Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( DaemonObjects = func(install *v1.Install) []client.Object { return []client.Object{ &talos.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{ Name: "talos-api-access", Namespace: install.Namespace, }, Spec: talos.ServiceAccountSpec{ Roles: []string{ "os:admin", }, }, }, &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: "daemon", Namespace: install.Namespace, }, Data: map[string]string{ "config.yaml": ` service: name: daemon domain: home-cloud env: prod `}, }, &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ Name: "daemon", Namespace: install.Namespace, }, Spec: appsv1.DeploymentSpec{ Replicas: ptr.To[int32](1), Selector: &metav1.LabelSelector{ MatchLabels: map[string]string{ "app": "daemon", }, }, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ "app": "daemon", }, }, Spec: corev1.PodSpec{ Containers: []corev1.Container{ { Name: "daemon", Image: fmt.Sprintf("%s:%s", install.Spec.Daemon.Image, install.Spec.Daemon.Tag), Ports: []corev1.ContainerPort{ { Name: "http", Protocol: corev1.ProtocolTCP, ContainerPort: 8090, }, }, VolumeMounts: []corev1.VolumeMount{ { Name: "config", MountPath: "/etc/config.yaml", SubPath: "config.yaml", }, { Name: "talos-secrets", MountPath: "/var/run/secrets/talos.dev", }, }, }, }, Volumes: []corev1.Volume{ { Name: "config", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{Name: "daemon"}, }}, }, { Name: "talos-secrets", VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{ SecretName: "talos-api-access", }}, }, }, }, }, }, }, &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ Name: "daemon", Namespace: install.Namespace, Labels: map[string]string{ "app": "daemon", }, }, Spec: corev1.ServiceSpec{ Type: corev1.ServiceTypeClusterIP, Ports: []corev1.ServicePort{ { Name: "http", Port: 80, TargetPort: intstr.FromInt(8090), }, }, Selector: map[string]string{ "app": "daemon", }, }, }, } } )
View Source
var ( DefaultInstall = &v1.Install{ ObjectMeta: metav1.ObjectMeta{ Name: "install", Namespace: "home-cloud-system", }, Spec: v1.InstallSpec{ GatewayAPI: &v1.GatewayAPISpec{}, Istio: &v1.IstioSpec{ Namespace: "istio-system", IngressGatewayName: "ingress-gateway", Base: &v1.BaseSpec{}, Istiod: &v1.IstiodSpec{ Values: ` resources: requests: cpu: 100m memory: 100Mi `, }, CNI: &v1.CNISpec{}, Ztunnel: &v1.ZtunnelSpec{ Values: ` resources: requests: cpu: 100m memory: 100Mi `, }, }, Server: &v1.ServerSpec{}, MDNS: &v1.MDNSSpec{}, Tunnel: &v1.TunnelSpec{}, Operator: &v1.OperatorSpec{}, Daemon: &v1.DaemonSpec{ System: &v1.SystemSpec{}, Kubernetes: &v1.KubernetesSpec{}, }, Settings: &v1.SettingsSpec{ Hostname: "home-cloud.local", }, }, } )
View Source
var ( GatewayObjects = func(install *v1.Install) []client.Object { return []client.Object{ &gwv1.Gateway{ ObjectMeta: metav1.ObjectMeta{ Name: install.Spec.Istio.IngressGatewayName, Namespace: install.Spec.Istio.Namespace, }, Spec: gwv1.GatewaySpec{ GatewayClassName: "istio", Listeners: []gwv1.Listener{ { Name: "http", Port: 80, Protocol: gwv1.HTTPProtocolType, AllowedRoutes: &gwv1.AllowedRoutes{ Namespaces: &gwv1.RouteNamespaces{ From: ptr.To[gwv1.FromNamespaces]("All"), }, }, }, }, Infrastructure: &gwv1.GatewayInfrastructure{ ParametersRef: &gwv1.LocalParametersReference{ Kind: gwv1.Kind("ConfigMap"), Name: fmt.Sprintf("%s-options", install.Spec.Istio.IngressGatewayName), }, }, }, }, &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: fmt.Sprintf("%s-options", install.Spec.Istio.IngressGatewayName), Namespace: install.Spec.Istio.Namespace, }, Data: map[string]string{ "service": `spec: type: NodePort ports: - port: 80 nodePort: 80 `, }, }, } } )
View Source
var ( MDNSObjects = func(install *v1.Install) []client.Object { return []client.Object{ &corev1.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{ Name: "mdns", Namespace: install.Namespace, }, }, &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Name: "home-cloud-mdns", }, Rules: []rbacv1.PolicyRule{ { Verbs: []string{ "list", "watch", }, APIGroups: []string{""}, Resources: []string{"services"}, }, }, }, &rbacv1.ClusterRoleBinding{ ObjectMeta: metav1.ObjectMeta{ Name: "home-cloud-mdns-reader", }, Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", Name: "mdns", Namespace: install.Namespace, }, }, RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "ClusterRole", Name: "home-cloud-mdns", }, }, &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: "mdns", Namespace: install.Namespace, }, Data: map[string]string{ "config.yaml": ` service: name: mdns domain: home-cloud env: prod `}, }, &appsv1.StatefulSet{ ObjectMeta: metav1.ObjectMeta{ Name: "mdns", Namespace: install.Namespace, }, Spec: appsv1.StatefulSetSpec{ Replicas: ptr.To[int32](1), Selector: &metav1.LabelSelector{ MatchLabels: map[string]string{ "app": "mdns", }, }, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ "app": "mdns", }, }, Spec: corev1.PodSpec{ ServiceAccountName: "mdns", HostNetwork: true, Containers: []corev1.Container{ { Name: "mdns", Image: fmt.Sprintf("%s:%s", install.Spec.MDNS.Image, install.Spec.MDNS.Tag), SecurityContext: &corev1.SecurityContext{ RunAsUser: ptr.To(int64(65534)), RunAsGroup: ptr.To(int64(65534)), RunAsNonRoot: ptr.To(true), ReadOnlyRootFilesystem: ptr.To(true), AllowPrivilegeEscalation: ptr.To(false), SeccompProfile: &corev1.SeccompProfile{ Type: corev1.SeccompProfileTypeRuntimeDefault, }, Capabilities: &corev1.Capabilities{ Drop: []corev1.Capability{ "ALL", }, }, }, Env: []corev1.EnvVar{ { Name: "DRAFT_MDNS_HOST_IP", ValueFrom: &corev1.EnvVarSource{ FieldRef: &corev1.ObjectFieldSelector{ FieldPath: "status.hostIP", }, }, }, }, VolumeMounts: []corev1.VolumeMount{ { Name: "config", MountPath: "/etc/config.yaml", SubPath: "config.yaml", }, }, }, }, Volumes: []corev1.Volume{ { Name: "config", VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{Name: "mdns"}, }, }, }, }, }, }, }, }, } } )
View Source
var ( NamespaceObjects = func(install *v1.Install) []client.Object { return []client.Object{ &corev1.Namespace{ ObjectMeta: metav1.ObjectMeta{ Name: install.Spec.Istio.Namespace, Labels: map[string]string{ "pod-security.kubernetes.io/enforce": "privileged", }, }, }, &corev1.Namespace{ ObjectMeta: metav1.ObjectMeta{ Name: install.Namespace, Labels: map[string]string{ "pod-security.kubernetes.io/enforce": "privileged", "istio.io/dataplane-mode": "ambient", }, }, }, } } )
View Source
var ( // NOTE: For these resources specifically, they have the TypeMeta manually configured. // This is not necessary for most usecases but it allows `tools/releaser` to use // these definitions to create the releasable `operator.yaml` consistent with what // the operator will reconcile itself. OperatorObjects = func(install *v1.Install) []client.Object { return []client.Object{ &corev1.ServiceAccount{ TypeMeta: metav1.TypeMeta{ APIVersion: "v1", Kind: "ServiceAccount", }, ObjectMeta: metav1.ObjectMeta{ Name: "operator", Namespace: install.Namespace, }, }, &rbacv1.ClusterRoleBinding{ TypeMeta: metav1.TypeMeta{ APIVersion: "rbac.authorization.k8s.io/v1", Kind: "ClusterRoleBinding", }, ObjectMeta: metav1.ObjectMeta{ Name: "operator-rolebinding", }, RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "ClusterRole", Name: "cluster-admin", }, Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", Name: "operator", Namespace: install.Namespace, }, }, }, &corev1.ConfigMap{ TypeMeta: metav1.TypeMeta{ APIVersion: "v1", Kind: "ConfigMap", }, ObjectMeta: metav1.ObjectMeta{ Name: "operator", Namespace: install.Namespace, }, Data: map[string]string{ "config.yaml": `service: name: operator domain: home-cloud env: prod `}, }, &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ APIVersion: "apps/v1", Kind: "Deployment", }, ObjectMeta: metav1.ObjectMeta{ Name: "operator", Namespace: install.Namespace, }, Spec: appsv1.DeploymentSpec{ Replicas: ptr.To[int32](1), Selector: &metav1.LabelSelector{ MatchLabels: map[string]string{ "app": "operator", }, }, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ "app": "operator", }, }, Spec: corev1.PodSpec{ TerminationGracePeriodSeconds: ptr.To(int64(10)), ServiceAccountName: "operator", Containers: []corev1.Container{ { Name: "operator", Image: fmt.Sprintf("%s:%s", install.Spec.Operator.Image, install.Spec.Operator.Tag), Ports: []corev1.ContainerPort{ { Name: "http", Protocol: corev1.ProtocolTCP, ContainerPort: 8090, }, }, LivenessProbe: &corev1.Probe{ ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/healthz", Port: intstr.FromString("http"), }, }, }, ReadinessProbe: &corev1.Probe{ ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/readyz", Port: intstr.FromString("http"), }, }, }, VolumeMounts: []corev1.VolumeMount{ { Name: "config", MountPath: "/etc/config.yaml", SubPath: "config.yaml", }, }, }, }, Volumes: []corev1.Volume{ { Name: "config", VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{Name: "operator"}, }, }, }, }, }, }, }, }, } } )
View Source
var ( ServerObjects = func(install *v1.Install) []client.Object { return []client.Object{ &corev1.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{ Name: "server", Namespace: install.Namespace, }, }, &rbacv1.Role{ ObjectMeta: metav1.ObjectMeta{ Name: "manage-home-cloud-apps", Namespace: install.Namespace, }, Rules: []rbacv1.PolicyRule{ { APIGroups: []string{ "home-cloud.io", }, Resources: []string{ "apps", "installs", "wireguards", }, Verbs: []string{ "get", "list", "create", "update", "delete", }, }, { APIGroups: []string{""}, Resources: []string{"secrets"}, Verbs: []string{ "get", "create", "update", "delete", }, }, }, }, &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Name: "read-all", }, Rules: []rbacv1.PolicyRule{ { Verbs: []string{ "get", "list", }, APIGroups: []string{""}, Resources: []string{"*"}, }, }, }, &rbacv1.RoleBinding{ ObjectMeta: metav1.ObjectMeta{ Name: "manage-home-cloud-apps", Namespace: install.Namespace, }, RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "Role", Name: "manage-home-cloud-apps", }, Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", Name: "server", Namespace: install.Namespace, }, }, }, &rbacv1.ClusterRoleBinding{ ObjectMeta: metav1.ObjectMeta{ Name: "home-cloud-server-read-all", }, Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", Name: "server", Namespace: install.Namespace, }, }, RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "ClusterRole", Name: "read-all", }, }, &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: "server", Namespace: install.Namespace, }, Data: map[string]string{ "config.yaml": `service: name: server domain: home-cloud env: prod `}, }, &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ Name: "server", Namespace: install.Namespace, }, Spec: appsv1.DeploymentSpec{ Replicas: ptr.To[int32](1), Selector: &metav1.LabelSelector{ MatchLabels: map[string]string{ "app": "server", }, }, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ "app": "server", }, }, Spec: corev1.PodSpec{ ServiceAccountName: "server", Containers: []corev1.Container{ { Name: "server", Image: fmt.Sprintf("%s:%s", install.Spec.Server.Image, install.Spec.Server.Tag), Ports: []corev1.ContainerPort{ { Name: "http", Protocol: corev1.ProtocolTCP, ContainerPort: 8090, }, }, LivenessProbe: &corev1.Probe{ ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/", Port: intstr.FromString("http"), }, }, }, ReadinessProbe: &corev1.Probe{ ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/", Port: intstr.FromString("http"), }, }, }, VolumeMounts: []corev1.VolumeMount{ { Name: "config", MountPath: "/etc/config.yaml", SubPath: "config.yaml", }, }, }, }, Volumes: []corev1.Volume{ { Name: "config", VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{Name: "server"}, }, }, }, }, }, }, }, }, &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ Name: "server", Namespace: install.Namespace, Labels: map[string]string{ "app": "server", }, Annotations: map[string]string{ "home-cloud.io/dns": install.Spec.Settings.Hostname, }, }, Spec: corev1.ServiceSpec{ Type: corev1.ServiceTypeClusterIP, Ports: []corev1.ServicePort{ { Name: "http", Port: 80, TargetPort: intstr.FromInt(8090), }, }, Selector: map[string]string{ "app": "server", }, }, }, &gwv1.HTTPRoute{ ObjectMeta: metav1.ObjectMeta{ Name: "server", Namespace: install.Namespace, }, Spec: gwv1.HTTPRouteSpec{ CommonRouteSpec: gwv1.CommonRouteSpec{ ParentRefs: []gwv1.ParentReference{ { Name: gwv1.ObjectName(install.Spec.Istio.IngressGatewayName), Namespace: ptr.To(gwv1.Namespace(install.Spec.Istio.Namespace)), }, }, }, Hostnames: []gwv1.Hostname{ gwv1.Hostname(install.Spec.Settings.Hostname), }, Rules: []gwv1.HTTPRouteRule{ { BackendRefs: []gwv1.HTTPBackendRef{ { BackendRef: gwv1.BackendRef{ BackendObjectReference: gwv1.BackendObjectReference{ Name: "server", Port: ptr.To[gwv1.PortNumber](80), }, }, }, }, }, }, }, }, } } )
View Source
var ( TalosObjects = func(install *v1.Install) []client.Object { return []client.Object{ &talos.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{ Name: "talos-api-access", Namespace: install.Namespace, }, Spec: talos.ServiceAccountSpec{ Roles: []string{ "os:admin", }, }, }, } } )
View Source
var ( TunnelObjects = func(install *v1.Install) []client.Object { return []client.Object{ &corev1.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{ Name: "tunnel", Namespace: install.Namespace, }, }, &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Name: "home-cloud-tunnel", }, Rules: []rbacv1.PolicyRule{ { Verbs: []string{ "*", }, APIGroups: []string{"home-cloud.io"}, Resources: []string{"wireguards"}, }, { Verbs: []string{ "*", }, APIGroups: []string{"home-cloud.io"}, Resources: []string{"wireguards/status"}, }, { Verbs: []string{ "get", "list", "watch", }, APIGroups: []string{""}, Resources: []string{"secrets"}, }, }, }, &rbacv1.ClusterRoleBinding{ ObjectMeta: metav1.ObjectMeta{ Name: "home-cloud-tunnel", }, Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", Name: "tunnel", Namespace: install.Namespace, }, }, RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "ClusterRole", Name: "home-cloud-tunnel", }, }, &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: "tunnel", Namespace: install.Namespace, }, Data: map[string]string{ "config.yaml": ` service: name: tunnel domain: home-cloud env: prod network: bind_port: 8091 `}, }, &appsv1.StatefulSet{ ObjectMeta: metav1.ObjectMeta{ Name: "tunnel", Namespace: install.Namespace, }, Spec: appsv1.StatefulSetSpec{ Replicas: ptr.To[int32](1), Selector: &metav1.LabelSelector{ MatchLabels: map[string]string{ "app": "tunnel", }, }, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ "app": "tunnel", }, }, Spec: corev1.PodSpec{ ServiceAccountName: "tunnel", HostNetwork: true, Containers: []corev1.Container{ { Name: "tunnel", Image: fmt.Sprintf("%s:%s", install.Spec.Tunnel.Image, install.Spec.Tunnel.Tag), SecurityContext: &corev1.SecurityContext{ Privileged: ptr.To(true), Capabilities: &corev1.Capabilities{ Add: []corev1.Capability{ "NET_ADMIN", }, }, }, VolumeMounts: []corev1.VolumeMount{ { Name: "config", MountPath: "/etc/config.yaml", SubPath: "config.yaml", }, }, }, }, Volumes: []corev1.Volume{ { Name: "config", VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{Name: "tunnel"}, }, }, }, }, }, }, }, }, } } )
Functions ¶
This section is empty.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.