djpbessems/Go.Rig-Operator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Drop initial code

Browse Source
This commit is contained in:
Danny Bessems
2026-01-15 09:58:01 +00:00
parent 227d957219
commit 1e7c9ba5cb
228 changed files with 19883 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

136
deploy/rig-operator/config/crd/bases/rig.appstack.io_clusterblueprints.yaml Normal file
View File

@@ -0,0 +1,136 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
name: clusterblueprints.rig.appstack.io
spec:
group: rig.appstack.io
names:
kind: ClusterBlueprint
listKind: ClusterBlueprintList
plural: clusterblueprints
shortNames:
- cbp
singular: clusterblueprint
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.phase
name: Phase
type: string
- jsonPath: .spec.kubernetesVersion
name: K8s Version
type: string
- jsonPath: .spec.infraBlueprintRef
name: Infra
type: string
name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ClusterBlueprintSpec defines the desired state of ClusterBlueprint
properties:
controlPlaneHA:
description: ControlPlaneHA determines if we provision 3 CP nodes
(true) or 1 (false).
type: boolean
infraBlueprintRef:
description: |-
InfraBlueprintRef points to the InfraBlueprint (IBP) that manages
the quotas and provider details for this cluster.
type: string
kubernetesVersion:
description: KubernetesVersion is the target RKE2/K3s version (e.g.,
v1.28.0+rke2r1).
type: string
workerPools:
description: WorkerPools is the list of worker node groups to provision.
items:
description: |-
GenericPoolReq defines a request for a set of nodes with specific sizing.
This is provider-agnostic.
properties:
cpuCores:
description: CpuCores is the number of vCPUs per node.
minimum: 1
type: integer
diskGb:
description: DiskGB is the root disk size per node in Gigabytes.
minimum: 10
type: integer
memoryGb:
description: MemoryGB is the amount of RAM per node in Gigabytes.
minimum: 1
type: integer
name:
description: Name is the identifier for this node pool (e.g.
"workers-gpu").
type: string
quantity:
description: Quantity is the number of nodes desired.
minimum: 0
type: integer
required:
- cpuCores
- diskGb
- memoryGb
- name
- quantity
type: object
type: array
required:
- infraBlueprintRef
- kubernetesVersion
type: object
status:
description: ClusterBlueprintStatus defines the observed state of ClusterBlueprint
properties:
identity:
description: Identity tracks the cloud credentials generated for this
cluster.
properties:
secretRef:
description: SecretRef is the name of the generated secret used
by this cluster.
type: string
serviceAccount:
description: ServiceAccount is the name of the SA created on the
provider (if applicable).
type: string
type: object
phase:
description: Phase can be "Pending", "Provisioning", "Deployed", or
"Failed"
type: string
ready:
description: Ready indicates if the Helm Chart has been successfully
applied.
type: boolean
required:
- ready
type: object
type: object
served: true
storage: true
subresources:
status: {}

82
deploy/rig-operator/config/crd/bases/rig.appstack.io_harvesterblueprints.yaml Normal file
View File

@@ -0,0 +1,82 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
name: harvesterblueprints.rig.appstack.io
spec:
group: rig.appstack.io
names:
kind: HarvesterBlueprint
listKind: HarvesterBlueprintList
plural: harvesterblueprints
shortNames:
- hbp
singular: harvesterblueprint
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: HarvesterBlueprintSpec defines the desired state of HarvesterBlueprint
properties:
harvesterUrl:
description: |-
HarvesterURL is the endpoint of the Harvester cluster (e.g. https://10.x.x.x:6443).
This replaces the need for auto-discovery.
type: string
imageName:
description: ImageName is the specific image name in Harvester to
clone (e.g. image-abcde).
type: string
networkName:
description: NetworkName is the VM Network to attach to the nodes.
type: string
sshUser:
description: SshUser is the username to configure on the VM (e.g.
ubuntu, rancher).
type: string
vmNamespace:
description: VmNamespace is the namespace in Harvester where VMs will
be created.
type: string
required:
- harvesterUrl
- imageName
- networkName
- sshUser
- vmNamespace
type: object
status:
description: HarvesterBlueprintStatus defines the observed state of HarvesterBlueprint
properties:
ready:
description: Ready indicates the configuration is valid (optional
future use)
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}

146
deploy/rig-operator/config/crd/bases/rig.appstack.io_infrablueprints.yaml Normal file
View File

@@ -0,0 +1,146 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
name: infrablueprints.rig.appstack.io
spec:
group: rig.appstack.io
names:
kind: InfraBlueprint
listKind: InfraBlueprintList
plural: infrablueprints
shortNames:
- ibp
singular: infrablueprint
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.ready
name: Ready
type: boolean
- jsonPath: .spec.quota.maxCpu
name: MaxCPU
type: integer
- jsonPath: .status.usage.usedCpu
name: UsedCPU
type: integer
- jsonPath: .spec.quota.maxMemoryGb
name: MaxMem(GB)
type: integer
- jsonPath: .status.usage.usedMemoryGb
name: UsedMem(GB)
type: integer
- jsonPath: .spec.quota.maxDiskGb
name: MaxDisk(GB)
type: integer
- jsonPath: .status.usage.usedDiskGb
name: UsedDisk(GB)
type: integer
name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: InfraBlueprintSpec defines the desired state of InfraBlueprint
properties:
cloudCredentialSecret:
description: |-
CloudCredentialSecret is the name of the Secret containing the
master cloud credentials (e.g., kubeconfig or username/password).
type: string
providerRef:
description: ProviderRef points to the technical configuration (HarvesterBlueprint/VsphereBlueprint).
properties:
apiGroup:
description: APIGroup defaults to rig.appstack.io if not specified
type: string
kind:
description: Kind is the type of resource being referenced (e.g.,
HarvesterBlueprint)
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- kind
- name
type: object
quota:
description: Quota defines the maximum resources allocatable by this
Infra.
properties:
maxCpu:
description: MaxCPU is the total number of cores allowed across
all clusters
type: integer
maxDiskGb:
description: MaxDiskGB is the total Storage (in GB) allowed across
all clusters
type: integer
maxMemoryGb:
description: MaxMemoryGB is the total RAM (in GB) allowed across
all clusters
type: integer
type: object
rancherUrl:
description: |-
RancherURL is the public URL of the Rancher Manager (e.g. https://rancher.example.com)
This is injected into the Helm Chart to register the cluster.
type: string
userData:
description: UserData is the default cloud-init user data for all
clusters in this Infra.
type: string
required:
- cloudCredentialSecret
- providerRef
- rancherUrl
type: object
status:
description: InfraBlueprintStatus defines the observed state of InfraBlueprint
properties:
ready:
description: Ready indicates the provider connection is verified
type: boolean
usage:
description: Usage tracks the current resource consumption
properties:
usedCpu:
description: UsedCPU is the sum of cores currently provisioned
type: integer
usedDiskGb:
description: UsedDiskGB tracks storage consumption
type: integer
usedMemoryGb:
description: UsedMemoryGB is the sum of RAM currently provisioned
type: integer
required:
- usedCpu
- usedDiskGb
- usedMemoryGb
type: object
type: object
type: object
served: true
storage: true
subresources:
status: {}

86
deploy/rig-operator/config/crd/bases/rig.appstack.io_vsphereblueprints.yaml Normal file
View File

@@ -0,0 +1,86 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
name: vsphereblueprints.rig.appstack.io
spec:
group: rig.appstack.io
names:
kind: VsphereBlueprint
listKind: VsphereBlueprintList
plural: vsphereblueprints
shortNames:
- vbp
singular: vsphereblueprint
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: VsphereBlueprint is the Schema for the vsphereblueprints API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: VsphereBlueprintSpec defines the desired state of VsphereBlueprint
properties:
datacenter:
description: Datacenter name (e.g. NL001)
type: string
datastore:
description: DatastoreCluster or Datastore name (e.g. "NL001 Development
- Rancher SDRS")
type: string
folder:
description: Folder path where VMs will be organized (e.g. "ICT Digitalisation
- Rancher")
type: string
network:
description: Network name to attach to (e.g. "nl001.vDS.Distri.Vlan.1542")
type: string
resourcePool:
description: ResourcePool path (e.g. "NL001 Development - Rancher/Resources")
type: string
template:
description: Template is the VM template name to clone from
type: string
vCenter:
description: vCenter address (e.g. vcenter.example.com)
type: string
required:
- datacenter
- datastore
- folder
- network
- resourcePool
- template
- vCenter
type: object
status:
description: VsphereBlueprintStatus defines the observed state
properties:
ready:
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}

19
deploy/rig-operator/config/crd/kustomization.yaml Normal file
View File

@@ -0,0 +1,19 @@
# This kustomization.yaml is not intended to be run by itself,
# since it depends on service name and namespace that are out of this kustomize package.
# It should be run by config/default
resources:
- bases/rig.appstack.io_clusterblueprints.yaml
- bases/rig.appstack.io_infrablueprints.yaml
- bases/rig.appstack.io_harvesterblueprints.yaml
- bases/rig.appstack.io_vsphereblueprints.yaml
# +kubebuilder:scaffold:crdkustomizeresource
patches:
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
# patches here are for enabling the conversion webhook for each CRD
# +kubebuilder:scaffold:crdkustomizewebhookpatch
# [WEBHOOK] To enable webhook, uncomment the following section
# the following config is for teaching kustomize how to do kustomization for CRDs.
#configurations:
#- kustomizeconfig.yaml

19
deploy/rig-operator/config/crd/kustomizeconfig.yaml Normal file
View File

@@ -0,0 +1,19 @@
# This file is for teaching kustomize how to substitute name and namespace reference in CRD
nameReference:
- kind: Service
version: v1
fieldSpecs:
- kind: CustomResourceDefinition
version: v1
group: apiextensions.k8s.io
path: spec/conversion/webhook/clientConfig/service/name
namespace:
- kind: CustomResourceDefinition
version: v1
group: apiextensions.k8s.io
path: spec/conversion/webhook/clientConfig/service/namespace
create: false
varReference:
- path: metadata/annotations

30
deploy/rig-operator/config/default/cert_metrics_manager_patch.yaml Normal file
View File

@@ -0,0 +1,30 @@
# This patch adds the args, volumes, and ports to allow the manager to use the metrics-server certs.
# Add the volumeMount for the metrics-server certs
- op: add
path: /spec/template/spec/containers/0/volumeMounts/-
value:
mountPath: /tmp/k8s-metrics-server/metrics-certs
name: metrics-certs
readOnly: true
# Add the --metrics-cert-path argument for the metrics server
- op: add
path: /spec/template/spec/containers/0/args/-
value: --metrics-cert-path=/tmp/k8s-metrics-server/metrics-certs
# Add the metrics-server certs volume configuration
- op: add
path: /spec/template/spec/volumes/-
value:
name: metrics-certs
secret:
secretName: metrics-server-cert
optional: false
items:
- key: ca.crt
path: ca.crt
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key

234
deploy/rig-operator/config/default/kustomization.yaml Normal file
View File

@@ -0,0 +1,234 @@
# Adds namespace to all resources.
namespace: deploy-system
# Value of this field is prepended to the
# names of all resources, e.g. a deployment named
# "wordpress" becomes "alices-wordpress".
# Note that it should also match with the prefix (text before '-') of the namespace
# field above.
namePrefix: deploy-
# Labels to add to all resources and selectors.
#labels:
#- includeSelectors: true
# pairs:
# someName: someValue
resources:
- ../crd
- ../rbac
- ../manager
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
# crd/kustomization.yaml
#- ../webhook
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
#- ../certmanager
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
#- ../prometheus
# [METRICS] Expose the controller manager metrics service.
- metrics_service.yaml
# [NETWORK POLICY] Protect the /metrics endpoint and Webhook Server with NetworkPolicy.
# Only Pod(s) running a namespace labeled with 'metrics: enabled' will be able to gather the metrics.
# Only CR(s) which requires webhooks and are applied on namespaces labeled with 'webhooks: enabled' will
# be able to communicate with the Webhook Server.
#- ../network-policy
# Uncomment the patches line if you enable Metrics
patches:
# [METRICS] The following patch will enable the metrics endpoint using HTTPS and the port :8443.
# More info: https://book.kubebuilder.io/reference/metrics
- path: manager_metrics_patch.yaml
target:
kind: Deployment
# Uncomment the patches line if you enable Metrics and CertManager
# [METRICS-WITH-CERTS] To enable metrics protected with certManager, uncomment the following line.
# This patch will protect the metrics with certManager self-signed certs.
#- path: cert_metrics_manager_patch.yaml
# target:
# kind: Deployment
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
# crd/kustomization.yaml
#- path: manager_webhook_patch.yaml
# target:
# kind: Deployment
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
# Uncomment the following replacements to add the cert-manager CA injection annotations
#replacements:
# - source: # Uncomment the following block to enable certificates for metrics
# kind: Service
# version: v1
# name: controller-manager-metrics-service
# fieldPath: metadata.name
# targets:
# - select:
# kind: Certificate
# group: cert-manager.io
# version: v1
# name: metrics-certs
# fieldPaths:
# - spec.dnsNames.0
# - spec.dnsNames.1
# options:
# delimiter: '.'
# index: 0
# create: true
# - select: # Uncomment the following to set the Service name for TLS config in Prometheus ServiceMonitor
# kind: ServiceMonitor
# group: monitoring.coreos.com
# version: v1
# name: controller-manager-metrics-monitor
# fieldPaths:
# - spec.endpoints.0.tlsConfig.serverName
# options:
# delimiter: '.'
# index: 0
# create: true
# - source:
# kind: Service
# version: v1
# name: controller-manager-metrics-service
# fieldPath: metadata.namespace
# targets:
# - select:
# kind: Certificate
# group: cert-manager.io
# version: v1
# name: metrics-certs
# fieldPaths:
# - spec.dnsNames.0
# - spec.dnsNames.1
# options:
# delimiter: '.'
# index: 1
# create: true
# - select: # Uncomment the following to set the Service namespace for TLS in Prometheus ServiceMonitor
# kind: ServiceMonitor
# group: monitoring.coreos.com
# version: v1
# name: controller-manager-metrics-monitor
# fieldPaths:
# - spec.endpoints.0.tlsConfig.serverName
# options:
# delimiter: '.'
# index: 1
# create: true
# - source: # Uncomment the following block if you have any webhook
# kind: Service
# version: v1
# name: webhook-service
# fieldPath: .metadata.name # Name of the service
# targets:
# - select:
# kind: Certificate
# group: cert-manager.io
# version: v1
# name: serving-cert
# fieldPaths:
# - .spec.dnsNames.0
# - .spec.dnsNames.1
# options:
# delimiter: '.'
# index: 0
# create: true
# - source:
# kind: Service
# version: v1
# name: webhook-service
# fieldPath: .metadata.namespace # Namespace of the service
# targets:
# - select:
# kind: Certificate
# group: cert-manager.io
# version: v1
# name: serving-cert
# fieldPaths:
# - .spec.dnsNames.0
# - .spec.dnsNames.1
# options:
# delimiter: '.'
# index: 1
# create: true
# - source: # Uncomment the following block if you have a ValidatingWebhook (--programmatic-validation)
# kind: Certificate
# group: cert-manager.io
# version: v1
# name: serving-cert # This name should match the one in certificate.yaml
# fieldPath: .metadata.namespace # Namespace of the certificate CR
# targets:
# - select:
# kind: ValidatingWebhookConfiguration
# fieldPaths:
# - .metadata.annotations.[cert-manager.io/inject-ca-from]
# options:
# delimiter: '/'
# index: 0
# create: true
# - source:
# kind: Certificate
# group: cert-manager.io
# version: v1
# name: serving-cert
# fieldPath: .metadata.name
# targets:
# - select:
# kind: ValidatingWebhookConfiguration
# fieldPaths:
# - .metadata.annotations.[cert-manager.io/inject-ca-from]
# options:
# delimiter: '/'
# index: 1
# create: true
# - source: # Uncomment the following block if you have a DefaultingWebhook (--defaulting )
# kind: Certificate
# group: cert-manager.io
# version: v1
# name: serving-cert
# fieldPath: .metadata.namespace # Namespace of the certificate CR
# targets:
# - select:
# kind: MutatingWebhookConfiguration
# fieldPaths:
# - .metadata.annotations.[cert-manager.io/inject-ca-from]
# options:
# delimiter: '/'
# index: 0
# create: true
# - source:
# kind: Certificate
# group: cert-manager.io
# version: v1
# name: serving-cert
# fieldPath: .metadata.name
# targets:
# - select:
# kind: MutatingWebhookConfiguration
# fieldPaths:
# - .metadata.annotations.[cert-manager.io/inject-ca-from]
# options:
# delimiter: '/'
# index: 1
# create: true
# - source: # Uncomment the following block if you have a ConversionWebhook (--conversion)
# kind: Certificate
# group: cert-manager.io
# version: v1
# name: serving-cert
# fieldPath: .metadata.namespace # Namespace of the certificate CR
# targets: # Do not remove or uncomment the following scaffold marker; required to generate code for target CRD.
# +kubebuilder:scaffold:crdkustomizecainjectionns
# - source:
# kind: Certificate
# group: cert-manager.io
# version: v1
# name: serving-cert
# fieldPath: .metadata.name
# targets: # Do not remove or uncomment the following scaffold marker; required to generate code for target CRD.
# +kubebuilder:scaffold:crdkustomizecainjectionname

4
deploy/rig-operator/config/default/manager_metrics_patch.yaml Normal file
View File

@@ -0,0 +1,4 @@
# This patch adds the args to allow exposing the metrics endpoint using HTTPS
- op: add
path: /spec/template/spec/containers/0/args/0
value: --metrics-bind-address=:8443

18
deploy/rig-operator/config/default/metrics_service.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
labels:
control-plane: controller-manager
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: controller-manager-metrics-service
namespace: system
spec:
ports:
- name: https
port: 8443
protocol: TCP
targetPort: 8443
selector:
control-plane: controller-manager
app.kubernetes.io/name: deploy

2
deploy/rig-operator/config/manager/kustomization.yaml Normal file
View File

@@ -0,0 +1,2 @@
resources:
- manager.yaml

99
deploy/rig-operator/config/manager/manager.yaml Normal file
View File

@@ -0,0 +1,99 @@
apiVersion: v1
kind: Namespace
metadata:
labels:
control-plane: controller-manager
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
labels:
control-plane: controller-manager
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
spec:
selector:
matchLabels:
control-plane: controller-manager
app.kubernetes.io/name: deploy
replicas: 1
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
control-plane: controller-manager
app.kubernetes.io/name: deploy
spec:
# TODO(user): Uncomment the following code to configure the nodeAffinity expression
# according to the platforms which are supported by your solution.
# It is considered best practice to support multiple architectures. You can
# build your manager image using the makefile target docker-buildx.
# affinity:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/arch
# operator: In
# values:
# - amd64
# - arm64
# - ppc64le
# - s390x
# - key: kubernetes.io/os
# operator: In
# values:
# - linux
securityContext:
# Projects are configured by default to adhere to the "restricted" Pod Security Standards.
# This ensures that deployments meet the highest security requirements for Kubernetes.
# For more details, see: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- command:
- /manager
args:
- --leader-elect
- --health-probe-bind-address=:8081
image: controller:latest
name: manager
ports: []
securityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
# TODO(user): Configure the resources accordingly based on the project requirements.
# More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
volumeMounts: []
volumes: []
serviceAccountName: controller-manager
terminationGracePeriodSeconds: 10

27
deploy/rig-operator/config/network-policy/allow-metrics-traffic.yaml Normal file
View File

@@ -0,0 +1,27 @@
# This NetworkPolicy allows ingress traffic
# with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those
# namespaces are able to gather data from the metrics endpoint.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: allow-metrics-traffic
namespace: system
spec:
podSelector:
matchLabels:
control-plane: controller-manager
app.kubernetes.io/name: deploy
policyTypes:
- Ingress
ingress:
# This allows ingress traffic from any namespace with the label metrics: enabled
- from:
- namespaceSelector:
matchLabels:
metrics: enabled # Only from namespaces with this label
ports:
- port: 8443
protocol: TCP

2
deploy/rig-operator/config/network-policy/kustomization.yaml Normal file
View File

@@ -0,0 +1,2 @@
resources:
- allow-metrics-traffic.yaml

11
deploy/rig-operator/config/prometheus/kustomization.yaml Normal file
View File

@@ -0,0 +1,11 @@
resources:
- monitor.yaml
# [PROMETHEUS-WITH-CERTS] The following patch configures the ServiceMonitor in ../prometheus
# to securely reference certificates created and managed by cert-manager.
# Additionally, ensure that you uncomment the [METRICS WITH CERTMANAGER] patch under config/default/kustomization.yaml
# to mount the "metrics-server-cert" secret in the Manager Deployment.
#patches:
# - path: monitor_tls_patch.yaml
# target:
# kind: ServiceMonitor

27
deploy/rig-operator/config/prometheus/monitor.yaml Normal file
View File

@@ -0,0 +1,27 @@
# Prometheus Monitor Service (Metrics)
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
control-plane: controller-manager
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: controller-manager-metrics-monitor
namespace: system
spec:
endpoints:
- path: /metrics
port: https # Ensure this is the name of the port that exposes HTTPS metrics
scheme: https
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
tlsConfig:
# TODO(user): The option insecureSkipVerify: true is not recommended for production since it disables
# certificate verification, exposing the system to potential man-in-the-middle attacks.
# For production environments, it is recommended to use cert-manager for automatic TLS certificate management.
# To apply this configuration, enable cert-manager and use the patch located at config/prometheus/servicemonitor_tls_patch.yaml,
# which securely references the certificate from the 'metrics-server-cert' secret.
insecureSkipVerify: true
selector:
matchLabels:
control-plane: controller-manager
app.kubernetes.io/name: deploy

19
deploy/rig-operator/config/prometheus/monitor_tls_patch.yaml Normal file
View File

@@ -0,0 +1,19 @@
# Patch for Prometheus ServiceMonitor to enable secure TLS configuration
# using certificates managed by cert-manager
- op: replace
path: /spec/endpoints/0/tlsConfig
value:
# SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize
serverName: SERVICE_NAME.SERVICE_NAMESPACE.svc
insecureSkipVerify: false
ca:
secret:
name: metrics-server-cert
key: ca.crt
cert:
secret:
name: metrics-server-cert
key: tls.crt
keySecret:
name: metrics-server-cert
key: tls.key

27
deploy/rig-operator/config/rbac/clusterblueprint_admin_role.yaml Normal file
View File

@@ -0,0 +1,27 @@
# This rule is not used by the project deploy itself.
# It is provided to allow the cluster admin to help manage permissions for users.
#
# Grants full permissions ('*') over rig.appstack.io.
# This role is intended for users authorized to modify roles and bindings within the cluster,
# enabling them to delegate specific permissions to other users or groups as needed.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: clusterblueprint-admin-role
rules:
- apiGroups:
- rig.appstack.io
resources:
- clusterblueprints
verbs:
- '*'
- apiGroups:
- rig.appstack.io
resources:
- clusterblueprints/status
verbs:
- get

33
deploy/rig-operator/config/rbac/clusterblueprint_editor_role.yaml Normal file
View File

@@ -0,0 +1,33 @@
# This rule is not used by the project deploy itself.
# It is provided to allow the cluster admin to help manage permissions for users.
#
# Grants permissions to create, update, and delete resources within the rig.appstack.io.
# This role is intended for users who need to manage these resources
# but should not control RBAC or manage permissions for others.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: clusterblueprint-editor-role
rules:
- apiGroups:
- rig.appstack.io
resources:
- clusterblueprints
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rig.appstack.io
resources:
- clusterblueprints/status
verbs:
- get

29
deploy/rig-operator/config/rbac/clusterblueprint_viewer_role.yaml Normal file
View File

@@ -0,0 +1,29 @@
# This rule is not used by the project deploy itself.
# It is provided to allow the cluster admin to help manage permissions for users.
#
# Grants read-only access to rig.appstack.io resources.
# This role is intended for users who need visibility into these resources
# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: clusterblueprint-viewer-role
rules:
- apiGroups:
- rig.appstack.io
resources:
- clusterblueprints
verbs:
- get
- list
- watch
- apiGroups:
- rig.appstack.io
resources:
- clusterblueprints/status
verbs:
- get

27
deploy/rig-operator/config/rbac/harvesterblueprint_admin_role.yaml Normal file
View File

@@ -0,0 +1,27 @@
# This rule is not used by the project deploy itself.
# It is provided to allow the cluster admin to help manage permissions for users.
#
# Grants full permissions ('*') over rig.appstack.io.
# This role is intended for users authorized to modify roles and bindings within the cluster,
# enabling them to delegate specific permissions to other users or groups as needed.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: harvesterblueprint-admin-role
rules:
- apiGroups:
- rig.appstack.io
resources:
- harvesterblueprints
verbs:
- '*'
- apiGroups:
- rig.appstack.io
resources:
- harvesterblueprints/status
verbs:
- get

33
deploy/rig-operator/config/rbac/harvesterblueprint_editor_role.yaml Normal file
View File

@@ -0,0 +1,33 @@
# This rule is not used by the project deploy itself.
# It is provided to allow the cluster admin to help manage permissions for users.
#
# Grants permissions to create, update, and delete resources within the rig.appstack.io.
# This role is intended for users who need to manage these resources
# but should not control RBAC or manage permissions for others.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: harvesterblueprint-editor-role
rules:
- apiGroups:
- rig.appstack.io
resources:
- harvesterblueprints
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rig.appstack.io
resources:
- harvesterblueprints/status
verbs:
- get

29
deploy/rig-operator/config/rbac/harvesterblueprint_viewer_role.yaml Normal file
View File

@@ -0,0 +1,29 @@
# This rule is not used by the project deploy itself.
# It is provided to allow the cluster admin to help manage permissions for users.
#
# Grants read-only access to rig.appstack.io resources.
# This role is intended for users who need visibility into these resources
# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: harvesterblueprint-viewer-role
rules:
- apiGroups:
- rig.appstack.io
resources:
- harvesterblueprints
verbs:
- get
- list
- watch
- apiGroups:
- rig.appstack.io
resources:
- harvesterblueprints/status
verbs:
- get

27
deploy/rig-operator/config/rbac/infrablueprint_admin_role.yaml Normal file
View File

@@ -0,0 +1,27 @@
# This rule is not used by the project deploy itself.
# It is provided to allow the cluster admin to help manage permissions for users.
#
# Grants full permissions ('*') over rig.appstack.io.
# This role is intended for users authorized to modify roles and bindings within the cluster,
# enabling them to delegate specific permissions to other users or groups as needed.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: infrablueprint-admin-role
rules:
- apiGroups:
- rig.appstack.io
resources:
- infrablueprints
verbs:
- '*'
- apiGroups:
- rig.appstack.io
resources:
- infrablueprints/status
verbs:
- get

33
deploy/rig-operator/config/rbac/infrablueprint_editor_role.yaml Normal file
View File

@@ -0,0 +1,33 @@
# This rule is not used by the project deploy itself.
# It is provided to allow the cluster admin to help manage permissions for users.
#
# Grants permissions to create, update, and delete resources within the rig.appstack.io.
# This role is intended for users who need to manage these resources
# but should not control RBAC or manage permissions for others.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: infrablueprint-editor-role
rules:
- apiGroups:
- rig.appstack.io
resources:
- infrablueprints
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rig.appstack.io
resources:
- infrablueprints/status
verbs:
- get

29
deploy/rig-operator/config/rbac/infrablueprint_viewer_role.yaml Normal file
View File

@@ -0,0 +1,29 @@
# This rule is not used by the project deploy itself.
# It is provided to allow the cluster admin to help manage permissions for users.
#
# Grants read-only access to rig.appstack.io resources.
# This role is intended for users who need visibility into these resources
# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: infrablueprint-viewer-role
rules:
- apiGroups:
- rig.appstack.io
resources:
- infrablueprints
verbs:
- get
- list
- watch
- apiGroups:
- rig.appstack.io
resources:
- infrablueprints/status
verbs:
- get

37
deploy/rig-operator/config/rbac/kustomization.yaml Normal file
View File

@@ -0,0 +1,37 @@
resources:
# All RBAC will be applied under this service account in
# the deployment namespace. You may comment out this resource
# if your manager will use a service account that exists at
# runtime. Be sure to update RoleBinding and ClusterRoleBinding
# subjects if changing service account names.
- service_account.yaml
- role.yaml
- role_binding.yaml
- leader_election_role.yaml
- leader_election_role_binding.yaml
# The following RBAC configurations are used to protect
# the metrics endpoint with authn/authz. These configurations
# ensure that only authorized users and service accounts
# can access the metrics endpoint. Comment the following
# permissions if you want to disable this protection.
# More info: https://book.kubebuilder.io/reference/metrics.html
- metrics_auth_role.yaml
- metrics_auth_role_binding.yaml
- metrics_reader_role.yaml
# For each CRD, "Admin", "Editor" and "Viewer" roles are scaffolded by
# default, aiding admins in cluster management. Those roles are
# not used by the deploy itself. You can comment the following lines
# if you do not want those helpers be installed with your Project.
- vsphereblueprint_admin_role.yaml
- vsphereblueprint_editor_role.yaml
- vsphereblueprint_viewer_role.yaml
- harvesterblueprint_admin_role.yaml
- harvesterblueprint_editor_role.yaml
- harvesterblueprint_viewer_role.yaml
- infrablueprint_admin_role.yaml
- infrablueprint_editor_role.yaml
- infrablueprint_viewer_role.yaml
- clusterblueprint_admin_role.yaml
- clusterblueprint_editor_role.yaml
- clusterblueprint_viewer_role.yaml

40
deploy/rig-operator/config/rbac/leader_election_role.yaml Normal file
View File

@@ -0,0 +1,40 @@
# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: leader-election-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

15
deploy/rig-operator/config/rbac/leader_election_role_binding.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: leader-election-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: leader-election-role
subjects:
- kind: ServiceAccount
name: controller-manager
namespace: system

17
deploy/rig-operator/config/rbac/metrics_auth_role.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: metrics-auth-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

12
deploy/rig-operator/config/rbac/metrics_auth_role_binding.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: metrics-auth-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: metrics-auth-role
subjects:
- kind: ServiceAccount
name: controller-manager
namespace: system

9
deploy/rig-operator/config/rbac/metrics_reader_role.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: metrics-reader
rules:
- nonResourceURLs:
- "/metrics"
verbs:
- get

54
deploy/rig-operator/config/rbac/role.yaml Normal file
View File

@@ -0,0 +1,54 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: manager-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rig.appstack.io
resources:
- clusterblueprints
- infrablueprints
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rig.appstack.io
resources:
- clusterblueprints/finalizers
verbs:
- update
- apiGroups:
- rig.appstack.io
resources:
- clusterblueprints/status
- infrablueprints/status
verbs:
- get
- patch
- update
- apiGroups:
- rig.appstack.io
resources:
- harvesterblueprints
verbs:
- get
- list
- watch

15
deploy/rig-operator/config/rbac/role_binding.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: manager-role
subjects:
- kind: ServiceAccount
name: controller-manager
namespace: system

8
deploy/rig-operator/config/rbac/service_account.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: controller-manager
namespace: system

27
deploy/rig-operator/config/rbac/vsphereblueprint_admin_role.yaml Normal file
View File

@@ -0,0 +1,27 @@
# This rule is not used by the project deploy itself.
# It is provided to allow the cluster admin to help manage permissions for users.
#
# Grants full permissions ('*') over rig.appstack.io.
# This role is intended for users authorized to modify roles and bindings within the cluster,
# enabling them to delegate specific permissions to other users or groups as needed.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: vsphereblueprint-admin-role
rules:
- apiGroups:
- rig.appstack.io
resources:
- vsphereblueprints
verbs:
- '*'
- apiGroups:
- rig.appstack.io
resources:
- vsphereblueprints/status
verbs:
- get

33
deploy/rig-operator/config/rbac/vsphereblueprint_editor_role.yaml Normal file
View File

@@ -0,0 +1,33 @@
# This rule is not used by the project deploy itself.
# It is provided to allow the cluster admin to help manage permissions for users.
#
# Grants permissions to create, update, and delete resources within the rig.appstack.io.
# This role is intended for users who need to manage these resources
# but should not control RBAC or manage permissions for others.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: vsphereblueprint-editor-role
rules:
- apiGroups:
- rig.appstack.io
resources:
- vsphereblueprints
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rig.appstack.io
resources:
- vsphereblueprints/status
verbs:
- get

29
deploy/rig-operator/config/rbac/vsphereblueprint_viewer_role.yaml Normal file
View File

@@ -0,0 +1,29 @@
# This rule is not used by the project deploy itself.
# It is provided to allow the cluster admin to help manage permissions for users.
#
# Grants read-only access to rig.appstack.io resources.
# This role is intended for users who need visibility into these resources
# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: vsphereblueprint-viewer-role
rules:
- apiGroups:
- rig.appstack.io
resources:
- vsphereblueprints
verbs:
- get
- list
- watch
- apiGroups:
- rig.appstack.io
resources:
- vsphereblueprints/status
verbs:
- get

7
deploy/rig-operator/config/samples/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
## Append samples of your project ##
resources:
- rig_v1alpha1_clusterblueprint.yaml
- rig_v1alpha1_infrablueprint.yaml
- rig_v1alpha1_harvesterblueprint.yaml
- rig_v1alpha1_vsphereblueprint.yaml
# +kubebuilder:scaffold:manifestskustomizesamples

22
deploy/rig-operator/config/samples/rig_v1alpha1_clusterblueprint.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: rig.appstack.io/v1alpha1
kind: ClusterBlueprint
metadata:
name: test-cluster-01
namespace: fleet-default
spec:
# Points to the InfraBlueprint (which links to Harvester + Quotas)
infraBlueprintRef: "dev-environment-v1"
# 1. Lifecycle
kubernetesVersion: "v1.33.5+rke2r1"
# 2. Topology: Control Plane (1 Node)
controlPlaneHA: false
# 3. Topology: Workers
workerPools:
- name: "app-workers"
quantity: 1
cpuCores: 4
memoryGb: 16
diskGb: 60

14
deploy/rig-operator/config/samples/rig_v1alpha1_harvesterblueprint.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: rig.appstack.io/v1alpha1
kind: HarvesterBlueprint
metadata:
name: dev-harvester-config
namespace: fleet-default
spec:
# [MOVED] Technical connection details live here now
harvesterUrl: "https://172.27.27.190:6443"
# [MOVED] VM Template details
vmNamespace: "vanderlande"
imageName: "vanderlande/image-qhtpc"
networkName: "vanderlande/vm-lan"
sshUser: "rancher"

17
deploy/rig-operator/config/samples/rig_v1alpha1_infrablueprint_harvester.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: rig.appstack.io/v1alpha1
kind: InfraBlueprint
metadata:
name: dev-environment-v1
namespace: fleet-default
spec:
cloudCredentialSecret: "cc-mrklm"
# [NEW] Added Rancher URL
rancherUrl: "https://rancher-mgmt.product.lan"
providerRef:
kind: HarvesterBlueprint
name: dev-harvester-config
quota:
maxCpu: 100
maxMemoryGb: 256
maxDiskGb: 3000

9
deploy/rig-operator/config/samples/rig_v1alpha1_vsphereblueprint.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: rig.appstack.io/v1alpha1
kind: VsphereBlueprint
metadata:
labels:
app.kubernetes.io/name: deploy
app.kubernetes.io/managed-by: kustomize
name: vsphereblueprint-sample
spec:
# TODO(user): Add fields here

70
deploy/rig-operator/config/samples/vsphere_stack.yaml Normal file
View File

@@ -0,0 +1,70 @@
# ---------------------------------------------------------
# 1. Technical Configuration (The Location)
# ---------------------------------------------------------
apiVersion: rig.appstack.io/v1alpha1
kind: VsphereBlueprint
metadata:
name: dev-vsphere-config
namespace: fleet-default
spec:
vCenter: "vcenter.vanderlande.com"
datacenter: "NL001"
folder: "ICT Digitalisation - Rancher"
resourcePool: "NL001 Development - Rancher/Resources"
datastore: "NL001 Development - Rancher SDRS"
network: "nl001.vDS.Distri.Vlan.1542"
template: "nl001-cp-ubuntu-22.04-amd64-20250327-5.15.0-135-rke2-k3s"
---
# ---------------------------------------------------------
# 2. Infra Manager (The Accountant & Identity)
# ---------------------------------------------------------
apiVersion: rig.appstack.io/v1alpha1
kind: InfraBlueprint
metadata:
name: dev-vsphere-infra
namespace: fleet-default
spec:
# Credentials (Must exist in Rancher/Kubernetes)
cloudCredentialSecret: "cc-lhtl9"
rancherUrl: "https://rancher.tst.vanderlande.com"
# Point to the vSphere Configuration above
providerRef:
kind: VsphereBlueprint
name: dev-vsphere-config
# Budget Limits for this Environment
quota:
maxCpu: 50 # Total vCPUs allowed
maxMemoryGb: 128 # Total RAM allowed
maxDiskGb: 5000 # Total Disk allowed
---
# ---------------------------------------------------------
# 3. Cluster Request (The User Goal)
# ---------------------------------------------------------
apiVersion: rig.appstack.io/v1alpha1
kind: ClusterBlueprint
metadata:
name: test-vsphere-cluster-01
namespace: fleet-default
spec:
# Link to the vSphere Infra defined above
infraBlueprintRef: "dev-vsphere-infra"
# Lifecycle
kubernetesVersion: "v1.31.12+rke2r1"
# Topology: Control Plane (1 Node)
# Uses default sizing from values.yaml (2 CPU / 8 GB)
controlPlaneHA: false
# Topology: Workers
# These sizes (GB) will be converted to MB automatically by your Strategy
workerPools:
- name: "app-workers"
quantity: 2
cpuCores: 4
memoryGb: 8 # Strategy converts to 8192 MB
diskGb: 100 # Strategy converts to 102400 MB