From 1cb73c8c915ef4cf349ba31a2da89505b1b22977 Mon Sep 17 00:00:00 2001
From: Andrei Kvapil <kvapss@gmail.com>
Date: Mon, 29 Jan 2024 15:03:18 +0100
Subject: [PATCH] add ccm

---
 .../kubernetes/templates/kccm/config.yaml     | 11 ++++
 .../kubernetes/templates/kccm/kccm_role.yaml  | 43 ++++++++++++++++
 .../templates/kccm/kccm_role_binding.yaml     | 30 +++++++++++
 .../kubernetes/templates/kccm/manager.yaml    | 50 +++++++++++++++++++
 .../templates/kccm/service_account.yaml       |  5 ++
 5 files changed, 139 insertions(+)
 create mode 100644 packages/apps/kubernetes/templates/kccm/config.yaml
 create mode 100644 packages/apps/kubernetes/templates/kccm/kccm_role.yaml
 create mode 100644 packages/apps/kubernetes/templates/kccm/kccm_role_binding.yaml
 create mode 100644 packages/apps/kubernetes/templates/kccm/manager.yaml
 create mode 100644 packages/apps/kubernetes/templates/kccm/service_account.yaml

diff --git a/packages/apps/kubernetes/templates/kccm/config.yaml b/packages/apps/kubernetes/templates/kccm/config.yaml
new file mode 100644
index 00000000..6c9aae83
--- /dev/null
+++ b/packages/apps/kubernetes/templates/kccm/config.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cluster1-cloud-config
+  namespace: tenant-foo
+data:
+  cloud-config: |
+    loadBalancer:
+      creationPollInterval: 5
+      creationPollTimeout: 60
+    namespace: tenant-foo
diff --git a/packages/apps/kubernetes/templates/kccm/kccm_role.yaml b/packages/apps/kubernetes/templates/kccm/kccm_role.yaml
new file mode 100644
index 00000000..1c394a3b
--- /dev/null
+++ b/packages/apps/kubernetes/templates/kccm/kccm_role.yaml
@@ -0,0 +1,43 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: tenant-foo
+  name: kccm
+rules:
+- apiGroups: 
+  - kubevirt.io
+  resources: 
+  - virtualmachines
+  verbs: 
+  - get
+  - watch
+  - list
+- apiGroups: 
+  - kubevirt.io
+  resources: 
+  - virtualmachineinstances
+  verbs: 
+  - get
+  - watch
+  - list
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
diff --git a/packages/apps/kubernetes/templates/kccm/kccm_role_binding.yaml b/packages/apps/kubernetes/templates/kccm/kccm_role_binding.yaml
new file mode 100644
index 00000000..2295989d
--- /dev/null
+++ b/packages/apps/kubernetes/templates/kccm/kccm_role_binding.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+items:
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: RoleBinding
+  metadata: 
+    name: kccm
+    namespace: kube-system
+  roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: extension-apiserver-authentication-reader
+  subjects:
+  - kind: ServiceAccount
+    name: cloud-controller-manager
+    namespace: tenant-foo
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: RoleBinding
+  metadata: 
+    name: kccm-sa
+    namespace: tenant-foo
+  roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: kccm
+  subjects:
+  - kind: ServiceAccount
+    name: cloud-controller-manager
+    namespace: test
+kind: List
+metadata: {}
diff --git a/packages/apps/kubernetes/templates/kccm/manager.yaml b/packages/apps/kubernetes/templates/kccm/manager.yaml
new file mode 100644
index 00000000..03008138
--- /dev/null
+++ b/packages/apps/kubernetes/templates/kccm/manager.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kubevirt-cloud-controller-manager
+  namespace: tenant-foo
+  labels:
+    k8s-app: kubevirt-cloud-controller-manager
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      k8s-app: kubevirt-cloud-controller-manager
+  template:
+    metadata:
+      labels:
+        k8s-app: kubevirt-cloud-controller-manager
+    spec:
+      #hostNetwork: true
+      containers:
+      - name: kubevirt-cloud-controller-manager
+        args:
+        - --cloud-provider=kubevirt
+        - --cloud-config=/etc/cloud/cloud-config
+        - --kubeconfig=/etc/kubernetes/kubeconfig/value
+        command:
+        - /bin/kubevirt-cloud-controller-manager
+        image: ghcr.io/kvaps/test:kubevirt-cloud-provider
+        imagePullPolicy: Always
+        #securityContext:
+        #  privileged: true
+        resources:
+          requests:
+            cpu: 100m
+        volumeMounts:
+        - mountPath: /etc/kubernetes/kubeconfig
+          name: kubeconfig
+          readOnly: true
+        - mountPath: /etc/cloud
+          name: cloud-config
+          readOnly: true
+      volumes:
+      - configMap:
+          name: cluster1-cloud-config
+        name: cloud-config
+      - secret:
+          secretName: cluster1-kubeconfig
+        name: kubeconfig
+      tolerations:
+      - operator: Exists
+      serviceAccountName: cloud-controller-manager
diff --git a/packages/apps/kubernetes/templates/kccm/service_account.yaml b/packages/apps/kubernetes/templates/kccm/service_account.yaml
new file mode 100644
index 00000000..27fd4745
--- /dev/null
+++ b/packages/apps/kubernetes/templates/kccm/service_account.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cloud-controller-manager
+  namespace: tenant-foo