubespray] 22 | unzip [kubespray] 23 | wget [kubespray] 24 | rsync [kubespray] 25 | gcc [kubespray] 26 | glibc-devel [kubespray platform:rpm] 27 | libc-dev [kubespray platform:dpkg] 28 | python-setuptools [kubespray platform:dpkg !platform:ubuntu-noble] 29 | python3-setuptools [kubespray platform:dpkg] 30 | python3-dev [kubespray platform:dpkg] 31 | build-essential [kubespray platform:dpkg] 32 | jq 33 | 34 | python3-markupsafe [kubespray] 35 | -------------------------------------------------------------------------------- /build/ci/linter-task.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | # the following vars must be specified: 12 | # # 13 | # # ((linter_tool)) the linter tool to be used (tox,shellcheck,hadolint,golangci-lint) 14 | platform: linux 15 | image_resource: 16 | type: docker-image 17 | source: 18 | repository: electrocucaracha/linter 19 | tag: 0.0.7 20 | inputs: 21 | - name: src 22 | caches: 23 | - path: .tox/lint 24 | params: 25 | RELENG_LINTER_TOOL: ((.:linter_tool)) 26 | TOXENV: lint 27 | DEBUG: true 28 | run: 29 | dir: src 30 | path: /usr/local/bin/linter.sh 31 | -------------------------------------------------------------------------------- /build/ci/run_task.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | set -o pipefail 12 | set -o errexit 13 | set -o nounset 14 | set -o xtrace 15 | 16 | if ! command -v fly; then 17 | # NOTE: Shorten link -> https://github.com/electrocucaracha/pkg-mgr_scripts 18 | curl -fsSL http://bit.ly/install_pkg | PKG=fly bash 19 | fi 20 | 21 | fly execute --privileged \ 22 | --target="${RELENG_TARGET:-releng}" \ 23 | --config="${TASK_NAME}-task.yml" \ 24 | -i src=../../ "$@" 25 | -------------------------------------------------------------------------------- /ci/_common.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | set -o errexit 12 | set -o nounset 13 | set -o pipefail 14 | 15 | # shellcheck source=tests/_utils.sh 16 | source ../tests/_utils.sh 17 | 18 | # run_installer_cmd() - Runs a specific command on the installer node 19 | function run_installer_cmd { 20 | if [[ ${HOST_INSTALLER:-false} == "true" ]]; then 21 | pushd "$(git rev-parse --show-toplevel)/${1}" >/dev/null 22 | "${@:2}" 23 | popd >/dev/null 24 | else 25 | # shellcheck disable=SC2145 26 | $VAGRANT_CMD_SSH_INSTALLER "cd /vagrant/${1}; ${@:2}" 27 | fi 28 | } 29 | 30 | if ! command -v vagrant >/dev/null; then 31 | # NOTE: Shorten link -> https://github.com/electrocucaracha/bootstrap-vagrant 32 | curl -fsSL http://bit.ly/initVagrant | PROVIDER=libvirt bash 33 | fi 34 | 35 | VAGRANT_CMD="" 36 | if [[ ${SUDO_VAGRANT_CMD:-false} == "true" ]]; then 37 | VAGRANT_CMD="sudo -H" 38 | fi 39 | VAGRANT_CMD+=" $(command -v vagrant)" 40 | # shellcheck disable=SC2034 41 | VAGRANT_CMD_UP="$VAGRANT_CMD up --no-destroy-on-error" 42 | VAGRANT_CMD_SSH_INSTALLER="$VAGRANT_CMD ssh installer --" 43 | -------------------------------------------------------------------------------- /ci/pinned_vagrant_boxes.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/electrocucaracha/krd/f0b26b21aa136dd5da0771471182f5de7411b659/ci/pinned_vagrant_boxes.txt -------------------------------------------------------------------------------- /ci/provision_installer.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | set -o errexit 12 | set -o nounset 13 | set -o pipefail 14 | 15 | # shellcheck source=ci/_common.sh 16 | source _common.sh 17 | 18 | if [ "$($VAGRANT_CMD status installer | grep "^installer" | awk '{ print $2}')" != "running" ] && [[ ${HOST_INSTALLER-false} == "false" ]]; then 19 | $VAGRANT_CMD_UP installer 20 | else 21 | run_installer_cmd . ./krd_command.sh -a install_k8s 22 | fi 23 | -------------------------------------------------------------------------------- /config/samples/pdf.yml.intel_kernel: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2019 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | - name: "controller01" 12 | os: 13 | name: "ubuntu" 14 | release: "focal" 15 | networks: 16 | - name: public-net 17 | ip: "10.10.16.3" 18 | memory: 8192 19 | cpus: 8 20 | roles: 21 | - kube_control_plane 22 | - etcd 23 | - name: "compute01" 24 | os: 25 | name: "ubuntu" 26 | release: "focal" 27 | networks: 28 | - name: public-net 29 | ip: "10.10.16.6" 30 | memory: 16384 31 | qat_dev: 32 | - "3d:00.0" 33 | sriov_dev: 34 | - "41:02.0" 35 | - "41:02.1" 36 | - "41:02.2" 37 | - "41:02.3" 38 | - "41:02.4" 39 | - "41:02.5" 40 | - "41:02.6" 41 | - "41:02.7" 42 | cpus: 24 43 | volumes: 44 | - name: sda 45 | size: 50 46 | mount: /var/lib/docker/ 47 | roles: 48 | - kube_node 49 | - qat-node 50 | - name: "compute02" 51 | os: 52 | name: "ubuntu" 53 | release: "focal" 54 | networks: 55 | - name: public-net 56 | ip: "10.10.16.7" 57 | memory: 16384 58 | qat_dev: 59 | - "3f:00.0" 60 | sriov_dev: 61 | - "41:03.0" 62 | - "41:03.1" 63 | - "41:03.2" 64 | - "41:03.3" 65 | - "41:03.4" 66 | - "41:03.5" 67 | - "41:03.6" 68 | - "41:03.7" 69 | cpus: 24 70 | volumes: 71 | - name: sda 72 | size: 50 73 | mount: /var/lib/docker/ 74 | roles: 75 | - kube_node 76 | - qat-node 77 | - name: "compute03" 78 | os: 79 | name: "ubuntu" 80 | release: "focal" 81 | networks: 82 | - name: public-net 83 | ip: "10.10.16.8" 84 | memory: 16384 85 | qat_dev: 86 | - "da:00.0" 87 | sriov_dev: 88 | - "41:04.0" 89 | - "41:04.1" 90 | - "41:04.2" 91 | - "41:04.3" 92 | - "41:04.4" 93 | - "41:04.5" 94 | - "41:04.6" 95 | - "41:04.7" 96 | cpus: 24 97 | volumes: 98 | - name: sda 99 | size: 50 100 | mount: /var/lib/docker/ 101 | roles: 102 | - kube_node 103 | - qat-node 104 | -------------------------------------------------------------------------------- /config/samples/pdf.yml.localai: -------------------------------------------------------------------------------- 1 | --- 2 | - name: aio 3 | os: 4 | name: ubuntu 5 | release: jammy 6 | networks: 7 | - name: public-net 8 | ip: "10.10.16.3" 9 | memory: 16384 10 | cpus: 8 11 | storage_controllers: 12 | - name: Virtual I/O Device SCSI controller 13 | type: virtio-scsi 14 | controller: VirtIO 15 | volumes: 16 | - name: sdb 17 | size: 25 18 | mount: /var/lib/docker/ 19 | controller: Virtual I/O Device SCSI controller 20 | port: 1 21 | device: 0 22 | - name: sdc 23 | size: 50 24 | controller: Virtual I/O Device SCSI controller 25 | port: 2 26 | device: 0 27 | - name: sdd 28 | size: 20 29 | mount: /mnt/disks/vol1 30 | controller: Virtual I/O Device SCSI controller 31 | port: 3 32 | device: 0 33 | - name: sde 34 | size: 20 35 | mount: /mnt/disks/vol2 36 | controller: Virtual I/O Device SCSI controller 37 | port: 4 38 | device: 0 39 | roles: 40 | - kube_control_plane 41 | - etcd 42 | - kube_node 43 | -------------------------------------------------------------------------------- /config/samples/pdf.yml.mini: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2018 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | - name: master 12 | os: 13 | name: ubuntu 14 | release: jammy 15 | networks: 16 | - name: public-net 17 | ip: "10.10.16.3" 18 | memory: 4096 19 | cpus: 1 20 | roles: 21 | - kube_control_plane 22 | - etcd 23 | - name: minion01 24 | os: 25 | name: ubuntu 26 | release: jammy 27 | networks: 28 | - name: public-net 29 | ip: "10.10.16.4" 30 | memory: 4096 31 | cpus: 1 32 | roles: 33 | - kube_node 34 | - name: minion02 35 | os: 36 | name: ubuntu 37 | release: jammy 38 | networks: 39 | - name: public-net 40 | ip: "10.10.16.5" 41 | memory: 4096 42 | cpus: 1 43 | roles: 44 | - kube_node 45 | -------------------------------------------------------------------------------- /diagram.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import os.path 14 | 15 | import diagrams 16 | import diagrams.k8s.infra as k8s_infra 17 | import yaml 18 | from diagrams.generic.os import Centos, Suse, Ubuntu 19 | 20 | with diagrams.Diagram(filename="krd", direction="BT"): 21 | configuration_file = r"config/default.yml" 22 | if os.path.isfile("config/pdf.yml"): 23 | configuration_file = r"config/pdf.yml" 24 | 25 | with open(configuration_file, encoding="utf8") as conf: 26 | try: 27 | config_nodes = yaml.load(conf, Loader=yaml.FullLoader) 28 | except IOError: 29 | print("File not accessible") 30 | 31 | nodes = [] 32 | for node in config_nodes: 33 | ips = "" 34 | for net in node["networks"]: 35 | ips += net["ip"] + "\n" 36 | with diagrams.Cluster( 37 | f'{node["name"]} ({node["cpus"]} vCPUs, {node["memory"]} KB)\n{ips[:-1]}' 38 | ): 39 | if node["os"]["name"] == "ubuntu": 40 | nodes.append(Ubuntu()) 41 | elif node["os"]["name"] == "centos": 42 | nodes.append(Centos()) 43 | elif node["os"]["name"] == "opensuse": 44 | nodes.append(Suse()) 45 | with diagrams.Cluster("Kubernetes Roles"): 46 | roles = [] 47 | if "kube_control_plane" in node["roles"]: 48 | roles.append(k8s_infra.Master()) 49 | if "etcd" in node["roles"]: 50 | roles.append(k8s_infra.ETCD()) 51 | if "kube_node" in node["roles"]: 52 | roles.append(k8s_infra.Node()) 53 | 54 | installer = Ubuntu("installer\n10.10.16.2") 55 | # pylint: disable-next=pointless-statement 56 | installer >> nodes 57 | -------------------------------------------------------------------------------- /distros_supported.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2019 - 2025 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | debian: 11 | bullseye: 12 | name: debian/bullseye64 13 | version: "11.20241217.1" 14 | rocky: 15 | 9: 16 | name: community/rockylinux-9 17 | version: "1.0.0" 18 | ubuntu: 19 | bionic: 20 | name: generic/ubuntu1804 21 | version: "4.3.12" 22 | focal: 23 | name: generic/ubuntu2004 24 | version: "4.3.12" 25 | jammy: 26 | name: generic/ubuntu2204 27 | version: "4.3.12" 28 | opensuse: 29 | leap: 30 | name: opensuse/Leap-15.6.x86_64 31 | version: "15.6.13.356" 32 | fedora: 33 | 39: 34 | name: fedora/39-cloud-base 35 | version: "39.20231031.1" 36 | 40: 37 | name: fedora/40-cloud-base 38 | version: "40.20240414.0" 39 | -------------------------------------------------------------------------------- /docs/src/conf.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # Licensed under the Apache License, Version 2.0 (the "License"); 3 | # you may not use this file except in compliance with the License. 4 | # You may obtain a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, 10 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 11 | # implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | import os 16 | import sys 17 | 18 | BASE_DIR = os.path.dirname(os.path.abspath(__file__)) 19 | ROOT = os.path.abspath(os.path.join(BASE_DIR, "..", "..")) 20 | 21 | sys.path.insert(0, ROOT) 22 | sys.path.insert(0, BASE_DIR) 23 | 24 | # -- General configuration ---------------------------------------------------- 25 | 26 | # Add any Sphinx extension module names here, as strings. They can be 27 | # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom ones. 28 | extensions = [ 29 | "sphinx.ext.autodoc", 30 | ] 31 | 32 | # The suffix of source filenames. 33 | source_suffix = ".rst" 34 | 35 | # The master toctree document. 36 | master_doc = "index" 37 | 38 | # General information about the project. 39 | project = "Kubernetes Reference Deployment" 40 | -------------------------------------------------------------------------------- /docs/src/img/cilium_vxlan.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/electrocucaracha/krd/f0b26b21aa136dd5da0771471182f5de7411b659/docs/src/img/cilium_vxlan.png -------------------------------------------------------------------------------- /docs/src/img/criproxy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/electrocucaracha/krd/f0b26b21aa136dd5da0771471182f5de7411b659/docs/src/img/criproxy.png -------------------------------------------------------------------------------- /docs/src/img/default_pdf.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/electrocucaracha/krd/f0b26b21aa136dd5da0771471182f5de7411b659/docs/src/img/default_pdf.png -------------------------------------------------------------------------------- /docs/src/img/flannel_host-gw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/electrocucaracha/krd/f0b26b21aa136dd5da0771471182f5de7411b659/docs/src/img/flannel_host-gw.png -------------------------------------------------------------------------------- /docs/src/img/flannel_vxlan.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/electrocucaracha/krd/f0b26b21aa136dd5da0771471182f5de7411b659/docs/src/img/flannel_vxlan.png -------------------------------------------------------------------------------- /docs/src/img/installer_workflow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/electrocucaracha/krd/f0b26b21aa136dd5da0771471182f5de7411b659/docs/src/img/installer_workflow.png -------------------------------------------------------------------------------- /docs/src/img/provisioning.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/electrocucaracha/krd/f0b26b21aa136dd5da0771471182f5de7411b659/docs/src/img/provisioning.png -------------------------------------------------------------------------------- /docs/src/img/sample_tox_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/electrocucaracha/krd/f0b26b21aa136dd5da0771471182f5de7411b659/docs/src/img/sample_tox_diagram.png -------------------------------------------------------------------------------- /docs/src/img/virtlet.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/electrocucaracha/krd/f0b26b21aa136dd5da0771471182f5de7411b659/docs/src/img/virtlet.png -------------------------------------------------------------------------------- /docs/src/index.rst: -------------------------------------------------------------------------------- 1 | Kubernetes Reference Deployment 2 | =============================== 3 | 4 | This project offers a set of Ansible playbooks for deploying a 5 | Kubernetes cluster that meets the minimal components required 6 | for the MultiCloud/K8s plugin. 7 | 8 | Table of contents 9 | ----------------- 10 | 11 | .. toctree:: 12 | :maxdepth: 3 13 | 14 | Project Architecture 15 | Bare Metal provisioning 16 | Benchmark results of Kubernetes Network plugins 17 | Benchmark results of Kubernetes Ingress controllers 18 | Tuning Flannel CNI plugin 19 | Tuning Calico CNI plugin 20 | Tuning Cilium CNI plugin 21 | Tuning Kube-proxy 22 | -------------------------------------------------------------------------------- /galaxy-requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2018 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | roles: 11 | - name: geerlingguy.docker 12 | version: 7.4.7 13 | - name: geerlingguy.repo-epel 14 | version: 3.1.1 15 | - name: andrewrothstein.gcc-toolbox 16 | version: v1.1.10 17 | - name: andrewrothstein.kind 18 | version: v1.2.14 19 | - name: andrewrothstein.kubectl 20 | version: v1.4.3 21 | collections: 22 | - name: kubernetes.core 23 | version: 5.2.0 24 | - name: community.docker 25 | version: 4.5.2 26 | - name: ansible.posix 27 | version: 2.0.0 28 | - name: community.general 29 | version: 10.6.0 30 | -------------------------------------------------------------------------------- /helm/arc/ubuntu-jammy-values.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2024 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | template: 11 | spec: 12 | serviceAccountName: kubevirt-actions-runner 13 | containers: 14 | - name: runner 15 | image: ghcr.io/electrocucaracha/kubevirt-actions-runner:master 16 | imagePullPolicy: Always 17 | command: [] 18 | env: 19 | - name: KUBEVIRT_VM_TEMPLATE 20 | value: ubuntu-jammy-vm 21 | - name: RUNNER_NAME 22 | valueFrom: 23 | fieldRef: 24 | fieldPath: metadata.name 25 | -------------------------------------------------------------------------------- /helm/kagent/without-agents.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2025 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | contrib: 11 | agents: 12 | k8s: 13 | enabled: false 14 | istio: 15 | enabled: false 16 | helm: 17 | enabled: false 18 | observability: 19 | enabled: false 20 | argoRolloutsConversion: 21 | enabled: false 22 | -------------------------------------------------------------------------------- /helm/kube-ovn/grafana.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2020 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | persistence: 11 | enabled: false 12 | service: 13 | type: NodePort 14 | nodePort: 30086 15 | adminUser: admin 16 | adminPassword: secret 17 | -------------------------------------------------------------------------------- /helm/local-ai/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2024 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | deployment: 11 | image: 12 | repository: quay.io/go-skynet/local-ai 13 | tag: v2.15.0-aio-cpu 14 | modelsPath: "/models" 15 | models: 16 | list: 17 | - url: "https://gpt4all.io/models/ggml-gpt4all-j.bin" 18 | service: 19 | type: ClusterIP 20 | port: 8080 21 | persistence: 22 | models: 23 | storageClass: local-storage 24 | accessModes: ReadWriteOnce 25 | size: 19Gi 26 | output: 27 | storageClass: local-storage 28 | accessModes: ReadWriteOnce 29 | size: 19Gi 30 | -------------------------------------------------------------------------------- /insecure_keys/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/electrocucaracha/krd/f0b26b21aa136dd5da0771471182f5de7411b659/insecure_keys/.keep -------------------------------------------------------------------------------- /inventory/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/electrocucaracha/krd/f0b26b21aa136dd5da0771471182f5de7411b659/inventory/.keep -------------------------------------------------------------------------------- /kubespray_images.tpl: -------------------------------------------------------------------------------- 1 | registry.k8s.io/coredns/coredns:v1.8.6 2 | registry.k8s.io/cpa/cluster-proportional-autoscaler-amd64:1.8.5 3 | registry.k8s.io/dns/k8s-dns-node-cache:1.22.28 4 | registry.k8s.io/ingress-nginx/controller:v1.12.0 5 | registry.k8s.io/kube-apiserver:$kube_version 6 | registry.k8s.io/kube-controller-manager:$kube_version 7 | registry.k8s.io/kube-proxy:$kube_version 8 | registry.k8s.io/kube-scheduler:$kube_version 9 | registry.k8s.io/sig-storage/local-volume-provisioner:v2.5.0 10 | quay.io/jetstack/cert-manager-cainjector:v1.15.3 11 | quay.io/jetstack/cert-manager-controller:v1.15.3 12 | quay.io/jetstack/cert-manager-webhook:v1.15.3 13 | -------------------------------------------------------------------------------- /mlc_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "aliveStatusCodes": [429, 200] 3 | } 4 | -------------------------------------------------------------------------------- /playbooks/configure-virtlet.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2019 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | - name: Install virtlet 11 | hosts: localhost 12 | tags: virtlet 13 | roles: 14 | - virtlet 15 | - name: Install virtlet 16 | hosts: kube_node 17 | tags: virtlet 18 | roles: 19 | - criproxy 20 | -------------------------------------------------------------------------------- /playbooks/krd-vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2018 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | kpt_version: 1.0.0-beta.56 11 | go_version: 1.15.3 12 | kubespray_version: v2.27.0 13 | istio_version: 1.25.2 14 | cfssl_version: 1.6.5 15 | sonobuoy_version: 0.57.3 16 | mitogen_version: 0.2.10 17 | # Knative versions 18 | kn_version: knative-v1.18.0 19 | knative_serving_version: knative-v1.18.0 20 | knative_eventing_version: v0.45.0 21 | ## Knative Sandbox versions 22 | net_kourier_version: knative-v1.18.0 23 | net_istio_version: vknative-v1.18.0 24 | net_certmanager_version: vknative-v1.14.0 25 | octant_version: 0.25.1 26 | kube-ovn_version: v1.13.11 27 | prometheus-operator_version: v0.82.0 28 | kubevirt_version: v1.5.0 29 | containerized_data_importer_version: v1.62.0 30 | virtink_version: v0.17.0 31 | kubesphere_version: v4.1.3 32 | metallb_version: v0.14.9 33 | qat_plugin_mode: "{{ lookup('env', 'KRD_QAT_PLUGIN_MODE') | default('dpdk') }}" 34 | qat_plugin_version: "0.15.0" 35 | argocd_version: v3.0.0-rc4 36 | tekton_version: v0.75.0 37 | kubevirt_tekton_tasks_version: v0.24.0 38 | action_runner_controller_version: 0.10.1 39 | -------------------------------------------------------------------------------- /playbooks/roles/criproxy/README.md: -------------------------------------------------------------------------------- 1 | # CRI Proxy 2 | 3 | CRI Proxy makes it possible to run several CRI implementations on the 4 | same node and run CRI implementations inside pods. CRI Proxy is 5 | currently used by Virtlet project but it can be used by other CRI 6 | implementations, too. 7 | 8 | ## How CRI Proxy works 9 | 10 | Below is a diagram depicting the way CRI Proxy works. The basic idea 11 | is forwarding the requests to different runtimes based on prefixes of 12 | image name / pod ID / container ID prefixes. 13 | 14 | ![CRI Request Path](../../../docs/src/img/criproxy.png) 15 | -------------------------------------------------------------------------------- /playbooks/roles/criproxy/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2019 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | criproxy_dest: "/tmp/criproxy" 11 | criproxy_version: 0.14.0 12 | criproxy_url: "https://github.com/Mirantis/criproxy/releases/download/v{{ criproxy_version }}/criproxy" 13 | criproxy_cri_socket_path: "/var/run/dockershim.sock" 14 | -------------------------------------------------------------------------------- /playbooks/roles/criproxy/files/dockershim.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=dockershim for criproxy 3 | 4 | [Service] 5 | User=root 6 | EnvironmentFile=-/etc/kubernetes/kubelet.env 7 | ExecStart=/usr/local/bin/kubelet \ 8 | --experimental-dockershim --port 11250 \ 9 | $KUBE_LOGTOSTDERR \ 10 | $KUBE_LOG_LEVEL \ 11 | $KUBELET_API_SERVER \ 12 | $KUBELET_ADDRESS \ 13 | $KUBELET_PORT \ 14 | $KUBELET_HOSTNAME \ 15 | $KUBELET_ARGS \ 16 | $DOCKER_SOCKET \ 17 | $KUBELET_NETWORK_PLUGIN \ 18 | $KUBELET_VOLUME_PLUGIN \ 19 | $KUBELET_CLOUDPROVIDER 20 | Restart=always 21 | RestartSec=10s 22 | 23 | [Install] 24 | RequiredBy=criproxy.service 25 | -------------------------------------------------------------------------------- /playbooks/roles/criproxy/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2020 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | - name: Restart kubelet service 11 | ansible.builtin.systemd: 12 | state: restarted 13 | daemon_reload: true 14 | name: kubelet 15 | - name: Restart criproxy service 16 | ansible.builtin.systemd: 17 | state: restarted 18 | name: criproxy 19 | -------------------------------------------------------------------------------- /playbooks/roles/criproxy/molecule/default/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ********************************* 2 | Vagrant driver installation guide 3 | ********************************* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Vagrant 9 | * Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop 10 | 11 | Install 12 | ======= 13 | 14 | Please refer to the `Virtual environment`_ documentation for installation best 15 | practices. If not using a virtual environment, please consider passing the 16 | widely recommended `'--user' flag`_ when invoking ``pip``. 17 | 18 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 19 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 20 | 21 | .. code-block:: bash 22 | 23 | $ pip install 'molecule_vagrant' 24 | -------------------------------------------------------------------------------- /playbooks/roles/criproxy/molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2020 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | - name: Converge 11 | hosts: all 12 | tasks: 13 | - name: Include criproxy 14 | ansible.builtin.include_role: 15 | name: criproxy 16 | -------------------------------------------------------------------------------- /playbooks/roles/criproxy/molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2020 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | dependency: 11 | name: galaxy 12 | options: 13 | requirements-file: ../../../galaxy-requirements.yml 14 | driver: 15 | name: vagrant 16 | lint: | 17 | set -e 18 | PATH=${PATH} 19 | yamllint -c ../../../.yaml-lint.yml . 20 | platforms: 21 | - name: focal-$POSTFIX_NAME 22 | box: generic/ubuntu2004 23 | box_version: 4.3.12 24 | memory: 3072 25 | cpus: 1 26 | provider_options: 27 | gui: false 28 | provider_raw_config_args: 29 | - "customize ['modifyvm', :id, '--nictype1', 'virtio', '--cableconnected1', 'on']" 30 | provisioner: 31 | name: ansible 32 | verifier: 33 | name: testinfra 34 | -------------------------------------------------------------------------------- /playbooks/roles/criproxy/molecule/default/tests/test_default.py: -------------------------------------------------------------------------------- 1 | # Copyright 2020 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 4 | # not use this file except in compliance with the License. You may obtain 5 | # a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 | # License for the specific language governing permissions and limitations 13 | # under the License. 14 | # 15 | 16 | import pytest 17 | 18 | 19 | @pytest.mark.parametrize("svc", ["criproxy"]) 20 | def test_svc(host, svc): 21 | service = host.service(svc) 22 | 23 | assert service.is_running 24 | -------------------------------------------------------------------------------- /playbooks/roles/criproxy/templates/criproxy.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=CRI Proxy 3 | 4 | [Service] 5 | ExecStart={{ criproxy_dest }}/criproxy -v 3 -logtostderr -connect {{ criproxy_cri_socket_path }},virtlet.cloud:/run/virtlet.sock -listen /run/criproxy.sock 6 | Restart=always 7 | StartLimitInterval=0 8 | RestartSec=10 9 | 10 | [Install] 11 | WantedBy=kubelet.service 12 | -------------------------------------------------------------------------------- /playbooks/roles/criu/molecule/default/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ********************************* 2 | Vagrant driver installation guide 3 | ********************************* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Vagrant 9 | * Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop 10 | 11 | Install 12 | ======= 13 | 14 | Please refer to the `Virtual environment`_ documentation for installation best 15 | practices. If not using a virtual environment, please consider passing the 16 | widely recommended `'--user' flag`_ when invoking ``pip``. 17 | 18 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 19 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 20 | 21 | .. code-block:: bash 22 | 23 | $ pip install 'molecule_vagrant' 24 | -------------------------------------------------------------------------------- /playbooks/roles/criu/molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | - name: Converge 11 | hosts: all 12 | tasks: 13 | - name: Include criu 14 | ansible.builtin.include_role: 15 | name: criu 16 | -------------------------------------------------------------------------------- /playbooks/roles/criu/molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2020 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | dependency: 11 | name: galaxy 12 | options: 13 | role-file: ../../../galaxy-requirements.yml 14 | requirements-file: ../../../galaxy-requirements.yml 15 | driver: 16 | name: vagrant 17 | lint: | 18 | set -e 19 | PATH=${PATH} 20 | yamllint -c ../../../.yamllint . 21 | platforms: 22 | - name: focal-$POSTFIX_NAME 23 | box: generic/ubuntu2004 24 | box_version: 4.3.12 25 | memory: 3072 26 | cpus: 1 27 | provider_raw_config_args: 28 | - "customize ['modifyvm', :id, '--nictype1', 'virtio', '--cableconnected1', 'on']" 29 | provisioner: 30 | name: ansible 31 | verifier: 32 | name: testinfra 33 | -------------------------------------------------------------------------------- /playbooks/roles/criu/molecule/default/prepare.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | - name: Boostrap servers 11 | hosts: all 12 | roles: 13 | - role: geerlingguy.docker 14 | docker_install_compose: false 15 | become: true 16 | tasks: 17 | - name: Add existing user ansible's user to docker's group 18 | become: true 19 | ansible.builtin.user: 20 | name: "{{ ansible_ssh_user }}" 21 | groups: docker 22 | append: true 23 | -------------------------------------------------------------------------------- /playbooks/roles/criu/molecule/default/tests/test_default.py: -------------------------------------------------------------------------------- 1 | # Copyright 2020 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 4 | # not use this file except in compliance with the License. You may obtain 5 | # a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 | # License for the specific language governing permissions and limitations 13 | # under the License. 14 | # 15 | 16 | 17 | def test_get_nfd_ready_nodes(host): 18 | assert host.run( 19 | "/usr/local/bin/kubectl rollout status" 20 | " deployment/nfd-master" 21 | " --namespace node-feature-discovery" 22 | " --timeout=3m" 23 | ).succeeded 24 | assert host.run( 25 | "/usr/local/bin/kubectl rollout status" 26 | " daemonset/nfd-worker" 27 | " --namespace node-feature-discovery" 28 | " --timeout=3m" 29 | ).succeeded 30 | assert ( 31 | host.run( 32 | "/usr/local/bin/kubectl get deployment" 33 | " --namespace node-feature-discovery" 34 | " -o jsonpath='{.items[0].status." 35 | "readyReplicas}'" 36 | ).stdout 37 | == "1" # noqa: W503 38 | ) 39 | assert ( 40 | host.run( 41 | "/usr/local/bin/kubectl get daemonset" 42 | " --namespace node-feature-discovery" 43 | " -o jsonpath='{.items[0].status." 44 | "numberReady}'" 45 | ).stdout 46 | == "1" # noqa: W503 47 | ) 48 | -------------------------------------------------------------------------------- /playbooks/roles/criu/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2019 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | - name: Add ubuntu repo 11 | ansible.builtin.apt_repository: 12 | repo: ppa:criu/ppa 13 | when: ansible_os_family == 'Ubuntu' 14 | - name: Add centos repo 15 | ansible.builtin.yum_repository: 16 | name: criu-el7 17 | description: Copr repo for criu-el7 owned by adrian 18 | baseurl: https://copr-be.cloud.fedoraproject.org/results/adrian/criu-el7/epel-7-$basearch/ 19 | gpgcheck: true 20 | gpgkey: https://copr-be.cloud.fedoraproject.org/results/adrian/criu-el7/pubkey.gpg 21 | when: ansible_os_family == 'RedHat' 22 | - name: Install CRIU packages 23 | ansible.builtin.package: 24 | name: criu 25 | state: present 26 | -------------------------------------------------------------------------------- /playbooks/roles/nfd/README.md: -------------------------------------------------------------------------------- 1 | # Node Feature Discovery 2 | 3 | Node Feature Discovery (NFD) is a Kubernetes add-on that detects and 4 | advertises hardware and software capabilities of a platform that can, 5 | in turn, be used to facilitate intelligent scheduling of a workload. 6 | 7 | This is a SIG-node subproject, hosted under the Kubernetes SIGs 8 | [organization in GitHub][1]. The project was established in 2016 as a 9 | Kubernetes Incubator project and migrated to Kubernetes SIGs in 2018. 10 | 11 | In a standard deployment, Kubernetes reveals very few details about 12 | the underlying platform to the user. This may be a good strategy for 13 | general data center use, but, in many cases a workload behavior or its 14 | performance, may improve by leveraging the platform (hardware and/or 15 | software) features. Node Feature Discovery detects these features and 16 | advertises them through a Kubernetes concept called node labels which, 17 | in turn, can be used to control workload placement in a Kubernetes 18 | cluster. NFD runs as a separate container on each individual node of 19 | the cluster, discovers capabilities of the node, and finally, 20 | publishes these as node labels using the Kubernetes API. 21 | 22 | NFD only handles non-allocatable features, that is, unlimited 23 | capabilities that do not require any accounting and are available to 24 | all workloads. Allocatable resources that require accounting, 25 | initialization and other special handling (such as Intel® QuickAssist 26 | Technology, GPUs, and FPGAs) are presented as Kubernetes Extended 27 | Resources and handled by device plugins. They are out of the scope of 28 | NFD. 29 | 30 | [1]: https://github.com/kubernetes-sigs/node-feature-discovery 31 | -------------------------------------------------------------------------------- /playbooks/roles/nfd/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2019 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | nfd_template_folder: "/tmp/nfd_k8s" 11 | nfd_version: v0.17.2 12 | -------------------------------------------------------------------------------- /playbooks/roles/nfd/molecule/default/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ********************************* 2 | Vagrant driver installation guide 3 | ********************************* 4 | 5 | Requirements 6 | ============ 7 | 8 | * Vagrant 9 | * Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop 10 | 11 | Install 12 | ======= 13 | 14 | Please refer to the `Virtual environment`_ documentation for installation best 15 | practices. If not using a virtual environment, please consider passing the 16 | widely recommended `'--user' flag`_ when invoking ``pip``. 17 | 18 | .. _Virtual environment: https://virtualenv.pypa.io/en/latest/ 19 | .. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site 20 | 21 | .. code-block:: bash 22 | 23 | $ pip install 'molecule_vagrant' 24 | -------------------------------------------------------------------------------- /playbooks/roles/nfd/molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2020 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | - name: Converge 11 | hosts: all 12 | tasks: 13 | - name: Enforce python3 for ansible 14 | ansible.builtin.set_fact: 15 | ansible_python_interpreter: /usr/bin/python3 16 | - name: Include nfd 17 | ansible.builtin.include_role: 18 | name: nfd 19 | -------------------------------------------------------------------------------- /playbooks/roles/nfd/molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2020 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | dependency: 11 | name: galaxy 12 | options: 13 | role-file: ../../../galaxy-requirements.yml 14 | requirements-file: ../../../galaxy-requirements.yml 15 | driver: 16 | name: vagrant 17 | lint: | 18 | set -e 19 | PATH=${PATH} 20 | yamllint -c ../../../.yaml-lint.yml . 21 | platforms: 22 | - name: ubuntu-focal-$POSTFIX_NAME 23 | box: generic/ubuntu2004 24 | box_version: 4.3.12 25 | memory: 6144 26 | cpus: 2 27 | provider_options: 28 | gui: false 29 | provider_raw_config_args: 30 | - "customize ['modifyvm', :id, '--nictype1', 'virtio', '--cableconnected1', 'on']" 31 | provisioner: 32 | name: ansible 33 | playbooks: 34 | prepare: ${MOLECULE_PROJECT_DIRECTORY}/../pmem/molecule/default/prepare.yml 35 | verifier: 36 | name: testinfra 37 | -------------------------------------------------------------------------------- /playbooks/roles/nfd/molecule/default/tests/test_default.py: -------------------------------------------------------------------------------- 1 | # Copyright 2020 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 4 | # not use this file except in compliance with the License. You may obtain 5 | # a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 | # License for the specific language governing permissions and limitations 13 | # under the License. 14 | # 15 | 16 | 17 | def test_get_nfd_ready_nodes(host): 18 | for resource in ["deployment/nfd-master", "daemonset/nfd-worker"]: 19 | assert host.run( 20 | f"/usr/local/bin/kubectl rollout status {resource}" 21 | " --namespace node-feature-discovery" 22 | " --timeout=3m" 23 | ).succeeded 24 | for item in [ 25 | {"type": "deployment", "metric": "readyReplicas"}, 26 | {"type": "daemonset", "metric": "numberReady"}, 27 | ]: 28 | assert ( 29 | host.run( 30 | f"/usr/local/bin/kubectl get {item['type']}" 31 | " --namespace node-feature-discovery" 32 | " -o jsonpath='{.items[0].status.{item['metric']}}'" 33 | ).stdout 34 | == "1" # noqa: W503 35 | ) 36 | -------------------------------------------------------------------------------- /playbooks/roles/nfd/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2019 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | - name: Create NFD k8s resources based on templates 11 | kubernetes.core.k8s: 12 | state: present 13 | definition: "{{ lookup('template', 'nfd-{{ item }}.yaml.j2') }}" # noqa jinja[invalid] 14 | with_items: 15 | - master 16 | - worker-daemonset 17 | -------------------------------------------------------------------------------- /playbooks/roles/pmem/README.md: -------------------------------------------------------------------------------- 1 | # Persistent Memory 2 | 3 | The term persistent memory is used to describe technologies which 4 | allow programs to access data as memory, directly byte-addressable, 5 | while the contents are non-volatile, preserved across power cycles. It 6 | has aspects that are like memory, and aspects that are like storage, 7 | but it doesn’t typically replace either memory or storage. Instead, 8 | persistent memory is a third tier, used in conjunction with memory and 9 | storage. 10 | 11 | With this new ingredient, systems containing persistent memory can 12 | outperform legacy configurations, providing faster start-up times, 13 | faster access to large in-memory datasets, and often improved total 14 | cost of ownership. 15 | 16 | Intel PMEM-CSI is a storage driver for like Kubernetes which makes 17 | local persistent memory (PMEM) available as a filesystem volume to 18 | container applications. Currently utilize non-volatile memory devices 19 | that can be controlled via the libndctl utility library. 20 | -------------------------------------------------------------------------------- /playbooks/roles/pmem/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2019 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | pmem_template_folder: "/tmp/pmem_k8s" 11 | pmem_version: v1.1.0 12 | pmem_driver_registrar_version: v2.13.0 13 | pmem_csi_provisioner_version: v5.2.0 14 | pmem_cfssl_version: 1.6.5 15 | pmem_namespace: pmem-csi 16 | -------------------------------------------------------------------------------- /playbooks/roles/pmem/files/pmem-storageclass-ext4.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2019 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: storage.k8s.io/v1 11 | kind: StorageClass 12 | metadata: 13 | name: pmem-csi-sc-ext4 14 | parameters: 15 | csi.storage.k8s.io/fstype: ext4 16 | eraseafter: "true" 17 | provisioner: pmem-csi.intel.com 18 | reclaimPolicy: Delete 19 | volumeBindingMode: Immediate 20 | -------------------------------------------------------------------------------- /playbooks/roles/pmem/files/pmem-storageclass-xfs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2019 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: storage.k8s.io/v1 11 | kind: StorageClass 12 | metadata: 13 | name: pmem-csi-sc-xfs 14 | parameters: 15 | csi.storage.k8s.io/fstype: xfs 16 | eraseafter: "false" 17 | provisioner: pmem-csi.intel.com 18 | reclaimPolicy: Delete 19 | volumeBindingMode: Immediate 20 | -------------------------------------------------------------------------------- /playbooks/roles/pmem/files/setup-ca: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Directory to use for storing intermediate files. 4 | WORKDIR="$(realpath "${WORKDIR:-$(mktemp -d -u -t pmem-XXXX)}")" 5 | mkdir -p "$WORKDIR" 6 | cd "$WORKDIR" || exit 7 | CA=${CA:="$WORKDIR/ca"} 8 | NS=${NS:-pmem-csi} 9 | PREFIX=${PREFIX:-pmem-csi-intel-com} 10 | 11 | # Check for cfssl utilities. 12 | cfssl_found=1 13 | (command -v cfssl > /dev/null && command -v cfssljson > /dev/null) || cfssl_found=0 14 | if [ $cfssl_found -eq 0 ]; then 15 | echo "cfssl tools not found, Please install cfssl and cfssljson." 16 | exit 1 17 | fi 18 | 19 | CADIR=$(dirname "${CA}") 20 | mkdir -p "${CADIR}" 21 | CA_CRT=$(realpath "${CA}.pem") 22 | CA_KEY=$(realpath "${CA}-key.pem") 23 | if ! [ -f "${CA_CRT}" ] && ! [ -f "${CA_KEY}" ]; then 24 | echo "Generating CA certificate in $CADIR ..." 25 | (cd "$CADIR" && 26 | < Note: The [multus-cni fix](https://github.com/Mirantis/virtlet/commit/c1880f37149547931832c0e77d5d853b164f150e) 21 | > has not been added in this release yet. 22 | -------------------------------------------------------------------------------- /playbooks/roles/virtlet/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2019 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | virtlet_dest: "/tmp/virtlet" 11 | virtlet_version: 1.5.1 12 | virtlet_url: "https://github.com/Mirantis/virtlet/releases/download/v{{ virtlet_version }}/virtletctl" 13 | -------------------------------------------------------------------------------- /playbooks/roles/virtlet/templates/images.yaml.j2: -------------------------------------------------------------------------------- 1 | translations: 2 | - name: ubuntu/20.04 3 | url: https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img 4 | - name: ubuntu/22.04 5 | url: https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img 6 | - name: ubuntu/24.04 7 | url: https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img 8 | - regexp: 'centos/(\d+)-(\d+)' 9 | url: 'https://cloud.centos.org/centos/$1/images/CentOS-$1-x86_64-GenericCloud-$2.qcow2' 10 | - name: fedora 11 | url: https://download.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-Base-30-1.2.x86_64.qcow2 12 | {% if lookup('env','http_proxy') != "randomfoobarstring" %} 13 | transports: 14 | "": 15 | proxy: "{{ lookup('env','http_proxy') }}" 16 | {% endif %} 17 | -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- 1 | [tool.vulture] 2 | exclude = ["docs/src/conf.py"] 3 | -------------------------------------------------------------------------------- /resources/argocd/haproxy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2024 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: argoproj.io/v1alpha1 11 | kind: Application 12 | metadata: 13 | name: haproxy 14 | namespace: argocd 15 | spec: 16 | project: default 17 | source: 18 | chart: haproxy 19 | repoURL: https://haproxytech.github.io/helm-charts 20 | targetRevision: haproxy-1.23.0 21 | destination: 22 | server: https://kubernetes.default.svc 23 | namespace: haproxy-system 24 | syncPolicy: 25 | syncOptions: 26 | - CreateNamespace=true 27 | -------------------------------------------------------------------------------- /resources/argocd/k8sgpt-operator.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2024 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: argoproj.io/v1alpha1 11 | kind: Application 12 | metadata: 13 | name: k8sgpt-operator 14 | namespace: argocd 15 | spec: 16 | project: default 17 | source: 18 | chart: k8sgpt-operator 19 | repoURL: https://charts.k8sgpt.ai/ 20 | targetRevision: v0.2.0 21 | destination: 22 | server: https://kubernetes.default.svc 23 | namespace: k8sgpt-operator-system 24 | syncPolicy: 25 | syncOptions: 26 | - CreateNamespace=true 27 | -------------------------------------------------------------------------------- /resources/argocd/kube-monkey.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2024 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: argoproj.io/v1alpha1 11 | kind: Application 12 | metadata: 13 | name: kube-monkey 14 | namespace: argocd 15 | spec: 16 | project: default 17 | source: 18 | chart: kube-monkey 19 | repoURL: https://asobti.github.io/kube-monkey/charts/repo 20 | targetRevision: v.0.5.3 21 | destination: 22 | server: https://kubernetes.default.svc 23 | namespace: kube-monkey-system 24 | syncPolicy: 25 | syncOptions: 26 | - CreateNamespace=true 27 | -------------------------------------------------------------------------------- /resources/argocd/local-ai.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2024 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: argoproj.io/v1alpha1 11 | kind: Application 12 | metadata: 13 | name: local-ai 14 | namespace: argocd 15 | spec: 16 | project: default 17 | sources: 18 | - repoURL: https://go-skynet.github.io/helm-charts/ 19 | chart: local-ai 20 | targetRevision: 3.4.0 21 | helm: 22 | valueFiles: 23 | - $values/helm/local-ai/values.yaml 24 | - repoURL: https://github.com/electrocucaracha/krd.git 25 | targetRevision: HEAD 26 | ref: values 27 | destination: 28 | server: https://kubernetes.default.svc 29 | namespace: local-ai-system 30 | syncPolicy: 31 | automated: 32 | selfHeal: true 33 | prune: true 34 | syncOptions: 35 | - CreateNamespace=true 36 | -------------------------------------------------------------------------------- /resources/cockpit.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | metadata: 13 | name: cockpit 14 | labels: 15 | app: cockpit 16 | spec: 17 | replicas: 1 18 | selector: 19 | matchLabels: 20 | app: cockpit 21 | template: 22 | metadata: 23 | labels: 24 | app: cockpit 25 | spec: 26 | containers: 27 | - name: cockpit 28 | image: cockpit/kubernetes:latest 29 | ports: 30 | - containerPort: 9090 31 | name: server 32 | env: 33 | - name: KUBE_INSECURE 34 | value: "false" 35 | --- 36 | apiVersion: v1 37 | kind: Service 38 | metadata: 39 | name: cockpit 40 | spec: 41 | selector: 42 | name: cockpit 43 | type: LoadBalancer 44 | ports: 45 | - protocol: TCP 46 | port: 443 47 | targetPort: server 48 | -------------------------------------------------------------------------------- /resources/dashboard-ingress.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: networking.k8s.io/v1 11 | kind: Ingress 12 | metadata: 13 | annotations: 14 | nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" 15 | cert-manager.io/cluster-issuer: ca-issuer" 16 | name: dashboard 17 | namespace: kube-system 18 | spec: 19 | rules: 20 | - http: 21 | paths: 22 | - backend: 23 | service: 24 | name: kubernetes-dashboard 25 | port: 26 | number: 443 27 | path: / 28 | pathType: Prefix 29 | -------------------------------------------------------------------------------- /resources/ingress-class.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: networking.k8s.io/v1 11 | kind: IngressClass 12 | metadata: 13 | labels: 14 | app.kubernetes.io/component: controller 15 | name: nginx 16 | annotations: 17 | ingressclass.kubernetes.io/is-default-class: "true" 18 | spec: 19 | controller: k8s.io/ingress-nginx 20 | --- 21 | apiVersion: networking.k8s.io/v1 22 | kind: IngressClass 23 | metadata: 24 | labels: 25 | app.kubernetes.io/component: controller 26 | name: kong 27 | spec: 28 | controller: ingress-controllers.konghq.com/kong 29 | -------------------------------------------------------------------------------- /resources/ingress-class_v1beta1.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: networking.k8s.io/v1beta1 11 | kind: IngressClass 12 | metadata: 13 | name: nginx 14 | annotations: 15 | ingressclass.kubernetes.io/is-default-class: "true" 16 | spec: 17 | controller: nginx.org/ingress-controller 18 | --- 19 | apiVersion: networking.k8s.io/v1beta1 20 | kind: IngressClass 21 | metadata: 22 | name: kong 23 | spec: 24 | controller: ingress-controllers.konghq.com/kong 25 | -------------------------------------------------------------------------------- /resources/k6.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: v1 11 | kind: ConfigMap 12 | metadata: 13 | name: k6-config 14 | data: 15 | config: | 16 | import http from "k6/http"; 17 | import { check } from "k6"; 18 | export let options = { 19 | vus: 50, 20 | duration: "30s" 21 | }; 22 | export default function() { 23 | const res = http.get(`http://${__ENV.TEST_SERVICE_HOST}:${__ENV.TEST_PORT_8080_TCP_PORT}/sleep`); 24 | check(res, { 25 | "status was 200": (r) => r.status == 200, 26 | "transaction time OK": (r) => r.timings.duration < 10 27 | }); 28 | }; 29 | --- 30 | apiVersion: batch/v1 31 | kind: Job 32 | metadata: 33 | name: client 34 | spec: 35 | template: 36 | spec: 37 | restartPolicy: Never 38 | affinity: 39 | nodeAffinity: 40 | requiredDuringSchedulingIgnoredDuringExecution: 41 | nodeSelectorTerms: 42 | - matchExpressions: 43 | - key: node-role.kubernetes.io/master 44 | operator: Exists 45 | tolerations: 46 | - key: node-role.kubernetes.io/master 47 | operator: Exists 48 | effect: NoSchedule 49 | containers: 50 | - name: k6-test 51 | image: loadimpact/k6 52 | command: ["k6"] 53 | args: ["run", "/opt/script.js"] 54 | volumeMounts: 55 | - name: k6-volume 56 | mountPath: /opt/ 57 | volumes: 58 | - name: k6-volume 59 | configMap: 60 | name: k6-config 61 | items: 62 | - key: config 63 | path: script.js 64 | -------------------------------------------------------------------------------- /resources/k8sgpt-localai.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2024 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: core.k8sgpt.ai/v1alpha1 11 | kind: K8sGPT 12 | metadata: 13 | name: k8sgpt-localai 14 | namespace: k8sgpt-operator-system 15 | spec: 16 | ai: 17 | model: gpt-4 18 | backend: localai 19 | baseUrl: http://local-ai.local-ai-system.svc.cluster.local:8080/v1 20 | enabled: true 21 | version: v0.4.13 22 | noCache: false 23 | -------------------------------------------------------------------------------- /resources/k8sgpt-openai.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2025 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: core.k8sgpt.ai/v1alpha1 11 | kind: K8sGPT 12 | metadata: 13 | name: k8sgpt-openai 14 | namespace: k8sgpt-operator-system 15 | spec: 16 | ai: 17 | model: llama3.2 18 | backend: openai 19 | baseUrl: http://nuc10-node08/litellm 20 | enabled: true 21 | secret: 22 | name: k8sgpt-sample-secret 23 | key: openai-api-key 24 | version: v0.4.13 25 | noCache: false 26 | --- 27 | apiVersion: v1 28 | kind: Service 29 | metadata: 30 | name: nuc10-node08 31 | namespace: k8sgpt-operator-system 32 | spec: 33 | ports: 34 | - name: http 35 | protocol: TCP 36 | port: 80 37 | targetPort: 80 38 | --- 39 | apiVersion: discovery.k8s.io/v1 40 | kind: EndpointSlice 41 | metadata: 42 | name: nuc10-node08-01 43 | namespace: k8sgpt-operator-system 44 | labels: 45 | kubernetes.io/service-name: nuc10-node08 46 | addressType: IPv4 47 | ports: 48 | - name: http 49 | appProtocol: http 50 | protocol: TCP 51 | port: 80 52 | endpoints: 53 | - addresses: 54 | - "192.168.1.101" 55 | --- 56 | apiVersion: rbac.authorization.k8s.io/v1 57 | kind: ClusterRole 58 | metadata: 59 | name: k8sgpt-openai-role 60 | namespace: k8sgpt-operator-system 61 | rules: 62 | - apiGroups: 63 | - "" 64 | resources: 65 | - "configmaps" 66 | verbs: 67 | - "get" 68 | - "list" 69 | -------------------------------------------------------------------------------- /resources/k8sgpt-openai_incluster.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2025 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: core.k8sgpt.ai/v1alpha1 11 | kind: K8sGPT 12 | metadata: 13 | name: k8sgpt-openai 14 | namespace: k8sgpt-operator-system 15 | spec: 16 | ai: 17 | model: llama3.2 18 | backend: openai 19 | baseUrl: http://litellm-service.litellm-system.svc.cluster.local:4000/litellm 20 | enabled: true 21 | secret: 22 | name: k8sgpt-sample-secret 23 | key: openai-api-key 24 | version: v0.4.13 25 | noCache: false 26 | --- 27 | apiVersion: rbac.authorization.k8s.io/v1 28 | kind: ClusterRole 29 | metadata: 30 | name: k8sgpt-openai-role 31 | namespace: k8sgpt-operator-system 32 | rules: 33 | - apiGroups: 34 | - "" 35 | resources: 36 | - "configmaps" 37 | verbs: 38 | - "get" 39 | - "list" 40 | -------------------------------------------------------------------------------- /resources/kagent-openai-models.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2025 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: kagent.dev/v1alpha1 11 | kind: ModelConfig 12 | metadata: 13 | name: litellm-ollama-3-2 14 | namespace: kagent-system 15 | spec: 16 | apiKeySecretKey: OPENAI_API_KEY 17 | apiKeySecretName: kagent-openai 18 | model: llama3.2 19 | provider: OpenAI 20 | openAI: 21 | baseUrl: http://nuc10-node08/litellm 22 | --- 23 | apiVersion: v1 24 | kind: Service 25 | metadata: 26 | name: nuc10-node08 27 | namespace: kagent-system 28 | spec: 29 | ports: 30 | - name: http 31 | protocol: TCP 32 | port: 80 33 | targetPort: 80 34 | --- 35 | apiVersion: discovery.k8s.io/v1 36 | kind: EndpointSlice 37 | metadata: 38 | name: nuc10-node08-01 39 | namespace: kagent-system 40 | labels: 41 | kubernetes.io/service-name: nuc10-node08 42 | addressType: IPv4 43 | ports: 44 | - name: http 45 | appProtocol: http 46 | protocol: TCP 47 | port: 80 48 | endpoints: 49 | - addresses: 50 | - "192.168.1.101" 51 | -------------------------------------------------------------------------------- /resources/kagent-openai-models_incluster.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2025 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: kagent.dev/v1alpha1 11 | kind: ModelConfig 12 | metadata: 13 | name: litellm-ollama-3-2 14 | namespace: kagent-system 15 | spec: 16 | apiKeySecretKey: OPENAI_API_KEY 17 | apiKeySecretName: kagent-openai 18 | model: llama3.2 19 | provider: OpenAI 20 | openAI: 21 | baseUrl: http://litellm-service.litellm-system.svc.cluster.local:4000/litellm 22 | -------------------------------------------------------------------------------- /resources/kagent/ingress.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2025 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: networking.k8s.io/v1 11 | kind: Ingress 12 | metadata: 13 | name: kagent-ingress 14 | namespace: kagent-system 15 | spec: 16 | rules: 17 | - http: 18 | paths: 19 | - backend: 20 | service: 21 | name: kagent 22 | port: 23 | number: 80 24 | path: / 25 | pathType: Prefix 26 | -------------------------------------------------------------------------------- /resources/kubevirt-runner/rbac.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2024 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: v1 11 | kind: ServiceAccount 12 | metadata: 13 | name: kubevirt-actions-runner 14 | --- 15 | apiVersion: rbac.authorization.k8s.io/v1 16 | kind: Role 17 | metadata: 18 | name: kubevirt-actions-runner 19 | rules: 20 | - apiGroups: ["kubevirt.io"] 21 | resources: ["virtualmachines"] 22 | verbs: ["get", "watch", "list"] 23 | - apiGroups: ["kubevirt.io"] 24 | resources: ["virtualmachineinstances"] 25 | verbs: ["get", "watch", "list", "create", "delete"] 26 | - apiGroups: ["cdi.kubevirt.io"] 27 | resources: ["datavolumes"] 28 | verbs: ["get", "watch", "list", "create", "delete"] 29 | --- 30 | apiVersion: rbac.authorization.k8s.io/v1 31 | kind: ClusterRole 32 | metadata: 33 | name: cdi-cloner 34 | rules: 35 | - apiGroups: ["cdi.kubevirt.io"] 36 | resources: ["datavolumes/source"] 37 | verbs: ["create"] 38 | -------------------------------------------------------------------------------- /resources/kubevirt-runner/vm.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2024 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: kubevirt.io/v1 11 | kind: VirtualMachine 12 | metadata: 13 | name: ubuntu-jammy-vm 14 | spec: 15 | dataVolumeTemplates: 16 | - metadata: 17 | name: ubuntu-jammy-dv 18 | spec: 19 | storage: 20 | volumeMode: Filesystem 21 | source: 22 | pvc: 23 | name: ubuntu-img-jammy 24 | namespace: default 25 | runStrategy: Manual 26 | template: 27 | spec: 28 | terminationGracePeriodSeconds: 30 29 | domain: 30 | devices: 31 | filesystems: 32 | - name: runner-info 33 | virtiofs: {} 34 | disks: 35 | - name: os 36 | disk: 37 | bus: virtio 38 | - name: cloudinitdisk 39 | disk: 40 | bus: virtio 41 | interfaces: 42 | - name: default 43 | masquerade: {} 44 | cpu: 45 | model: host-passthrough 46 | cores: 4 47 | resources: 48 | overcommitGuestOverhead: true 49 | requests: 50 | memory: 8G 51 | memory: 52 | guest: 16G 53 | networks: 54 | - name: default 55 | pod: {} 56 | volumes: 57 | - dataVolume: 58 | name: ubuntu-jammy-dv 59 | name: os 60 | - name: cloudinitdisk 61 | cloudInitNoCloud: 62 | userData: |- 63 | #cloud-config 64 | mounts: 65 | - [ runner-info, /runner-info/, virtiofs, "rw,relatime,user=runner" ] 66 | runcmd: 67 | - "sudo runuser -l runner -c '/opt/runner/run.sh --jitconfig $(jq -r '.jitconfig' /runner-info/runner-info.json)'" 68 | - sleep 30 69 | power_state: 70 | delay: now 71 | mode: poweroff 72 | message: Runner completed 73 | timeout: 2 74 | condition: true 75 | -------------------------------------------------------------------------------- /resources/ubuntu-runner-pipelineruns.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2024 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | apiVersion: tekton.dev/v1 11 | kind: PipelineRun 12 | metadata: 13 | name: create-ubuntu-jammy-runner 14 | spec: 15 | pipelineRef: 16 | name: ubuntu-runner-deployer 17 | params: 18 | - name: release-name 19 | value: jammy 20 | - name: release-version 21 | value: 22.04 22 | taskRunTemplate: 23 | serviceAccountName: ubuntu-runner-deployer-account 24 | -------------------------------------------------------------------------------- /rundeck/Deploy_Kubernetes.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2018 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | - name: Deploy Kubernetes 11 | nodefilters: 12 | filter: .* 13 | sequence: 14 | commands: 15 | - configuration: 16 | ansible-base-dir-path: /opt/kubespray/ 17 | ansible-become: "true" 18 | ansible-playbook: cluster.yml 19 | nodeStep: true 20 | type: com.batix.rundeck.plugins.AnsiblePlaybookWorflowNodeStep 21 | strategy: node-first 22 | -------------------------------------------------------------------------------- /rundeck/krd.properties: -------------------------------------------------------------------------------- 1 | project.ansible-executable: /bin/sh 2 | project.name: krd 3 | resources.source.1.config.ansible-inventory: /vagrant/inventory/hosts.ini 4 | resources.source.1.config.ansible-ssh-keypath: /home/rundeck/.ssh/id_rsa 5 | resources.source.1.config.ansible-ssh-user: root 6 | resources.source.1.type: com.batix.rundeck.plugins.AnsibleResourceModelSourceFactory 7 | service.FileCopier.default.provider: com.batix.rundeck.plugins.AnsibleFileCopier 8 | service.NodeExecutor.default.provider: com.batix.rundeck.plugins.AnsibleNodeExecutor 9 | -------------------------------------------------------------------------------- /spec/commons_spec.sh: -------------------------------------------------------------------------------- 1 | #shellcheck shell=sh 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2022 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | Describe '_commons.sh' 12 | Include ./_commons.sh 13 | 14 | Describe '_vercmp()' 15 | Parameters 16 | '1.1.1' '==' '1.1.1' success 17 | '1.1.1' '==' '1.1.0' failure 18 | '1.1.0' '<' '1.1.1' success 19 | '1.1.1' '<' '1.1.0' failure 20 | '1.1.1' '<' '1.1.1' failure 21 | '1.1.1' '<=' '1.1.1' success 22 | '1.1.0' '<=' '1.1.1' success 23 | '1.1.1' '<=' '1.1.0' failure 24 | '1.1.1' '>' '1.1.0' success 25 | '1.1.0' '>' '1.1.1' failure 26 | '1.1.1' '>' '1.1.1' failure 27 | '1.1.1' '>=' '1.1.0' success 28 | '1.1.1' '>=' '1.1.1' success 29 | '1.1.0' '>=' '1.1.1' failure 30 | End 31 | It 'performs comparation' 32 | When call _vercmp "$1" "$2" "$3" 33 | The status should be "$4" 34 | End 35 | It 'raises error when specified an invalid operator' 36 | When run _vercmp '1.0.0' '!=' '2.0.0' 37 | The stdout should equal "unrecognised op: !=" 38 | The status should be failure 39 | End 40 | End 41 | End 42 | -------------------------------------------------------------------------------- /spec/spec_helper.sh: -------------------------------------------------------------------------------- 1 | # shellcheck shell=sh 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2022 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | # This callback function will be invoked only once before loading specfiles. 12 | spec_helper_precheck() { 13 | : minimum_version "0.28.1" 14 | } 15 | 16 | # This callback function will be invoked after a specfile has been loaded. 17 | spec_helper_loaded() { 18 | : 19 | } 20 | 21 | # This callback function will be invoked after core modules has been loaded. 22 | spec_helper_configure() { 23 | : import 'support/custom_matcher' 24 | } 25 | -------------------------------------------------------------------------------- /test-requirements.in: -------------------------------------------------------------------------------- 1 | ansible-lint # MIT 2 | molecule # MIT 3 | molecule-plugins[vagrant] # MIT 4 | pytest-testinfra # Apache-2.0 5 | yamllint # GPLv3 6 | -------------------------------------------------------------------------------- /tests/_assertions.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | set -o errexit 12 | set -o nounset 13 | set -o pipefail 14 | KRD_DEBUG="${KRD_DEBUG:-false}" 15 | if [[ ${KRD_DEBUG} == "true" ]]; then 16 | set -o xtrace 17 | fi 18 | 19 | # shellcheck source=tests/_utils.sh 20 | source _utils.sh 21 | 22 | # assert_non_empty() - This assertion checks if the expected value is not empty 23 | function assert_non_empty { 24 | local input=$1 25 | local error_msg=$2 26 | 27 | if [[ $KRD_DEBUG == "true" ]]; then 28 | debug "NonEmpty Assertion - value: $1" 29 | fi 30 | if [ -z "$input" ]; then 31 | error "$error_msg" 32 | fi 33 | } 34 | 35 | # assert_are_equal() - This assertion checks if the inputs are equal 36 | function assert_are_equal { 37 | local input=$1 38 | local expected=$2 39 | local error_msg=${3:-"got $input, want $expected"} 40 | 41 | if [[ $KRD_DEBUG == "true" ]]; then 42 | debug "Are equal Assertion - value: $1 expected: $2" 43 | fi 44 | if [ "$input" != "$expected" ]; then 45 | error "$error_msg" 46 | fi 47 | } 48 | 49 | # assert_are_not_equal() - This assertion checks if the inputs are not equal 50 | function assert_are_not_equal { 51 | local input=$1 52 | local expected=$2 53 | local error_msg=$3 54 | 55 | if [[ $KRD_DEBUG == "true" ]]; then 56 | debug "Are not equal Assertion - value: $1 expected: $2" 57 | fi 58 | if [ "$input" == "$expected" ]; then 59 | error "$error_msg" 60 | fi 61 | } 62 | 63 | # assert_contains() - This assertion checks if the input contains another value 64 | function assert_contains { 65 | local input=$1 66 | local expected=$2 67 | local error_msg=${3:-"$input doesn't contains $expected"} 68 | 69 | if [[ $KRD_DEBUG == "true" ]]; then 70 | debug "Contains Assertion - value: $1 expected: $2" 71 | fi 72 | if [[ $input != *"$expected"* ]]; then 73 | error "$error_msg" 74 | fi 75 | } 76 | -------------------------------------------------------------------------------- /tests/_utils.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2018 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | set -o errexit 12 | set -o nounset 13 | set -o pipefail 14 | if [[ ${KRD_DEBUG:-false} == "true" ]]; then 15 | set -o xtrace 16 | fi 17 | 18 | # debug() - This function prints a debug message in the standard output 19 | function debug { 20 | _print_msg "DEBUG" "$1" 21 | echo "::debug::$1" 22 | } 23 | 24 | # info() - This function prints an information message in the standard output 25 | function info { 26 | _print_msg "INFO" "$1" 27 | echo "::notice::$1" 28 | } 29 | 30 | # warn() - This function prints a warning message in the standard output 31 | function warn { 32 | _print_msg "WARN" "$1" 33 | echo "::warning::$1" 34 | } 35 | 36 | # error() - This function prints an error message in the standard output 37 | function error { 38 | _print_msg "ERROR" "$1" 39 | echo "::error::$1" 40 | exit 1 41 | } 42 | 43 | function _print_msg { 44 | echo "$(date +%H:%M:%S) - $1: $2" 45 | } 46 | -------------------------------------------------------------------------------- /tests/check.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021,2023 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | set -o errexit 12 | set -o nounset 13 | set -o pipefail 14 | 15 | # shellcheck source=tests/_functions.sh 16 | source _functions.sh 17 | 18 | trap get_status ERR 19 | 20 | function _run_test { 21 | local test="$1" 22 | # shellcheck disable=SC2064 23 | trap "./krd_command.sh -a uninstall_${test}" RETURN 24 | 25 | info "+++++ Starting $test test..." 26 | ./krd_command.sh -a "install_${test}" 27 | pushd tests 28 | bash "${test}.sh" 29 | popd 30 | info "+++++ $test test completed" 31 | } 32 | 33 | cd .. 34 | for test in "$@"; do 35 | _run_test "$test" 36 | done 37 | -------------------------------------------------------------------------------- /tests/cnpg.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2025 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | set -o errexit 12 | set -o nounset 13 | set -o pipefail 14 | 15 | # shellcheck source=tests/_functions.sh 16 | source _functions.sh 17 | # shellcheck source=tests/_assertions.sh 18 | source _assertions.sh 19 | 20 | function cleanup { 21 | kubectl delete -f resources/basic-db.yaml 22 | } 23 | 24 | # Setup 25 | trap cleanup EXIT 26 | 27 | # Test 28 | info "===== Test started =====" 29 | kubectl apply -f resources/basic-db.yaml 30 | sleep 5 31 | cluster_name=$(kubectl get clusters.postgresql.cnpg.io -o jsonpath='{.items[0].metadata.name}') 32 | 33 | kubectl wait --for=condition=complete "job/${cluster_name}-1-initdb" 34 | sleep 5 35 | kubectl wait --for=condition=Ready "pod/${cluster_name}-1" 36 | 37 | for svc in 'r' ro rw; do 38 | assert_contains "$(kubectl get services)" "${cluster_name}-$svc" "The ${cluster_name}-$svc service doesn't exist" 39 | done 40 | 41 | for secret in app ca replication server; do 42 | assert_contains "$(kubectl get secrets)" "${cluster_name}-$secret" "The ${cluster_name}-$secret secret doesn't exist" 43 | done 44 | 45 | info "===== Test completed =====" 46 | -------------------------------------------------------------------------------- /tests/configure-envoy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2019 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | - hosts: kube_node 11 | vars: 12 | qat_envoy_dest: /tmp/kubernetes-qat-envoy 13 | roles: 14 | - role: geerlingguy.docker 15 | become: true 16 | tasks: 17 | - name: configure docker client 18 | block: 19 | - name: create docker config folder 20 | file: 21 | mode: "0755" 22 | state: directory 23 | path: /root/.docker/ 24 | - name: configure docker client to use proxy values 25 | copy: 26 | mode: preserve 27 | dest: "/root/.docker/config.json" 28 | content: | 29 | { 30 | "proxies": 31 | { 32 | "default": 33 | { 34 | "httpProxy": "{{ lookup('env','http_proxy') }}", 35 | "httpsProxy": "{{ lookup('env','https_proxy') }}", 36 | "noProxy": "{{ lookup('env','no_proxy') }}" 37 | } 38 | } 39 | } 40 | when: lookup('env','http_proxy') != "fooproxy" or lookup('env','https_proxy') != "fooproxy" or lookup('env','no_proxy') != "fooproxy" 41 | - name: clone QAT envoy repo repo 42 | git: 43 | repo: "https://github.com/intel/kubernetes-qat-envoy" 44 | dest: "{{ qat_envoy_dest }}" 45 | version: "01bb5ef2ea405a3bf070c7080a7ac898afd2ce1d" 46 | force: true 47 | - name: remove old envoy docker images 48 | shell: "docker images envoy-qat -q | xargs docker rmi -f" 49 | ignore_errors: true 50 | - name: build docker image 51 | command: "docker image build -t envoy-qat:devel -f {{ qat_envoy_dest }}/Dockerfile.openssl {{ qat_envoy_dest }}/" 52 | -------------------------------------------------------------------------------- /tests/criu.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | set -o pipefail 12 | set -o xtrace 13 | set -o errexit 14 | set -o nounset 15 | 16 | # TODO: Get two criu hostnames 17 | 18 | ssh -o StrictHostKeyChecking=no minion01 sudo docker rm worker 19 | ssh -o StrictHostKeyChecking=no minion02 sudo docker rm worker 20 | 21 | scp -o StrictHostKeyChecking=no init.py minion01:/vagrant/tests/init.py 22 | ssh -o StrictHostKeyChecking=no -t minion01 sudo docker run -d --rm --name worker -v /vagrant/tests/:/usr/src/worker -w /usr/src/worker python:3 python init.py 23 | sleep 10 24 | ssh -o StrictHostKeyChecking=no -t minion01 sudo docker checkpoint create worker worker_checkpoint 25 | CONTAINER_ID=$(ssh -o StrictHostKeyChecking=no minion01 sudo docker inspect --format="{{.Id}}" worker) 26 | ssh -o StrictHostKeyChecking=no minion01 sudo tar cvzf /tmp/worker_checkpoint.tar.gz -C "/var/lib/docker/containers/$CONTAINER_ID/checkpoints" . 27 | 28 | scp -o StrictHostKeyChecking=no minion01:/tmp/worker_checkpoint.tar.gz /tmp/worker_checkpoint.tar.gz 29 | scp -o StrictHostKeyChecking=no /tmp/worker_checkpoint.tar.gz minion02:/tmp/worker_checkpoint.tar.gz 30 | rm /tmp/worker_checkpoint.tar.gz 31 | 32 | ssh -o StrictHostKeyChecking=no minion02 sudo docker create --name worker python 33 | ssh -o StrictHostKeyChecking=no minion02 sudo mkdir -p "/var/lib/docker/containers/$CONTAINER_ID/checkpoints" 34 | sudo tar -C "/var/lib/docker/containers/$CONTAINER_ID/checkpoints" -xvf /tmp/worker_checkpoint.tar.gz 35 | ssh -o StrictHostKeyChecking=no minion02 sudo docker start --checkpoint worker_checkpoint worker 36 | -------------------------------------------------------------------------------- /tests/falco.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | set -o errexit 12 | set -o nounset 13 | set -o pipefail 14 | 15 | # shellcheck source=tests/_functions.sh 16 | source _functions.sh 17 | # shellcheck source=tests/_assertions.sh 18 | source _assertions.sh 19 | 20 | info "===== Test started =====" 21 | trap 'info "===== Test completed ====="' EXIT 22 | 23 | falco_log="$(kubectl logs -l app.kubernetes.io/name=falco -n falco-system -c falco)" 24 | assert_non_empty "$falco_log" "Falco's logs are disabled" 25 | assert_contains "$falco_log" 'Starting health webserver' "Falco internal server hasn't started" 26 | -------------------------------------------------------------------------------- /tests/gatekeeper.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | set -o errexit 12 | set -o nounset 13 | set -o pipefail 14 | 15 | # shellcheck source=tests/_functions.sh 16 | source _functions.sh 17 | # shellcheck source=tests/_assertions.sh 18 | source _assertions.sh 19 | 20 | function cleanup { 21 | kubectl delete -f resources/gatekeeper 22 | kubectl delete namespace opa-test 23 | } 24 | 25 | # Setup 26 | kubectl apply -f resources/gatekeeper/template.yml 27 | sleep 5 28 | kubectl apply -f resources/gatekeeper/lb-constraint.yml 29 | if ! kubectl get namespaces/opa-test --no-headers -o custom-columns=name:.metadata.name; then 30 | kubectl create namespace opa-test 31 | fi 32 | trap cleanup EXIT 33 | 34 | # Test 35 | info "===== Test started =====" 36 | 37 | # editorconfig-checker-disable 38 | cat </tmp/restricted.yaml 39 | kind: Service 40 | apiVersion: v1 41 | metadata: 42 | name: lb-service 43 | namespace: opa-test 44 | spec: 45 | type: LoadBalancer 46 | selector: 47 | app: opa-test 48 | ports: 49 | - protocol: TCP 50 | port: 80 51 | targetPort: 8080 52 | EOF 53 | # editorconfig-checker-enable 54 | 55 | assert_contains "$(kubectl apply -f /tmp/restricted.yaml 2>&1 || :)" "Service type LoadBalancer are restricted" "OPA Gatekeeper didn't restrict the service creation using LoadBalancer type" 56 | 57 | info "===== Test completed =====" 58 | -------------------------------------------------------------------------------- /tests/init.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import os 14 | import random 15 | 16 | for i in range(random.randint(600, 3600)): 17 | os.system("sleep 1") 18 | print(f"Running for {i + 1} secs") 19 | -------------------------------------------------------------------------------- /tests/k8sgpt.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2025 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | set -o errexit 12 | set -o nounset 13 | set -o pipefail 14 | 15 | # shellcheck source=tests/_functions.sh 16 | source _functions.sh 17 | # shellcheck source=tests/_assertions.sh 18 | source _assertions.sh 19 | 20 | function cleanup { 21 | kubectl delete -f resources/broken-pod.yaml 22 | } 23 | 24 | # Setup 25 | trap cleanup EXIT 26 | 27 | # Test 28 | info "===== Test started =====" 29 | kubectl apply -f resources/broken-pod.yaml 30 | 31 | assert_non_empty "$(kubectl get results.core.k8sgpt.ai -n k8sgpt-operator-system defaultbrokenpod)" "K8sGPT didn't generate a result object" 32 | 33 | info "===== Test completed =====" 34 | -------------------------------------------------------------------------------- /tests/knative.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | set -o errexit 12 | set -o nounset 13 | set -o pipefail 14 | 15 | # shellcheck source=tests/_functions.sh 16 | source _functions.sh 17 | # shellcheck source=tests/_assertions.sh 18 | source _assertions.sh 19 | 20 | service_name="helloworld-go" 21 | 22 | function cleanup { 23 | kn service delete "$service_name" || : 24 | } 25 | 26 | if ! command -v kn; then 27 | error "This functional test requires Knative client" 28 | fi 29 | 30 | trap cleanup EXIT 31 | 32 | # Setup 33 | kn service create "$service_name" --image gcr.io/knative-samples/helloworld-go --env TARGET="Go Sample v1" 34 | 35 | # Test 36 | info "===== Test started =====" 37 | assert_non_empty "$(kn service describe "$service_name")" "Knative client could't create a $service_name app" 38 | assert_contains "$(kn service describe "$service_name")" "++ Ready" "$service_name app is no ready" 39 | assert_contains "$(kn service describe "$service_name")" "++ ConfigurationsReady" "$service_name app's configuration is no ready" 40 | assert_contains "$(kn service describe "$service_name")" "++ RoutesReady" "$service_name app's routes is no ready" 41 | 42 | info "===== Test completed =====" 43 | -------------------------------------------------------------------------------- /tests/kubewarden.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | set -o errexit 12 | set -o nounset 13 | set -o pipefail 14 | 15 | # shellcheck source=tests/_functions.sh 16 | source _functions.sh 17 | # shellcheck source=tests/_assertions.sh 18 | source _assertions.sh 19 | 20 | function cleanup { 21 | kubectl delete clusteradmissionpolicies privileged-pods --ignore-not-found 22 | } 23 | 24 | # Setup 25 | # editorconfig-checker-disable 26 | cat <&1 || :)" "User 'kubernetes-admin' cannot schedule privileged containers" "Kubewarden didn't restrict the privileged pods creation" 60 | 61 | info "===== Test completed =====" 62 | -------------------------------------------------------------------------------- /tests/kyverno.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | set -o errexit 12 | set -o nounset 13 | set -o pipefail 14 | 15 | # shellcheck source=tests/_functions.sh 16 | source _functions.sh 17 | # shellcheck source=tests/_assertions.sh 18 | source _assertions.sh 19 | 20 | function cleanup { 21 | kubectl delete clusterpolicy require-labels --ignore-not-found 22 | } 23 | 24 | # Setup 25 | # editorconfig-checker-disable 26 | cat <&1 || :)" "check-for-labels" "Kyverno didn't restrict the deployment creation without labels" 54 | 55 | info "===== Test completed =====" 56 | -------------------------------------------------------------------------------- /tests/longhorn.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2024 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | set -o errexit 12 | set -o nounset 13 | set -o pipefail 14 | 15 | # shellcheck source=tests/_functions.sh 16 | source _functions.sh 17 | # shellcheck source=tests/_assertions.sh 18 | source _assertions.sh 19 | 20 | function cleanup { 21 | kubectl get pvc,pv 22 | kubectl delete -f resources/longhorn/ 23 | } 24 | 25 | trap cleanup EXIT 26 | 27 | info "===== Test started =====" 28 | 29 | kubectl apply -f resources/longhorn/ 30 | 31 | kubectl wait --for=jsonpath='{.status.phase}'=Bound pvc/pv-claim --timeout=5m 32 | assert_contains "$(kubectl get pv --no-headers)" 'pv-claim' "Persistent volume claim has not bind properly" 33 | 34 | info "===== Test completed =====" 35 | -------------------------------------------------------------------------------- /tests/metallb.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2021 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | set -o errexit 12 | set -o nounset 13 | set -o pipefail 14 | 15 | # shellcheck source=tests/_functions.sh 16 | source _functions.sh 17 | # shellcheck source=tests/_assertions.sh 18 | source _assertions.sh 19 | 20 | function cleanup { 21 | kubectl delete service nginx --ignore-not-found 22 | kubectl delete ipaddresspools metallb-test-cidr --ignore-not-found 23 | } 24 | 25 | trap cleanup EXIT 26 | 27 | # Setup 28 | # editorconfig-checker-disable 29 | cat <